Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
i686.elf

Overview

General Information

Sample name:i686.elf
Analysis ID:1496916
MD5:d9440f53222512a031ff253d32d468a4
SHA1:88eda708ec81caf8b92473d311e49c6ff2d08dd6
SHA256:c004dc91397db8a8a661c6656e64da02fd665816fc3e6b9efd4e4474be2edfd1
Tags:elf
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Mirai
Connects to many ports of the same IP (likely port scanning)
Contains symbols with names commonly found in malware
Machine Learning detection for sample
Reads system files that contain records of logged in users
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "rm" command used to delete files or directories
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1496916
Start date and time:2024-08-21 21:14:23 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:i686.elf
Detection:MAL
Classification:mal100.spre.troj.linELF@0/13@1/0

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • VT rate limit hit for: i686.elf

Process Tree

  • system is lnxubuntu20
  • i686.elf (PID: 6228, Parent: 6153, MD5: d9440f53222512a031ff253d32d468a4) Arguments: /tmp/i686.elf
    • i686.elf New Fork (PID: 6229, Parent: 6228)
    • i686.elf New Fork (PID: 6230, Parent: 6228)
  • udisksd New Fork (PID: 6237, Parent: 799)
  • dumpe2fs (PID: 6237, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • dash New Fork (PID: 6248, Parent: 4331)
  • rm (PID: 6248, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1
  • sh (PID: 6261, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 6261, Parent: 1477, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 6287, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 6287, Parent: 1477, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • systemd New Fork (PID: 6288, Parent: 1)
  • upowerd (PID: 6288, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • dash New Fork (PID: 6298, Parent: 4331)
  • rm (PID: 6298, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1
  • sh (PID: 6303, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 6303, Parent: 1477, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 6338, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • udisksd New Fork (PID: 6341, Parent: 799)
  • dumpe2fs (PID: 6341, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 6353, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 6353, Parent: 1477, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • Default (PID: 6354, Parent: 1809, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PostSession/Default
  • sh (PID: 6355, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 6355, Parent: 1477, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 6356, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 6356, Parent: 1477, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • gdm3 New Fork (PID: 6357, Parent: 1320)
  • Default (PID: 6357, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • sh (PID: 6358, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 6358, Parent: 1477, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • sh (PID: 6359, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 6359, Parent: 1477, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • udisksd New Fork (PID: 6362, Parent: 799)
  • dumpe2fs (PID: 6362, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 6363, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 6363, Parent: 1477, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • sh (PID: 6364, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 6364, Parent: 1477, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 6365, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 6365, Parent: 1477, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 6368, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6368, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 6369, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 6369, Parent: 1477, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • Xorg New Fork (PID: 6370, Parent: 1465)
  • sh (PID: 6370, Parent: 1465, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    • sh New Fork (PID: 6372, Parent: 6370)
    • xkbcomp (PID: 6372, Parent: 6370, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
  • udisksd New Fork (PID: 6371, Parent: 799)
  • dumpe2fs (PID: 6371, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 6393, Parent: 1)
  • systemd-user-runtime-dir (PID: 6393, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 1000
  • systemd New Fork (PID: 6399, Parent: 1)
  • systemd-hostnamed (PID: 6399, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • Xorg New Fork (PID: 6540, Parent: 1465)
  • sh (PID: 6540, Parent: 1465, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    • sh New Fork (PID: 6543, Parent: 6540)
    • xkbcomp (PID: 6543, Parent: 6540, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
  • false (PID: 6547, Parent: 6546, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
  • systemd New Fork (PID: 6585, Parent: 1)
  • colord (PID: 6585, Parent: 1, MD5: 70861d1b2818c9279cd4a5c9035dac1f) Arguments: /usr/libexec/colord
    • colord New Fork (PID: 6608, Parent: 6585)
    • colord-sane (PID: 6608, Parent: 6585, MD5: 5f98d754a07bf1385c3ff001cde3882e) Arguments: /usr/libexec/colord-sane
  • systemd New Fork (PID: 6587, Parent: 1)
  • accounts-daemon (PID: 6587, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6599, Parent: 6587, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6600, Parent: 6599, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6603, Parent: 6600, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6604, Parent: 6603)
          • locale (PID: 6604, Parent: 6603, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6605, Parent: 6603)
          • grep (PID: 6605, Parent: 6603, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6612, Parent: 1)
  • systemd-localed (PID: 6612, Parent: 1, MD5: 1244af9646256d49594f2a8203329aa9) Arguments: /lib/systemd/systemd-localed
  • gdm3 New Fork (PID: 6744, Parent: 1320)
  • Default (PID: 6744, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6745, Parent: 1320)
  • Default (PID: 6745, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
i686.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security

    Suricata Signatures

    Timestamp:2024-08-21T21:15:06.212809+0200
    SID:2030490
    Severity:1
    Source Port:45684
    Destination Port:51237
    Protocol:TCP
    Classtype:Malware Command and Control Activity Detected

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: i686.elfAvira: detected
    Multi AV Scanner detection for submitted file
    Source: i686.elfReversingLabs: Detection: 60%
    Machine Learning detection for sample
    Source: i686.elfJoe Sandbox ML: detected

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.23:45684 -> 185.196.9.5:51237
    Connects to many ports of the same IP (likely port scanning)
    Source: global trafficTCP traffic: 185.196.9.5 ports 1,2,3,5,7,51237
    Source: global trafficTCP traffic: 192.168.2.23:45684 -> 185.196.9.5:51237
    Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: global trafficDNS traffic detected: DNS query: fdh32fsdfhs.shop
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33606
    Source: unknownNetwork traffic detected: HTTP traffic on port 33606 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Contains symbols with names commonly found in malware
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_get_opt_str
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_nudp
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: ELF static info symbol of initial sampleName: attack_start
    Source: ELF static info symbol of initial sampleName: attack_tcp_ack
    Source: ELF static info symbol of initial sampleName: attack_tcp_bypass
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 789, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 796, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 799, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1349, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1389, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1463, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1465, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1477, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1489, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1579, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1582, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1586, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1594, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1599, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1622, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1623, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1627, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1629, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1632, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1633, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1638, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1639, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1642, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1648, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1654, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1656, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1661, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1664, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1668, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1698, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1699, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1809, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1888, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1890, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2009, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2018, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2025, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2033, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2038, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2077, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2078, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2079, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2080, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2083, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2084, result: successfulJump to behavior
    Source: i686.elfELF static info symbol of initial sample: scanner.c
    Source: Initial sampleString containing 'busybox' found: /bin/busybox
    Source: Initial sampleString containing 'busybox' found: /proc/self/exe/bin/busybox/proc/%d/etc/systmp.d/proc/%s/lib/systemd/usr/lib/systemd/systemd/usr/lib/openssh/sftp-server/sys/system/dvr/main/usr/mnt/mtd/org/userfs/home/process/net_process/var/tmp/sonia/usr/sbin/usr/bin/mnt/gm/bin/var/Sofia/usr/sbin/sshd/usr/sbin/ntpd/usr/sbin/cupsd/usr/lib/apt/methods/http/usr/sbin/crond/usr/sbin/rsyslogd/usr/sbin/inetd/usr/sbin/dnsmasq/usr/bin/DVRServer/usr/bin/DVRShell/usr/bin/DVRControl/usr/bin/DVRRemoteAgent/usr/bin/DVRNetService/usr/libexec/openssh/sftp-server
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 789, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 796, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 799, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1349, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1389, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1463, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1465, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1477, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1489, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1579, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1582, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1586, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1594, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1599, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1622, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1623, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1627, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1629, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1632, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1633, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1638, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1639, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1642, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1648, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1654, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1656, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1661, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1664, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1668, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1698, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1699, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1809, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1888, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 1890, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2009, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2018, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2025, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2033, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2038, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2077, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2078, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2079, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2080, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2083, result: successfulJump to behavior
    Source: /tmp/i686.elf (PID: 6229)SIGKILL sent: pid: 2084, result: successfulJump to behavior
    Source: classification engineClassification label: mal100.spre.troj.linELF@0/13@1/0
    Source: /usr/libexec/gsd-wacom (PID: 6261)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
    Source: /usr/libexec/gsd-wacom (PID: 6261)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
    Source: /usr/libexec/gsd-color (PID: 6287)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
    Source: /usr/libexec/gsd-color (PID: 6287)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6288)Directory: <invalid fd (12)>/..Jump to behavior
    Source: /usr/lib/upower/upowerd (PID: 6288)Directory: <invalid fd (11)>/..Jump to behavior
    Source: /usr/libexec/gsd-keyboard (PID: 6353)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
    Source: /usr/libexec/gsd-keyboard (PID: 6353)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
    Source: /usr/libexec/gsd-rfkill (PID: 6355)Directory: <invalid fd (9)>/..Jump to behavior
    Source: /usr/libexec/gsd-rfkill (PID: 6355)Directory: <invalid fd (8)>/..Jump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en_US.UTF-8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en_US.utf8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en_US/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en.UTF-8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en.utf8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale/en/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en_US/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en.utf8/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Directory: /usr/share/locale-langpack/en/LC_MESSAGES/.moJump to behavior
    Source: /usr/libexec/gsd-power (PID: 6369)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
    Source: /usr/libexec/gsd-power (PID: 6369)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
    Source: /lib/systemd/systemd-hostnamed (PID: 6399)Directory: <invalid fd (10)>/..Jump to behavior
    Source: /usr/libexec/colord (PID: 6585)Directory: /var/lib/colord/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6587)Directory: /var/lib/gdm3/.pam_environmentJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6587)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6370)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""Jump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6540)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""Jump to behavior
    Source: /usr/share/language-tools/language-options (PID: 6603)Shell command executed: sh -c "locale -a | grep -F .utf8 "Jump to behavior
    Source: /bin/sh (PID: 6605)Grep executable: /usr/bin/grep -> grep -F .utf8Jump to behavior
    Source: /usr/bin/dash (PID: 6248)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1Jump to behavior
    Source: /usr/bin/dash (PID: 6298)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6587)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6587)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /tmp/i686.elf (PID: 6230)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-wacom (PID: 6261)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-color (PID: 6287)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-keyboard (PID: 6353)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-smartcard (PID: 6356)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-media-keys (PID: 6359)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/gsd-power (PID: 6369)Queries kernel information via 'uname': Jump to behavior
    Source: /lib/systemd/systemd-hostnamed (PID: 6399)Queries kernel information via 'uname': Jump to behavior
    Source: /usr/libexec/colord-sane (PID: 6608)Queries kernel information via 'uname': Jump to behavior

    Language, Device and Operating System Detection

    barindex
    Reads system files that contain records of logged in users
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6587)Logged in records file read: /var/log/wtmpJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: i686.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Detected Mirai
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
    Yara detected Mirai
    Source: Yara matchFile source: i686.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		Valid AccountsWindows Management Instrumentation1
    Scripting    		Path Interception1
    Masquerading    		OS Credential Dumping1
    Security Software Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    File and Directory Permissions Modification    		LSASS Memory1
    System Owner/User Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Hidden Files and Directories    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    File Deletion    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1496916 Sample: i686.elf Startdate: 21/08/2024 Architecture: LINUX Score: 100 44 fdh32fsdfhs.shop 185.196.9.5, 45684, 51237 SIMPLECARRIERCH Switzerland 2->44 46 109.202.202.202, 80 INIT7CH Switzerland 2->46 48 3 other IPs or domains 2->48 50 Suricata IDS alerts for network traffic 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 Detected Mirai 2->54 56 5 other signatures 2->56 10 systemd accounts-daemon 2->10         started        13 i686.elf 2->13         started        15 gnome-session-binary sh gsd-print-notifications 2->15         started        17 31 other processes 2->17 signatures3 process4 signatures5 60 Reads system files that contain records of logged in users 10->60 19 accounts-daemon language-validate 10->19         started        21 i686.elf 13->21         started        24 i686.elf 13->24         started        26 gsd-print-notifications 15->26         started        28 colord colord-sane 17->28         started        30 sh xkbcomp 17->30         started        32 sh xkbcomp 17->32         started        process6 signatures7 34 language-validate language-options 19->34         started        58 Sample tries to kill multiple processes (SIGKILL) 21->58 36 gsd-print-notifications gsd-printer 26->36         started        process8 process9 38 language-options sh 34->38         started        process10 40 sh locale 38->40         started        42 sh grep 38->42         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    i686.elf61%ReversingLabsLinux.Trojan.Gafgyt
    i686.elf100%AviraEXP/ELF.Gafgyt.D
    i686.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    fdh32fsdfhs.shop
    		185.196.9.5
    		truetrue
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      54.171.230.55
      		unknownUnited States
      		16509AMAZON-02USfalse
      109.202.202.202
      		unknownSwitzerland
      		13030INIT7CHfalse
      185.196.9.5
      		fdh32fsdfhs.shopSwitzerland
      		42624SIMPLECARRIERCHtrue
      91.189.91.43
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse
      91.189.91.42
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      54.171.230.55arm5nk.elfGet hashmaliciousUnknownBrowse
        botirc.i686.elfGet hashmaliciousTsunamiBrowse
          scan.elfGet hashmaliciousBotenaGo, MiraiBrowse
            botirc.ppc.elfGet hashmaliciousTsunamiBrowse
              cyber-mips.elfGet hashmaliciousUnknownBrowse
                c.arm.elfGet hashmaliciousUnknownBrowse
                  c.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                    c.spc.elfGet hashmaliciousMirai, OkiruBrowse
                      SecuriteInfo.com.Trojan.Linux.Mirai.11282.28855.elfGet hashmaliciousMiraiBrowse
                        arm6-20240812-0507.elfGet hashmaliciousMiraiBrowse
                          109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                          • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                          185.196.9.5i686nk.elfGet hashmaliciousMiraiBrowse
                            mips.elfGet hashmaliciousMiraiBrowse
                              mipsel.elfGet hashmaliciousMiraiBrowse
                                mipselnk.elfGet hashmaliciousMiraiBrowse
                                  mipsnk.elfGet hashmaliciousMiraiBrowse
                                    x86_64.elfGet hashmaliciousMiraiBrowse
                                      arm6.elfGet hashmaliciousMiraiBrowse
                                        arm.elfGet hashmaliciousMiraiBrowse
                                          arm6nk.elfGet hashmaliciousMiraiBrowse
                                            arm7.elfGet hashmaliciousMiraiBrowse
                                              91.189.91.43arm5nk.elfGet hashmaliciousUnknownBrowse
                                                arm6nk.elfGet hashmaliciousMiraiBrowse
                                                  bin.armv4l.elfGet hashmaliciousUnknownBrowse
                                                    bin.armv6l.elfGet hashmaliciousUnknownBrowse
                                                      bin.x86_64.elfGet hashmaliciousUnknownBrowse
                                                        botirc.i686.elfGet hashmaliciousTsunamiBrowse
                                                          botirc.mpsl.elfGet hashmaliciousTsunamiBrowse
                                                            botirc.ppc.elfGet hashmaliciousTsunamiBrowse
                                                              arm.elfGet hashmaliciousTsunamiBrowse
                                                                cyber-mips.elfGet hashmaliciousUnknownBrowse

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  fdh32fsdfhs.shopi686nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipsel.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipselnk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipsnk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  x86_64.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm6.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm6nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CANONICAL-ASGBarm5nk.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  arm6.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.125.190.26
                                                                  arm6nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 91.189.91.42
                                                                  armnk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.125.190.26
                                                                  bin.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  bin.armv6l.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  bin.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  botirc.i686.elfGet hashmaliciousTsunamiBrowse
                                                                  • 91.189.91.42
                                                                  botirc.mpsl.elfGet hashmaliciousTsunamiBrowse
                                                                  • 91.189.91.42
                                                                  botirc.ppc.elfGet hashmaliciousTsunamiBrowse
                                                                  • 91.189.91.42
                                                                  SIMPLECARRIERCHi686nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipsel.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipselnk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  mipsnk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  x86_64.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm6.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm6nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  arm7.elfGet hashmaliciousMiraiBrowse
                                                                  • 185.196.9.5
                                                                  AMAZON-02USarm5nk.elfGet hashmaliciousUnknownBrowse
                                                                  • 54.171.230.55
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                  • 52.222.236.23
                                                                  http://bttr-llc.comGet hashmaliciousUnknownBrowse
                                                                  • 52.37.65.190
                                                                  message html.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.32.110.127
                                                                  Payment Ref_13768_448375.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 52.95.121.195
                                                                  https://www.dropbox.com/l/scl/AAB-caRhWqrML98bRdmDd16YpJdQGQoNwfMGet hashmaliciousUnknownBrowse
                                                                  • 13.227.219.90
                                                                  botirc.i686.elfGet hashmaliciousTsunamiBrowse
                                                                  • 54.171.230.55
                                                                  scan.elfGet hashmaliciousBotenaGo, MiraiBrowse
                                                                  • 54.171.230.55
                                                                  botirc.ppc.elfGet hashmaliciousTsunamiBrowse
                                                                  • 54.171.230.55
                                                                  cyber-mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 54.171.230.55
                                                                  INIT7CHarm5nk.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  arm6nk.elfGet hashmaliciousMiraiBrowse
                                                                  • 109.202.202.202
                                                                  bin.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  bin.armv6l.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  bin.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  botirc.i686.elfGet hashmaliciousTsunamiBrowse
                                                                  • 109.202.202.202
                                                                  botirc.mpsl.elfGet hashmaliciousTsunamiBrowse
                                                                  • 109.202.202.202
                                                                  botirc.ppc.elfGet hashmaliciousTsunamiBrowse
                                                                  • 109.202.202.202
                                                                  arm.elfGet hashmaliciousTsunamiBrowse
                                                                  • 109.202.202.202
                                                                  cyber-mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  /run/user/127/dconf/user

                                                                  Download File
                                                                  Process:/usr/libexec/gsd-power
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                  SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                  SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                  SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                  Malicious:false
                                                                  Reputation:high, very likely benign file
                                                                  Preview:.

                                                                  /tmp/server-0.xkm

                                                                  Download File
                                                                  Process:/usr/bin/xkbcomp
                                                                  File Type:Compiled XKB Keymap: lsb, version 15
                                                                  Category:dropped
                                                                  Size (bytes):12060
                                                                  Entropy (8bit):4.8492493153178975
                                                                  Encrypted:false
                                                                  SSDEEP:192:tDyb2zOmnECQmwTVFfLaSLus4UVcqLkjoqdD//HJeCQ1+JdDx0s2T:tDyAxvYhFf+S6tUzmp7/1MJ
                                                                  MD5:B4E3EB0B8B6B0FC1F46740C573E18D86
                                                                  SHA1:7D35426357695EBA77850757E8939A62DCEFF2D1
                                                                  SHA-256:7951135CC89A6E89493E3A9997C3D9054439459F8BFCE3DDEC76B943DA79FA91
                                                                  SHA-512:8196A23E2B5E525A5581562A2D7F2EE4FF5B694FEF3E218206D52EA9BFE80600BB0C6AA8968CA58E93E1AAD478FA05E157D08DB6D4D1224DDEA6754E377BE001
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:.mkx..............D.......................h.......<.....P.@%.......&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18

                                                                  /var/lib/AccountsService/users/gdm.3HZ8S2

                                                                  Download File
                                                                  Process:/usr/lib/accountsservice/accounts-daemon
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):51
                                                                  Entropy (8bit):4.647628037922664
                                                                  Encrypted:false
                                                                  SSDEEP:3:urCLnT+PzKLrAan4R8AKn:gI+zKLrAa4M
                                                                  MD5:071DABFEAD25B35D415780C2CFA55287
                                                                  SHA1:ED08D2B2FC77EF256FF9196934A55CFE4AE1B8E3
                                                                  SHA-256:E778170EDFD4C9871EFF24F592FF7A23D2A08A86479A6B14E42AF5FC1094416C
                                                                  SHA-512:8FBC64B76E1916570726BE87A2E9FBF7BDD1B07AB64A4A007EF20846273D416C04B32F8D2B923F1FDAA82BA729F2668A402DF608F4852E7676F67247A2666668
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:[User].Icon=/var/lib/gdm3/.face.SystemAccount=true.

                                                                  Static File Info

                                                                  General

                                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
                                                                  Entropy (8bit):6.289134624617147
                                                                  TrID:
                                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                  File name:i686.elf
                                                                  File size:98'176 bytes
                                                                  MD5:d9440f53222512a031ff253d32d468a4
                                                                  SHA1:88eda708ec81caf8b92473d311e49c6ff2d08dd6
                                                                  SHA256:c004dc91397db8a8a661c6656e64da02fd665816fc3e6b9efd4e4474be2edfd1
                                                                  SHA512:bb217f99e8a811e8d3fa4b11141f8e82e3ad8efae8a030cdfe076e8fea5074f5b471a15e2b1c11857d144c3dd095a2f03dafb8f34514f1474537af6dccc813de
                                                                  SSDEEP:1536:bHimqV/PxYKBCiclerrK1ACze9swyUyqbwLDy6V6pjZrirH/iLlT79B:bCmqV/P6KBCtmm1Aqe9HwqcLDyzjZriS
                                                                  TLSH:CAA328C9E653C5B7DD430E3802A7F63F4A32E4218B6E8E41D76C6EF09E03594748A766
                                                                  File Content Preview:.ELF........................4....(......4. ...(.....................................................H....9..............l...l...l...................Q.td............................U..S........'...h....c...[]...$.............U......= ....t..1..............

                                                                  Static ELF Info

                                                                  ELF header

                                                                  Class:ELF32
                                                                  Data:2's complement, little endian
                                                                  Version:1 (current)
                                                                  Machine:Intel 80386
                                                                  Version Number:0x1
                                                                  Type:EXEC (Executable file)
                                                                  OS/ABI:UNIX - System V
                                                                  ABI Version:0
                                                                  Entry Point Address:0x8048188
                                                                  Flags:0x0
                                                                  ELF Header Size:52
                                                                  Program Header Offset:52
                                                                  Program Header Size:32
                                                                  Number of Program Headers:4
                                                                  Section Header Offset:75936
                                                                  Section Header Size:40
                                                                  Number of Section Headers:19
                                                                  Header String Table Index:16

                                                                  Sections

                                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                  NULL0x00x00x00x00x0000
                                                                  .initPROGBITS0x80480b40xb40x1c0x00x6AX001
                                                                  .textPROGBITS0x80480d00xd00xe7890x00x6AX0016
                                                                  .finiPROGBITS0x80568590xe8590x170x00x6AX001
                                                                  .rodataPROGBITS0x80568800xe8800x2a3c0x00x2A0032
                                                                  .eh_framePROGBITS0x805a2bc0x112bc0x5b00x00x3WA004
                                                                  .tbssNOBITS0x805a86c0x1186c0x80x00x403WAT004
                                                                  .ctorsPROGBITS0x805a86c0x1186c0x80x00x3WA004
                                                                  .dtorsPROGBITS0x805a8740x118740x80x00x3WA004
                                                                  .jcrPROGBITS0x805a87c0x1187c0x40x00x3WA004
                                                                  .got.pltPROGBITS0x805a8800x118800xc0x40x3WA004
                                                                  .dataPROGBITS0x805a8a00x118a00x2640x00x3WA0032
                                                                  .bssNOBITS0x805ab200x11b040x31700x00x3WA0032
                                                                  .stabPROGBITS0x00x11b040xfc0xc0x01404
                                                                  .stabstrSTRTAB0x00x11c000xdb0x00x0001
                                                                  .commentPROGBITS0x00x11cdb0xb400x00x0001
                                                                  .shstrtabSTRTAB0x00x1281b0x840x00x0001
                                                                  .symtabSYMTAB0x00x12b980x2fe00x100x0182964
                                                                  .strtabSTRTAB0x00x15b780x24080x00x0001

                                                                  Program Segments

                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                  LOAD0x00x80480000x80480000x112bc0x112bc6.38730x5R E0x1000.init .text .fini .rodata
                                                                  LOAD0x112bc0x805a2bc0x805a2bc0x8480x39d44.67090x6RW 0x1000.eh_frame .tbss .ctors .dtors .jcr .got.plt .data .bss
                                                                  TLS0x1186c0x805a86c0x805a86c0x00x80.00000x4R 0x4.tbss
                                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                  Symbols

                                                                  NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                                  .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  .symtab0x80480b40SECTION<unknown>DEFAULT1
                                                                  .symtab0x80480d00SECTION<unknown>DEFAULT2
                                                                  .symtab0x80568590SECTION<unknown>DEFAULT3
                                                                  .symtab0x80568800SECTION<unknown>DEFAULT4
                                                                  .symtab0x805a2bc0SECTION<unknown>DEFAULT5
                                                                  .symtab0x805a86c0SECTION<unknown>DEFAULT6
                                                                  .symtab0x805a86c0SECTION<unknown>DEFAULT7
                                                                  .symtab0x805a8740SECTION<unknown>DEFAULT8
                                                                  .symtab0x805a87c0SECTION<unknown>DEFAULT9
                                                                  .symtab0x805a8800SECTION<unknown>DEFAULT10
                                                                  .symtab0x805a8a00SECTION<unknown>DEFAULT11
                                                                  .symtab0x805ab200SECTION<unknown>DEFAULT12
                                                                  .symtab0x00SECTION<unknown>DEFAULT13
                                                                  .symtab0x00SECTION<unknown>DEFAULT14
                                                                  .symtab0x00SECTION<unknown>DEFAULT15
                                                                  C.11.5298.symtab0x8057ea824OBJECT<unknown>DEFAULT4
                                                                  C.112.6579.symtab0x8057460248OBJECT<unknown>DEFAULT4
                                                                  C.115.6702.symtab0x80570601024OBJECT<unknown>DEFAULT4
                                                                  C.118.6825.symtab0x8056f40284OBJECT<unknown>DEFAULT4
                                                                  C.2.4971.symtab0x8057780132OBJECT<unknown>DEFAULT4
                                                                  LOCAL_ADDR.symtab0x805d69c4OBJECT<unknown>DEFAULT12
                                                                  POPBX1.symtab0x805458f0NOTYPE<unknown>DEFAULT2
                                                                  POPBX1.symtab0x80545ef0NOTYPE<unknown>DEFAULT2
                                                                  POPBX1.symtab0x805464f0NOTYPE<unknown>DEFAULT2
                                                                  PUSHBX1.symtab0x805457b0NOTYPE<unknown>DEFAULT2
                                                                  PUSHBX1.symtab0x80545db0NOTYPE<unknown>DEFAULT2
                                                                  PUSHBX1.symtab0x805463b0NOTYPE<unknown>DEFAULT2
                                                                  RESTBX1.symtab0x80545390NOTYPE<unknown>DEFAULT2
                                                                  SAVEBX1.symtab0x805452c0NOTYPE<unknown>DEFAULT2
                                                                  _Exit.symtab0x8054ba866FUNC<unknown>DEFAULT2
                                                                  _GLOBAL_OFFSET_TABLE_.symtab0x805a8800OBJECT<unknown>HIDDEN10
                                                                  _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  _L_lock_103.symtab0x805093916FUNC<unknown>DEFAULT2
                                                                  _L_lock_13.symtab0x8051eb116FUNC<unknown>DEFAULT2
                                                                  _L_lock_144.symtab0x8051ef116FUNC<unknown>DEFAULT2
                                                                  _L_lock_164.symtab0x8051f1116FUNC<unknown>DEFAULT2
                                                                  _L_lock_18.symtab0x80508ff13FUNC<unknown>DEFAULT2
                                                                  _L_lock_18.symtab0x8055d7710FUNC<unknown>DEFAULT2
                                                                  _L_lock_195.symtab0x8051f3113FUNC<unknown>DEFAULT2
                                                                  _L_lock_205.symtab0x8050cfb16FUNC<unknown>DEFAULT2
                                                                  _L_lock_216.symtab0x8050d0b16FUNC<unknown>DEFAULT2
                                                                  _L_lock_30.symtab0x8051ec116FUNC<unknown>DEFAULT2
                                                                  _L_lock_34.symtab0x80565db13FUNC<unknown>DEFAULT2
                                                                  _L_lock_35.symtab0x8055ce510FUNC<unknown>DEFAULT2
                                                                  _L_lock_53.symtab0x805090c16FUNC<unknown>DEFAULT2
                                                                  _L_lock_70.symtab0x805438c16FUNC<unknown>DEFAULT2
                                                                  _L_unlock_104.symtab0x8051ee116FUNC<unknown>DEFAULT2
                                                                  _L_unlock_108.symtab0x80565e810FUNC<unknown>DEFAULT2
                                                                  _L_unlock_113.symtab0x805094913FUNC<unknown>DEFAULT2
                                                                  _L_unlock_156.symtab0x8051f0116FUNC<unknown>DEFAULT2
                                                                  _L_unlock_167.symtab0x805439c13FUNC<unknown>DEFAULT2
                                                                  _L_unlock_174.symtab0x8051f2116FUNC<unknown>DEFAULT2
                                                                  _L_unlock_232.symtab0x8050d1b13FUNC<unknown>DEFAULT2
                                                                  _L_unlock_239.symtab0x8051f3e13FUNC<unknown>DEFAULT2
                                                                  _L_unlock_242.symtab0x8050d2813FUNC<unknown>DEFAULT2
                                                                  _L_unlock_43.symtab0x8055d8110FUNC<unknown>DEFAULT2
                                                                  _L_unlock_65.symtab0x805091c16FUNC<unknown>DEFAULT2
                                                                  _L_unlock_65.symtab0x8055cef10FUNC<unknown>DEFAULT2
                                                                  _L_unlock_82.symtab0x805092c13FUNC<unknown>DEFAULT2
                                                                  _L_unlock_88.symtab0x8051ed116FUNC<unknown>DEFAULT2
                                                                  _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __CTOR_END__.symtab0x805a8700OBJECT<unknown>DEFAULT7
                                                                  __CTOR_LIST__.symtab0x805a86c0OBJECT<unknown>DEFAULT7
                                                                  __C_ctype_b.symtab0x805aafc4OBJECT<unknown>DEFAULT11
                                                                  __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __C_ctype_b_data.symtab0x8058ef0768OBJECT<unknown>DEFAULT4
                                                                  __DTOR_END__.symtab0x805a8780OBJECT<unknown>DEFAULT8
                                                                  __DTOR_LIST__.symtab0x805a8740OBJECT<unknown>DEFAULT8
                                                                  __EH_FRAME_BEGIN__.symtab0x805a2bc0OBJECT<unknown>DEFAULT5
                                                                  __FRAME_END__.symtab0x805a8680OBJECT<unknown>DEFAULT5
                                                                  __GI___C_ctype_b.symtab0x805aafc4OBJECT<unknown>HIDDEN11
                                                                  __GI___close.symtab0x805452080FUNC<unknown>HIDDEN2
                                                                  __GI___close_nocancel.symtab0x805452a27FUNC<unknown>HIDDEN2
                                                                  __GI___ctype_b.symtab0x805ab004OBJECT<unknown>HIDDEN11
                                                                  __GI___errno_location.symtab0x805073c13FUNC<unknown>HIDDEN2
                                                                  __GI___fcntl_nocancel.symtab0x804fe5486FUNC<unknown>HIDDEN2
                                                                  __GI___fgetc_unlocked.symtab0x8055d8c220FUNC<unknown>HIDDEN2
                                                                  __GI___glibc_strerror_r.symtab0x80521b829FUNC<unknown>HIDDEN2
                                                                  __GI___libc_close.symtab0x805452080FUNC<unknown>HIDDEN2
                                                                  __GI___libc_fcntl.symtab0x804feaa156FUNC<unknown>HIDDEN2
                                                                  __GI___libc_open.symtab0x805457091FUNC<unknown>HIDDEN2
                                                                  __GI___libc_read.symtab0x805463091FUNC<unknown>HIDDEN2
                                                                  __GI___libc_write.symtab0x80545d091FUNC<unknown>HIDDEN2
                                                                  __GI___open.symtab0x805457091FUNC<unknown>HIDDEN2
                                                                  __GI___open_nocancel.symtab0x805457a33FUNC<unknown>HIDDEN2
                                                                  __GI___read.symtab0x805463091FUNC<unknown>HIDDEN2
                                                                  __GI___read_nocancel.symtab0x805463a33FUNC<unknown>HIDDEN2
                                                                  __GI___sigaddset.symtab0x80527c832FUNC<unknown>HIDDEN2
                                                                  __GI___sigdelset.symtab0x80527e832FUNC<unknown>HIDDEN2
                                                                  __GI___sigismember.symtab0x80527a436FUNC<unknown>HIDDEN2
                                                                  __GI___uClibc_fini.symtab0x805476763FUNC<unknown>HIDDEN2
                                                                  __GI___uClibc_init.symtab0x80547da48FUNC<unknown>HIDDEN2
                                                                  __GI___write.symtab0x80545d091FUNC<unknown>HIDDEN2
                                                                  __GI___write_nocancel.symtab0x80545da33FUNC<unknown>HIDDEN2
                                                                  __GI___xpg_strerror_r.symtab0x80521d8206FUNC<unknown>HIDDEN2
                                                                  __GI__exit.symtab0x8054ba866FUNC<unknown>HIDDEN2
                                                                  __GI_abort.symtab0x80537e8208FUNC<unknown>HIDDEN2
                                                                  __GI_accept.symtab0x805235491FUNC<unknown>HIDDEN2
                                                                  __GI_atoi.symtab0x8053c4020FUNC<unknown>HIDDEN2
                                                                  __GI_bind.symtab0x80523b043FUNC<unknown>HIDDEN2
                                                                  __GI_brk.symtab0x8054a6844FUNC<unknown>HIDDEN2
                                                                  __GI_close.symtab0x805452080FUNC<unknown>HIDDEN2
                                                                  __GI_closedir.symtab0x8050440138FUNC<unknown>HIDDEN2
                                                                  __GI_config_close.symtab0x805517361FUNC<unknown>HIDDEN2
                                                                  __GI_config_open.symtab0x80551b053FUNC<unknown>HIDDEN2
                                                                  __GI_config_read.symtab0x8054ee4655FUNC<unknown>HIDDEN2
                                                                  __GI_connect.symtab0x80523dc91FUNC<unknown>HIDDEN2
                                                                  __GI_exit.symtab0x8053d94106FUNC<unknown>HIDDEN2
                                                                  __GI_fclose.symtab0x8050770399FUNC<unknown>HIDDEN2
                                                                  __GI_fcntl.symtab0x804feaa156FUNC<unknown>HIDDEN2
                                                                  __GI_fflush_unlocked.symtab0x8051cd9472FUNC<unknown>HIDDEN2
                                                                  __GI_fgetc.symtab0x8055c48157FUNC<unknown>HIDDEN2
                                                                  __GI_fgetc_unlocked.symtab0x8055d8c220FUNC<unknown>HIDDEN2
                                                                  __GI_fgets.symtab0x8055cfc123FUNC<unknown>HIDDEN2
                                                                  __GI_fgets_unlocked.symtab0x8055e68107FUNC<unknown>HIDDEN2
                                                                  __GI_fopen.symtab0x805095824FUNC<unknown>HIDDEN2
                                                                  __GI_fork.symtab0x8054180524FUNC<unknown>HIDDEN2
                                                                  __GI_fputs_unlocked.symtab0x8051f4c49FUNC<unknown>HIDDEN2
                                                                  __GI_fseek.symtab0x80564b827FUNC<unknown>HIDDEN2
                                                                  __GI_fseeko64.symtab0x80564d4263FUNC<unknown>HIDDEN2
                                                                  __GI_fstat.symtab0x8054bec75FUNC<unknown>HIDDEN2
                                                                  __GI_fwrite_unlocked.symtab0x8051f80119FUNC<unknown>HIDDEN2
                                                                  __GI_getc_unlocked.symtab0x8055d8c220FUNC<unknown>HIDDEN2
                                                                  __GI_getdtablesize.symtab0x8054cc437FUNC<unknown>HIDDEN2
                                                                  __GI_getegid.symtab0x8054cec8FUNC<unknown>HIDDEN2
                                                                  __GI_geteuid.symtab0x8054cf48FUNC<unknown>HIDDEN2
                                                                  __GI_getgid.symtab0x8054cfc8FUNC<unknown>HIDDEN2
                                                                  __GI_getpagesize.symtab0x8054d0417FUNC<unknown>HIDDEN2
                                                                  __GI_getpid.symtab0x80543ac49FUNC<unknown>HIDDEN2
                                                                  __GI_getrlimit.symtab0x8054d1843FUNC<unknown>HIDDEN2
                                                                  __GI_getsockname.symtab0x805243843FUNC<unknown>HIDDEN2
                                                                  __GI_getuid.symtab0x8054d448FUNC<unknown>HIDDEN2
                                                                  __GI_inet_addr.symtab0x805232c37FUNC<unknown>HIDDEN2
                                                                  __GI_inet_aton.symtab0x805603c148FUNC<unknown>HIDDEN2
                                                                  __GI_initstate_r.symtab0x8053b02155FUNC<unknown>HIDDEN2
                                                                  __GI_ioctl.symtab0x804ff50142FUNC<unknown>HIDDEN2
                                                                  __GI_isatty.symtab0x80522a829FUNC<unknown>HIDDEN2
                                                                  __GI_kill.symtab0x804ffe043FUNC<unknown>HIDDEN2
                                                                  __GI_listen.symtab0x80524a035FUNC<unknown>HIDDEN2
                                                                  __GI_lseek.symtab0x8054d4c47FUNC<unknown>HIDDEN2
                                                                  __GI_lseek64.symtab0x80567cc85FUNC<unknown>HIDDEN2
                                                                  __GI_memcpy.symtab0x8051ff841FUNC<unknown>HIDDEN2
                                                                  __GI_memmove.symtab0x805202437FUNC<unknown>HIDDEN2
                                                                  __GI_mempcpy.symtab0x80567a833FUNC<unknown>HIDDEN2
                                                                  __GI_memrchr.symtab0x8055f2c177FUNC<unknown>HIDDEN2
                                                                  __GI_memset.symtab0x805204c50FUNC<unknown>HIDDEN2
                                                                  __GI_mkdir.symtab0x805000c43FUNC<unknown>HIDDEN2
                                                                  __GI_mmap.symtab0x8054b2827FUNC<unknown>HIDDEN2
                                                                  __GI_mremap.symtab0x8054d7c59FUNC<unknown>HIDDEN2
                                                                  __GI_munmap.symtab0x8054db843FUNC<unknown>HIDDEN2
                                                                  __GI_nanosleep.symtab0x8054e0d61FUNC<unknown>HIDDEN2
                                                                  __GI_open.symtab0x805457091FUNC<unknown>HIDDEN2
                                                                  __GI_opendir.symtab0x805055e137FUNC<unknown>HIDDEN2
                                                                  __GI_raise.symtab0x80543e0101FUNC<unknown>HIDDEN2
                                                                  __GI_random.symtab0x80538c072FUNC<unknown>HIDDEN2
                                                                  __GI_random_r.symtab0x80539fc94FUNC<unknown>HIDDEN2
                                                                  __GI_read.symtab0x805463091FUNC<unknown>HIDDEN2
                                                                  __GI_readdir.symtab0x805065c132FUNC<unknown>HIDDEN2
                                                                  __GI_readdir64.symtab0x8054e5c134FUNC<unknown>HIDDEN2
                                                                  __GI_readlink.symtab0x80500b047FUNC<unknown>HIDDEN2
                                                                  __GI_recv.symtab0x80524c499FUNC<unknown>HIDDEN2
                                                                  __GI_recvfrom.symtab0x8052528115FUNC<unknown>HIDDEN2
                                                                  __GI_sbrk.symtab0x80500e078FUNC<unknown>HIDDEN2
                                                                  __GI_select.symtab0x8050169113FUNC<unknown>HIDDEN2
                                                                  __GI_send.symtab0x805259c99FUNC<unknown>HIDDEN2
                                                                  __GI_sendto.symtab0x8052600115FUNC<unknown>HIDDEN2
                                                                  __GI_setsid.symtab0x80501dc31FUNC<unknown>HIDDEN2
                                                                  __GI_setsockopt.symtab0x805267459FUNC<unknown>HIDDEN2
                                                                  __GI_setstate_r.symtab0x8053b9d161FUNC<unknown>HIDDEN2
                                                                  __GI_sigaction.symtab0x8054ab381FUNC<unknown>HIDDEN2
                                                                  __GI_sigaddset.symtab0x80526dc34FUNC<unknown>HIDDEN2
                                                                  __GI_sigemptyset.symtab0x805270020FUNC<unknown>HIDDEN2
                                                                  __GI_signal.symtab0x8052714143FUNC<unknown>HIDDEN2
                                                                  __GI_sigprocmask.symtab0x80501fc101FUNC<unknown>HIDDEN2
                                                                  __GI_sleep.symtab0x8054448204FUNC<unknown>HIDDEN2
                                                                  __GI_snprintf.symtab0x805097033FUNC<unknown>HIDDEN2
                                                                  __GI_socket.symtab0x80526b043FUNC<unknown>HIDDEN2
                                                                  __GI_srandom_r.symtab0x8053a5a168FUNC<unknown>HIDDEN2
                                                                  __GI_stat.symtab0x805026475FUNC<unknown>HIDDEN2
                                                                  __GI_strcat.symtab0x805208035FUNC<unknown>HIDDEN2
                                                                  __GI_strchr.symtab0x8055ed430FUNC<unknown>HIDDEN2
                                                                  __GI_strchrnul.symtab0x8055ef425FUNC<unknown>HIDDEN2
                                                                  __GI_strcmp.symtab0x80520a429FUNC<unknown>HIDDEN2
                                                                  __GI_strcoll.symtab0x80520a429FUNC<unknown>HIDDEN2
                                                                  __GI_strcspn.symtab0x8055fe048FUNC<unknown>HIDDEN2
                                                                  __GI_strlen.symtab0x80520c419FUNC<unknown>HIDDEN2
                                                                  __GI_strnlen.symtab0x80520d824FUNC<unknown>HIDDEN2
                                                                  __GI_strrchr.symtab0x8055f1026FUNC<unknown>HIDDEN2
                                                                  __GI_strspn.symtab0x805601042FUNC<unknown>HIDDEN2
                                                                  __GI_strstr.symtab0x80520f0197FUNC<unknown>HIDDEN2
                                                                  __GI_strtol.symtab0x8053c5426FUNC<unknown>HIDDEN2
                                                                  __GI_sysconf.symtab0x8053edd543FUNC<unknown>HIDDEN2
                                                                  __GI_tcgetattr.symtab0x80522c899FUNC<unknown>HIDDEN2
                                                                  __GI_time.symtab0x80502b016FUNC<unknown>HIDDEN2
                                                                  __GI_times.symtab0x8054e4c16FUNC<unknown>HIDDEN2
                                                                  __GI_uname.symtab0x80502e839FUNC<unknown>HIDDEN2
                                                                  __GI_vsnprintf.symtab0x8050994172FUNC<unknown>HIDDEN2
                                                                  __GI_wcrtomb.symtab0x80551e869FUNC<unknown>HIDDEN2
                                                                  __GI_wcsnrtombs.symtab0x8055250131FUNC<unknown>HIDDEN2
                                                                  __GI_wcsrtombs.symtab0x805523030FUNC<unknown>HIDDEN2
                                                                  __GI_write.symtab0x80545d091FUNC<unknown>HIDDEN2
                                                                  __JCR_END__.symtab0x805a87c0OBJECT<unknown>DEFAULT9
                                                                  __JCR_LIST__.symtab0x805a87c0OBJECT<unknown>DEFAULT9
                                                                  __app_fini.symtab0x805d1544OBJECT<unknown>HIDDEN12
                                                                  __atexit_lock.symtab0x805aad824OBJECT<unknown>DEFAULT11
                                                                  __bss_start.symtab0x805ab040NOTYPE<unknown>DEFAULTSHN_ABS
                                                                  __check_one_fd.symtab0x80547a652FUNC<unknown>DEFAULT2
                                                                  __close.symtab0x805452080FUNC<unknown>DEFAULT2
                                                                  __close_nocancel.symtab0x805452a27FUNC<unknown>DEFAULT2
                                                                  __ctype_b.symtab0x805ab004OBJECT<unknown>DEFAULT11
                                                                  __curbrk.symtab0x805d15c4OBJECT<unknown>HIDDEN12
                                                                  __deregister_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __do_global_ctors_aux.symtab0x80568300FUNC<unknown>DEFAULT2
                                                                  __do_global_dtors_aux.symtab0x80480e00FUNC<unknown>DEFAULT2
                                                                  __dso_handle.symtab0x805a8a00OBJECT<unknown>HIDDEN11
                                                                  __environ.symtab0x805d14c4OBJECT<unknown>DEFAULT12
                                                                  __errno_location.symtab0x805073c13FUNC<unknown>DEFAULT2
                                                                  __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __exit_cleanup.symtab0x805cbfc4OBJECT<unknown>HIDDEN12
                                                                  __fcntl_nocancel.symtab0x804fe5486FUNC<unknown>DEFAULT2
                                                                  __fgetc_unlocked.symtab0x8055d8c220FUNC<unknown>DEFAULT2
                                                                  __fini_array_end.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __fini_array_start.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __fork.symtab0x8054180524FUNC<unknown>DEFAULT2
                                                                  __fork_generation_pointer.symtab0x805dc604OBJECT<unknown>HIDDEN12
                                                                  __fork_handlers.symtab0x805dc644OBJECT<unknown>HIDDEN12
                                                                  __fork_lock.symtab0x805cc004OBJECT<unknown>HIDDEN12
                                                                  __get_pc_thunk_bx.symtab0x80480d00FUNC<unknown>HIDDEN2
                                                                  __getdents.symtab0x8054c38137FUNC<unknown>HIDDEN2
                                                                  __getdents64.symtab0x805639c281FUNC<unknown>HIDDEN2
                                                                  __getpagesize.symtab0x8054d0417FUNC<unknown>DEFAULT2
                                                                  __getpid.symtab0x80543ac49FUNC<unknown>DEFAULT2
                                                                  __glibc_strerror_r.symtab0x80521b829FUNC<unknown>DEFAULT2
                                                                  __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __init_array_end.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __init_array_start.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __libc_accept.symtab0x805235491FUNC<unknown>DEFAULT2
                                                                  __libc_close.symtab0x805452080FUNC<unknown>DEFAULT2
                                                                  __libc_connect.symtab0x80523dc91FUNC<unknown>DEFAULT2
                                                                  __libc_disable_asynccancel.symtab0x805468c86FUNC<unknown>HIDDEN2
                                                                  __libc_enable_asynccancel.symtab0x80546e284FUNC<unknown>HIDDEN2
                                                                  __libc_errno.symtab0x04TLS<unknown>HIDDEN6
                                                                  __libc_fcntl.symtab0x804feaa156FUNC<unknown>DEFAULT2
                                                                  __libc_fork.symtab0x8054180524FUNC<unknown>DEFAULT2
                                                                  __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
                                                                  __libc_nanosleep.symtab0x8054e0d61FUNC<unknown>DEFAULT2
                                                                  __libc_open.symtab0x805457091FUNC<unknown>DEFAULT2
                                                                  __libc_read.symtab0x805463091FUNC<unknown>DEFAULT2
                                                                  __libc_recv.symtab0x80524c499FUNC<unknown>DEFAULT2
                                                                  __libc_recvfrom.symtab0x8052528115FUNC<unknown>DEFAULT2
                                                                  __libc_select.symtab0x8050169113FUNC<unknown>DEFAULT2
                                                                  __libc_send.symtab0x805259c99FUNC<unknown>DEFAULT2
                                                                  __libc_sendto.symtab0x8052600115FUNC<unknown>DEFAULT2
                                                                  __libc_setup_tls.symtab0x805612a512FUNC<unknown>DEFAULT2
                                                                  __libc_sigaction.symtab0x8054ab381FUNC<unknown>DEFAULT2
                                                                  __libc_stack_end.symtab0x805d1484OBJECT<unknown>DEFAULT12
                                                                  __libc_write.symtab0x80545d091FUNC<unknown>DEFAULT2
                                                                  __lll_lock_wait_private.symtab0x805413040FUNC<unknown>HIDDEN2
                                                                  __lll_unlock_wake_private.symtab0x805416032FUNC<unknown>HIDDEN2
                                                                  __malloc_consolidate.symtab0x80534a5386FUNC<unknown>HIDDEN2
                                                                  __malloc_largebin_index.symtab0x805280838FUNC<unknown>DEFAULT2
                                                                  __malloc_lock.symtab0x805a9fc24OBJECT<unknown>DEFAULT11
                                                                  __malloc_state.symtab0x805d8e8888OBJECT<unknown>DEFAULT12
                                                                  __malloc_trim.symtab0x8053418141FUNC<unknown>DEFAULT2
                                                                  __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __open.symtab0x805457091FUNC<unknown>DEFAULT2
                                                                  __open_nocancel.symtab0x805457a33FUNC<unknown>DEFAULT2
                                                                  __pagesize.symtab0x805d1504OBJECT<unknown>DEFAULT12
                                                                  __preinit_array_end.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __preinit_array_start.symtab0x805a86c0NOTYPE<unknown>HIDDEN6
                                                                  __progname.symtab0x805aaf44OBJECT<unknown>DEFAULT11
                                                                  __progname_full.symtab0x805aaf84OBJECT<unknown>DEFAULT11
                                                                  __pthread_initialize_minimal.symtab0x805632a19FUNC<unknown>DEFAULT2
                                                                  __pthread_mutex_init.symtab0x805473b3FUNC<unknown>DEFAULT2
                                                                  __pthread_mutex_lock.symtab0x80547383FUNC<unknown>DEFAULT2
                                                                  __pthread_mutex_trylock.symtab0x80547383FUNC<unknown>DEFAULT2
                                                                  __pthread_mutex_unlock.symtab0x80547383FUNC<unknown>DEFAULT2
                                                                  __pthread_return_0.symtab0x80547383FUNC<unknown>DEFAULT2
                                                                  __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __read.symtab0x805463091FUNC<unknown>DEFAULT2
                                                                  __read_nocancel.symtab0x805463a33FUNC<unknown>DEFAULT2
                                                                  __register_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                  __restore.symtab0x8054aab0NOTYPE<unknown>DEFAULT2
                                                                  __restore_rt.symtab0x8054aa40NOTYPE<unknown>DEFAULT2
                                                                  __rtld_fini.symtab0x805d1584OBJECT<unknown>HIDDEN12
                                                                  __sigaddset.symtab0x80527c832FUNC<unknown>DEFAULT2
                                                                  __sigdelset.symtab0x80527e832FUNC<unknown>DEFAULT2
                                                                  __sigismember.symtab0x80527a436FUNC<unknown>DEFAULT2
                                                                  __socketcall.symtab0x8054b4443FUNC<unknown>HIDDEN2
                                                                  __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __stdin.symtab0x805a91c4OBJECT<unknown>DEFAULT11
                                                                  __stdio_READ.symtab0x80565f479FUNC<unknown>HIDDEN2
                                                                  __stdio_WRITE.symtab0x80552d4146FUNC<unknown>HIDDEN2
                                                                  __stdio_adjust_position.symtab0x8056644150FUNC<unknown>HIDDEN2
                                                                  __stdio_fwrite.symtab0x8055368250FUNC<unknown>HIDDEN2
                                                                  __stdio_rfill.symtab0x80566dc40FUNC<unknown>HIDDEN2
                                                                  __stdio_seek.symtab0x805677451FUNC<unknown>HIDDEN2
                                                                  __stdio_trans2r_o.symtab0x8056704111FUNC<unknown>HIDDEN2
                                                                  __stdio_trans2w_o.symtab0x8055464168FUNC<unknown>HIDDEN2
                                                                  __stdio_wcommit.symtab0x8050e6443FUNC<unknown>HIDDEN2
                                                                  __stdout.symtab0x805a9204OBJECT<unknown>DEFAULT11
                                                                  __syscall_error.symtab0x8054a9415FUNC<unknown>HIDDEN2
                                                                  __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __syscall_nanosleep.symtab0x8054de441FUNC<unknown>DEFAULT2
                                                                  __syscall_rt_sigaction.symtab0x8054b7053FUNC<unknown>DEFAULT2
                                                                  __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __syscall_select.symtab0x805013057FUNC<unknown>DEFAULT2
                                                                  __uClibc_fini.symtab0x805476763FUNC<unknown>DEFAULT2
                                                                  __uClibc_init.symtab0x80547da48FUNC<unknown>DEFAULT2
                                                                  __uClibc_main.symtab0x805480a603FUNC<unknown>DEFAULT2
                                                                  __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __uclibc_progname.symtab0x805aaf04OBJECT<unknown>HIDDEN11
                                                                  __write.symtab0x80545d091FUNC<unknown>DEFAULT2
                                                                  __write_nocancel.symtab0x80545da33FUNC<unknown>DEFAULT2
                                                                  __xpg_strerror_r.symtab0x80521d8206FUNC<unknown>DEFAULT2
                                                                  __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  __xstat32_conv.symtab0x80503b3138FUNC<unknown>HIDDEN2
                                                                  __xstat64_conv.symtab0x8050310163FUNC<unknown>HIDDEN2
                                                                  _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _bss_custom_printf_spec.symtab0x805cbec10OBJECT<unknown>DEFAULT12
                                                                  _charpad.symtab0x8050e9056FUNC<unknown>DEFAULT2
                                                                  _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _custom_printf_arginfo.symtab0x805d89040OBJECT<unknown>HIDDEN12
                                                                  _custom_printf_handler.symtab0x805d8b840OBJECT<unknown>HIDDEN12
                                                                  _custom_printf_spec.symtab0x805a9f84OBJECT<unknown>HIDDEN11
                                                                  _dl_aux_init.symtab0x805634018FUNC<unknown>DEFAULT2
                                                                  _dl_nothread_init_static_tls.symtab0x805635274FUNC<unknown>HIDDEN2
                                                                  _dl_phdr.symtab0x805dc884OBJECT<unknown>DEFAULT12
                                                                  _dl_phnum.symtab0x805dc8c4OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_dtv_gaps.symtab0x805dc7c1OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_dtv_slotinfo_list.symtab0x805dc784OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_generation.symtab0x805dc804OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_max_dtv_idx.symtab0x805dc704OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_setup.symtab0x80560fa48FUNC<unknown>DEFAULT2
                                                                  _dl_tls_static_align.symtab0x805dc6c4OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_static_nelem.symtab0x805dc844OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_static_size.symtab0x805dc744OBJECT<unknown>DEFAULT12
                                                                  _dl_tls_static_used.symtab0x805dc684OBJECT<unknown>DEFAULT12
                                                                  _edata.symtab0x805ab040NOTYPE<unknown>DEFAULTSHN_ABS
                                                                  _end.symtab0x805dc900NOTYPE<unknown>DEFAULTSHN_ABS
                                                                  _exit.symtab0x8054ba866FUNC<unknown>DEFAULT2
                                                                  _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _fini.symtab0x80568590FUNC<unknown>DEFAULT3
                                                                  _fixed_buffers.symtab0x805abec8192OBJECT<unknown>DEFAULT12
                                                                  _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _fp_out_narrow.symtab0x8050ec8106FUNC<unknown>DEFAULT2
                                                                  _fpmaxtostr.symtab0x80556901464FUNC<unknown>HIDDEN2
                                                                  _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _init.symtab0x80480b40FUNC<unknown>DEFAULT1
                                                                  _load_inttype.symtab0x805550c94FUNC<unknown>HIDDEN2
                                                                  _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _ppfs_init.symtab0x8051554110FUNC<unknown>HIDDEN2
                                                                  _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _ppfs_parsespec.symtab0x80517491094FUNC<unknown>HIDDEN2
                                                                  _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _ppfs_prepargs.symtab0x80515c466FUNC<unknown>HIDDEN2
                                                                  _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _ppfs_setargs.symtab0x8051608277FUNC<unknown>HIDDEN2
                                                                  _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _promoted_size.symtab0x805172041FUNC<unknown>DEFAULT2
                                                                  _pthread_cleanup_pop_restore.symtab0x805475023FUNC<unknown>DEFAULT2
                                                                  _pthread_cleanup_push_defer.symtab0x805473e18FUNC<unknown>DEFAULT2
                                                                  _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _setjmp.symtab0x8054b0434FUNC<unknown>DEFAULT2
                                                                  _sigintr.symtab0x805d8e08OBJECT<unknown>HIDDEN12
                                                                  _start.symtab0x804818834FUNC<unknown>DEFAULT2
                                                                  _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _stdio_fopen.symtab0x8050a40699FUNC<unknown>HIDDEN2
                                                                  _stdio_init.symtab0x8050d3880FUNC<unknown>HIDDEN2
                                                                  _stdio_openlist.symtab0x805a9244OBJECT<unknown>DEFAULT11
                                                                  _stdio_openlist_add_lock.symtab0x805abcc12OBJECT<unknown>DEFAULT12
                                                                  _stdio_openlist_dec_use.symtab0x8051b90329FUNC<unknown>HIDDEN2
                                                                  _stdio_openlist_del_count.symtab0x805abe84OBJECT<unknown>DEFAULT12
                                                                  _stdio_openlist_del_lock.symtab0x805abd812OBJECT<unknown>DEFAULT12
                                                                  _stdio_openlist_use_count.symtab0x805abe44OBJECT<unknown>DEFAULT12
                                                                  _stdio_streams.symtab0x805a92c204OBJECT<unknown>DEFAULT11
                                                                  _stdio_term.symtab0x8050d88218FUNC<unknown>HIDDEN2
                                                                  _stdio_user_locking.symtab0x805a9284OBJECT<unknown>DEFAULT11
                                                                  _stdlib_strto_l.symtab0x8053c70291FUNC<unknown>HIDDEN2
                                                                  _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _store_inttype.symtab0x805556c61FUNC<unknown>HIDDEN2
                                                                  _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _string_syserrmsgs.symtab0x8057f782906OBJECT<unknown>HIDDEN4
                                                                  _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _uintmaxtostr.symtab0x80555ac228FUNC<unknown>HIDDEN2
                                                                  _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _vfprintf_internal.symtab0x8050f321569FUNC<unknown>HIDDEN2
                                                                  _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  abort.symtab0x80537e8208FUNC<unknown>DEFAULT2
                                                                  abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  accept.symtab0x805235491FUNC<unknown>DEFAULT2
                                                                  accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  anti_gdb_entry.symtab0x804dda011FUNC<unknown>DEFAULT2
                                                                  atoi.symtab0x8053c4020FUNC<unknown>DEFAULT2
                                                                  atol.symtab0x8053c4020FUNC<unknown>DEFAULT2
                                                                  atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  attack_get_opt_int.symtab0x80485b0120FUNC<unknown>DEFAULT2
                                                                  attack_get_opt_ip.symtab0x8048540112FUNC<unknown>DEFAULT2
                                                                  attack_get_opt_str.symtab0x80481b092FUNC<unknown>DEFAULT2
                                                                  attack_init.symtab0x80486301274FUNC<unknown>DEFAULT2
                                                                  attack_nudp.symtab0x804d0701856FUNC<unknown>DEFAULT2
                                                                  attack_parse.symtab0x80482e0602FUNC<unknown>DEFAULT2
                                                                  attack_start.symtab0x8048210208FUNC<unknown>DEFAULT2
                                                                  attack_tcp_ack.symtab0x804ae801797FUNC<unknown>DEFAULT2
                                                                  attack_tcp_bypass.symtab0x804c520912FUNC<unknown>DEFAULT2
                                                                  attack_tcp_psh.symtab0x804a7501839FUNC<unknown>DEFAULT2
                                                                  attack_tcp_stomp.symtab0x804c8b01979FUNC<unknown>DEFAULT2
                                                                  attack_tcp_syn.symtab0x804b5901653FUNC<unknown>DEFAULT2
                                                                  attack_tcp_wra.symtab0x804bc102315FUNC<unknown>DEFAULT2
                                                                  attack_udp_an.symtab0x80498001088FUNC<unknown>DEFAULT2
                                                                  attack_udp_bypass.symtab0x804a0e0645FUNC<unknown>DEFAULT2
                                                                  attack_udp_custom.symtab0x8049c401179FUNC<unknown>DEFAULT2
                                                                  attack_udp_hex.symtab0x80493d01065FUNC<unknown>DEFAULT2
                                                                  attack_udp_plain.symtab0x804a370987FUNC<unknown>DEFAULT2
                                                                  attack_udp_random.symtab0x8048b301113FUNC<unknown>DEFAULT2
                                                                  attack_udp_str.symtab0x8048f901088FUNC<unknown>DEFAULT2
                                                                  attacks.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  been_there_done_that.symtab0x805cbf81OBJECT<unknown>DEFAULT12
                                                                  bind.symtab0x80523b043FUNC<unknown>DEFAULT2
                                                                  bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  brk.symtab0x8054a6844FUNC<unknown>DEFAULT2
                                                                  brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  bsd_signal.symtab0x8052714143FUNC<unknown>DEFAULT2
                                                                  calloc.symtab0x8052fe8245FUNC<unknown>DEFAULT2
                                                                  calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  checkDevice.symtab0x804dd20113FUNC<unknown>DEFAULT2
                                                                  check_real_path.symtab0x804d970309FUNC<unknown>DEFAULT2
                                                                  checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  checksum_generic.symtab0x804d7b064FUNC<unknown>DEFAULT2
                                                                  checksum_tcpudp.symtab0x804d7f0149FUNC<unknown>DEFAULT2
                                                                  clock.symtab0x805074c36FUNC<unknown>DEFAULT2
                                                                  clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  close.symtab0x805452080FUNC<unknown>DEFAULT2
                                                                  closedir.symtab0x8050440138FUNC<unknown>DEFAULT2
                                                                  closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  completed.4963.symtab0x805ab201OBJECT<unknown>DEFAULT12
                                                                  connect.symtab0x80523dc91FUNC<unknown>DEFAULT2
                                                                  connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  ensure_single_instance.symtab0x804ddb0375FUNC<unknown>DEFAULT2
                                                                  entries.symtab0x805d6a04OBJECT<unknown>DEFAULT12
                                                                  environ.symtab0x805d14c4OBJECT<unknown>DEFAULT12
                                                                  errno.symtab0x04TLS<unknown>DEFAULT6
                                                                  errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  exit.symtab0x8053d94106FUNC<unknown>DEFAULT2
                                                                  exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  exp10_table.symtab0x8059210156OBJECT<unknown>DEFAULT4
                                                                  fclose.symtab0x8050770399FUNC<unknown>DEFAULT2
                                                                  fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fcntl.symtab0x804feaa156FUNC<unknown>DEFAULT2
                                                                  fd_ctrl.symtab0x805a8a84OBJECT<unknown>DEFAULT11
                                                                  fd_serv.symtab0x805a8ac4OBJECT<unknown>DEFAULT11
                                                                  fd_to_DIR.symtab0x80504cc146FUNC<unknown>DEFAULT2
                                                                  fdopendir.symtab0x80505e7114FUNC<unknown>DEFAULT2
                                                                  fflush_unlocked.symtab0x8051cd9472FUNC<unknown>DEFAULT2
                                                                  fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fgetc.symtab0x8055c48157FUNC<unknown>DEFAULT2
                                                                  fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fgetc_unlocked.symtab0x8055d8c220FUNC<unknown>DEFAULT2
                                                                  fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fgets.symtab0x8055cfc123FUNC<unknown>DEFAULT2
                                                                  fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fgets_unlocked.symtab0x8055e68107FUNC<unknown>DEFAULT2
                                                                  fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fmt.symtab0x80591f020OBJECT<unknown>DEFAULT4
                                                                  fopen.symtab0x805095824FUNC<unknown>DEFAULT2
                                                                  fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fork.symtab0x8054180524FUNC<unknown>DEFAULT2
                                                                  fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fork_handler_pool.symtab0x805cc041348OBJECT<unknown>DEFAULT12
                                                                  fputs_unlocked.symtab0x8051f4c49FUNC<unknown>DEFAULT2
                                                                  fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  frame_dummy.symtab0x80481300FUNC<unknown>DEFAULT2
                                                                  free.symtab0x8053627415FUNC<unknown>DEFAULT2
                                                                  free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fseek.symtab0x80564b827FUNC<unknown>DEFAULT2
                                                                  fseeko.symtab0x80564b827FUNC<unknown>DEFAULT2
                                                                  fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fseeko64.symtab0x80564d4263FUNC<unknown>DEFAULT2
                                                                  fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fstat.symtab0x8054bec75FUNC<unknown>DEFAULT2
                                                                  fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  fwrite_unlocked.symtab0x8051f80119FUNC<unknown>DEFAULT2
                                                                  fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getc.symtab0x8055c48157FUNC<unknown>DEFAULT2
                                                                  getc_unlocked.symtab0x8055d8c220FUNC<unknown>DEFAULT2
                                                                  getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getdtablesize.symtab0x8054cc437FUNC<unknown>DEFAULT2
                                                                  getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getegid.symtab0x8054cec8FUNC<unknown>DEFAULT2
                                                                  getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  geteuid.symtab0x8054cf48FUNC<unknown>DEFAULT2
                                                                  geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getgid.symtab0x8054cfc8FUNC<unknown>DEFAULT2
                                                                  getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getpagesize.symtab0x8054d0417FUNC<unknown>DEFAULT2
                                                                  getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getpid.symtab0x80543ac49FUNC<unknown>DEFAULT2
                                                                  getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getppid.symtab0x804ff488FUNC<unknown>DEFAULT2
                                                                  getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getrlimit.symtab0x8054d1843FUNC<unknown>DEFAULT2
                                                                  getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getsockname.symtab0x805243843FUNC<unknown>DEFAULT2
                                                                  getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getsockopt.symtab0x805246459FUNC<unknown>DEFAULT2
                                                                  getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  getuid.symtab0x8054d448FUNC<unknown>DEFAULT2
                                                                  getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  goodbyeee.symtab0x804d94036FUNC<unknown>DEFAULT2
                                                                  h_errno.symtab0x44TLS<unknown>DEFAULT6
                                                                  huawei.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  index.symtab0x8055ed430FUNC<unknown>DEFAULT2
                                                                  inet_addr.symtab0x805232c37FUNC<unknown>DEFAULT2
                                                                  inet_aton.symtab0x805603c148FUNC<unknown>DEFAULT2
                                                                  inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  initKiller.symtab0x804dab0613FUNC<unknown>DEFAULT2
                                                                  init_static_tls.symtab0x80560d042FUNC<unknown>DEFAULT2
                                                                  initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  initstate.symtab0x805396187FUNC<unknown>DEFAULT2
                                                                  initstate_r.symtab0x8053b02155FUNC<unknown>DEFAULT2
                                                                  ioctl.symtab0x804ff50142FUNC<unknown>DEFAULT2
                                                                  ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  isatty.symtab0x80522a829FUNC<unknown>DEFAULT2
                                                                  isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  kethead.symtab0x805a8c072OBJECT<unknown>DEFAULT11
                                                                  kill.symtab0x804ffe043FUNC<unknown>DEFAULT2
                                                                  kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  killer_pid.symtab0x805ab444OBJECT<unknown>DEFAULT12
                                                                  libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  listen.symtab0x80524a035FUNC<unknown>DEFAULT2
                                                                  listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  local_bind.5475.symtab0x805a9081OBJECT<unknown>DEFAULT11
                                                                  lseek.symtab0x8054d4c47FUNC<unknown>DEFAULT2
                                                                  lseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  lseek64.symtab0x80567cc85FUNC<unknown>DEFAULT2
                                                                  main.symtab0x804dfc02255FUNC<unknown>DEFAULT2
                                                                  main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  main_pid.symtab0x805d6a44OBJECT<unknown>DEFAULT12
                                                                  malloc.symtab0x805282e1975FUNC<unknown>DEFAULT2
                                                                  malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  malloc_trim.symtab0x80537c634FUNC<unknown>DEFAULT2
                                                                  memcpy.symtab0x8051ff841FUNC<unknown>DEFAULT2
                                                                  memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  memmove.symtab0x805202437FUNC<unknown>DEFAULT2
                                                                  memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  memory.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  mempcpy.symtab0x80567a833FUNC<unknown>DEFAULT2
                                                                  mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  memrchr.symtab0x8055f2c177FUNC<unknown>DEFAULT2
                                                                  memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  memset.symtab0x805204c50FUNC<unknown>DEFAULT2
                                                                  memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  methods.symtab0x805ab404OBJECT<unknown>DEFAULT12
                                                                  methods_len.symtab0x805ab3c1OBJECT<unknown>DEFAULT12
                                                                  mkdir.symtab0x805000c43FUNC<unknown>DEFAULT2
                                                                  mkdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  mmap.symtab0x8054b2827FUNC<unknown>DEFAULT2
                                                                  mntdir.symtab0x804d8e085FUNC<unknown>DEFAULT2
                                                                  mount.symtab0x805003859FUNC<unknown>DEFAULT2
                                                                  mount.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  mremap.symtab0x8054d7c59FUNC<unknown>DEFAULT2
                                                                  mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  munmap.symtab0x8054db843FUNC<unknown>DEFAULT2
                                                                  munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  mylock.symtab0x805aa1424OBJECT<unknown>DEFAULT11
                                                                  mylock.symtab0x805aa2c24OBJECT<unknown>DEFAULT11
                                                                  nanosleep.symtab0x8054e0d61FUNC<unknown>DEFAULT2
                                                                  nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  nprocessors_onln.symtab0x8053e00221FUNC<unknown>DEFAULT2
                                                                  object.4975.symtab0x805ab2424OBJECT<unknown>DEFAULT12
                                                                  open.symtab0x805457091FUNC<unknown>DEFAULT2
                                                                  opendir.symtab0x805055e137FUNC<unknown>DEFAULT2
                                                                  opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  p.4961.symtab0x805a8a40OBJECT<unknown>DEFAULT11
                                                                  parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  pending_connection.symtab0x805abb81OBJECT<unknown>DEFAULT12
                                                                  prctl.symtab0x805007459FUNC<unknown>DEFAULT2
                                                                  prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  prefix.6616.symtab0x8057ed012OBJECT<unknown>DEFAULT4
                                                                  program_invocation_name.symtab0x805aaf84OBJECT<unknown>DEFAULT11
                                                                  program_invocation_short_name.symtab0x805aaf44OBJECT<unknown>DEFAULT11
                                                                  pseudo_cancel.symtab0x80545450NOTYPE<unknown>DEFAULT2
                                                                  pseudo_cancel.symtab0x805459b0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_cancel.symtab0x80545fb0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_cancel.symtab0x805465b0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_end.symtab0x805456f0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_end.symtab0x80545ca0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_end.symtab0x805462a0NOTYPE<unknown>DEFAULT2
                                                                  pseudo_end.symtab0x805468a0NOTYPE<unknown>DEFAULT2
                                                                  qual_chars.6625.symtab0x8057ee420OBJECT<unknown>DEFAULT4
                                                                  raise.symtab0x80543e0101FUNC<unknown>DEFAULT2
                                                                  raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  rand.symtab0x80538b85FUNC<unknown>DEFAULT2
                                                                  rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  rand_init.symtab0x804e8d066FUNC<unknown>DEFAULT2
                                                                  rand_next.symtab0x804e89064FUNC<unknown>DEFAULT2
                                                                  rand_str.symtab0x804e920220FUNC<unknown>DEFAULT2
                                                                  random.symtab0x80538c072FUNC<unknown>DEFAULT2
                                                                  random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  random_poly_info.symtab0x8058ad410OBJECT<unknown>DEFAULT4
                                                                  random_r.symtab0x80539fc94FUNC<unknown>DEFAULT2
                                                                  random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  randtbl.symtab0x805aa58128OBJECT<unknown>DEFAULT11
                                                                  read.symtab0x805463091FUNC<unknown>DEFAULT2
                                                                  readdir.symtab0x805065c132FUNC<unknown>DEFAULT2
                                                                  readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  readdir64.symtab0x8054e5c134FUNC<unknown>DEFAULT2
                                                                  readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  readlink.symtab0x80500b047FUNC<unknown>DEFAULT2
                                                                  readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  realloc.symtab0x80530e0824FUNC<unknown>DEFAULT2
                                                                  realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  recv.symtab0x80524c499FUNC<unknown>DEFAULT2
                                                                  recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  recvfrom.symtab0x8052528115FUNC<unknown>DEFAULT2
                                                                  recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  resolv_entries_free.symtab0x804ea0045FUNC<unknown>DEFAULT2
                                                                  resolv_lookup.symtab0x804ea301281FUNC<unknown>DEFAULT2
                                                                  resolve_cnc_addr.symtab0x804df30134FUNC<unknown>DEFAULT2
                                                                  resolve_func.symtab0x805a8b04OBJECT<unknown>DEFAULT11
                                                                  rewinddir.symtab0x80506e089FUNC<unknown>DEFAULT2
                                                                  rewinddir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  rindex.symtab0x8055f1026FUNC<unknown>DEFAULT2
                                                                  sbrk.symtab0x80500e078FUNC<unknown>DEFAULT2
                                                                  sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  scanner.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  select.symtab0x8050169113FUNC<unknown>DEFAULT2
                                                                  select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  send.symtab0x805259c99FUNC<unknown>DEFAULT2
                                                                  send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sendto.symtab0x8052600115FUNC<unknown>DEFAULT2
                                                                  sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  setsid.symtab0x80501dc31FUNC<unknown>DEFAULT2
                                                                  setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  setsockopt.symtab0x805267459FUNC<unknown>DEFAULT2
                                                                  setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  setstate.symtab0x805390889FUNC<unknown>DEFAULT2
                                                                  setstate_r.symtab0x8053b9d161FUNC<unknown>DEFAULT2
                                                                  sigaction.symtab0x8054ab381FUNC<unknown>DEFAULT2
                                                                  sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sigaddset.symtab0x80526dc34FUNC<unknown>DEFAULT2
                                                                  sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sigemptyset.symtab0x805270020FUNC<unknown>DEFAULT2
                                                                  signal.symtab0x8052714143FUNC<unknown>DEFAULT2
                                                                  signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sigprocmask.symtab0x80501fc101FUNC<unknown>DEFAULT2
                                                                  sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sleep.symtab0x8054448204FUNC<unknown>DEFAULT2
                                                                  sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  snprintf.symtab0x805097033FUNC<unknown>DEFAULT2
                                                                  snprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  socket.symtab0x80526b043FUNC<unknown>DEFAULT2
                                                                  socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  spec_and_mask.6624.symtab0x8057ef816OBJECT<unknown>DEFAULT4
                                                                  spec_base.6615.symtab0x8057edc7OBJECT<unknown>DEFAULT4
                                                                  spec_chars.6621.symtab0x8057f4821OBJECT<unknown>DEFAULT4
                                                                  spec_flags.6620.symtab0x8057f608OBJECT<unknown>DEFAULT4
                                                                  spec_or_mask.6623.symtab0x8057f0816OBJECT<unknown>DEFAULT4
                                                                  spec_ranges.6622.symtab0x8057f189OBJECT<unknown>DEFAULT4
                                                                  srand.symtab0x80539b867FUNC<unknown>DEFAULT2
                                                                  srandom.symtab0x80539b867FUNC<unknown>DEFAULT2
                                                                  srandom_r.symtab0x8053a5a168FUNC<unknown>DEFAULT2
                                                                  srv_addr.symtab0x805d6a816OBJECT<unknown>DEFAULT12
                                                                  stat.symtab0x805026475FUNC<unknown>DEFAULT2
                                                                  stat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  stat_t.symtab0x805ab6088OBJECT<unknown>DEFAULT12
                                                                  static_dtv.symtab0x805d160512OBJECT<unknown>DEFAULT12
                                                                  static_map.symtab0x805d66852OBJECT<unknown>DEFAULT12
                                                                  static_slotinfo.symtab0x805d360776OBJECT<unknown>DEFAULT12
                                                                  stderr.symtab0x805a9184OBJECT<unknown>DEFAULT11
                                                                  stdin.symtab0x805a9104OBJECT<unknown>DEFAULT11
                                                                  stdout.symtab0x805a9144OBJECT<unknown>DEFAULT11
                                                                  strcat.symtab0x805208035FUNC<unknown>DEFAULT2
                                                                  strcat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strchr.symtab0x8055ed430FUNC<unknown>DEFAULT2
                                                                  strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strchrnul.symtab0x8055ef425FUNC<unknown>DEFAULT2
                                                                  strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strcmp.symtab0x80520a429FUNC<unknown>DEFAULT2
                                                                  strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strcoll.symtab0x80520a429FUNC<unknown>DEFAULT2
                                                                  strcspn.symtab0x8055fe048FUNC<unknown>DEFAULT2
                                                                  strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strerror_r.symtab0x80521d8206FUNC<unknown>DEFAULT2
                                                                  strlen.symtab0x80520c419FUNC<unknown>DEFAULT2
                                                                  strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strnlen.symtab0x80520d824FUNC<unknown>DEFAULT2
                                                                  strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strrchr.symtab0x8055f1026FUNC<unknown>DEFAULT2
                                                                  strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strspn.symtab0x805601042FUNC<unknown>DEFAULT2
                                                                  strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strstr.symtab0x80520f0197FUNC<unknown>DEFAULT2
                                                                  strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  strtol.symtab0x8053c5426FUNC<unknown>DEFAULT2
                                                                  strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  sysconf.symtab0x8053edd543FUNC<unknown>DEFAULT2
                                                                  sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  table.symtab0x805d6c0464OBJECT<unknown>DEFAULT12
                                                                  table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  table_init.symtab0x804f0502977FUNC<unknown>DEFAULT2
                                                                  table_key.symtab0x805a90c4OBJECT<unknown>DEFAULT11
                                                                  table_lock_val.symtab0x804ef70104FUNC<unknown>DEFAULT2
                                                                  table_retrieve_val.symtab0x804ef4034FUNC<unknown>DEFAULT2
                                                                  table_unlock_val.symtab0x804efe0104FUNC<unknown>DEFAULT2
                                                                  tcgetattr.symtab0x80522c899FUNC<unknown>DEFAULT2
                                                                  tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  time.symtab0x80502b016FUNC<unknown>DEFAULT2
                                                                  time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  times.symtab0x8054e4c16FUNC<unknown>DEFAULT2
                                                                  times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  type_codes.symtab0x8057f2424OBJECT<unknown>DEFAULT4
                                                                  type_sizes.symtab0x8057f3c12OBJECT<unknown>DEFAULT4
                                                                  umount.symtab0x80502c039FUNC<unknown>DEFAULT2
                                                                  umount.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  uname.symtab0x80502e839FUNC<unknown>DEFAULT2
                                                                  uname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  unknown.1636.symtab0x8057f6814OBJECT<unknown>DEFAULT4
                                                                  unsafe_state.symtab0x805aa4420OBJECT<unknown>DEFAULT11
                                                                  usleep.symtab0x80540fc48FUNC<unknown>DEFAULT2
                                                                  usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  util_atoi.symtab0x804fcb0264FUNC<unknown>DEFAULT2
                                                                  util_local_addr.symtab0x804fdc0145FUNC<unknown>DEFAULT2
                                                                  util_memcpy.symtab0x804fc6037FUNC<unknown>DEFAULT2
                                                                  util_strcpy.symtab0x804fc2059FUNC<unknown>DEFAULT2
                                                                  util_strlen.symtab0x804fc0027FUNC<unknown>DEFAULT2
                                                                  util_zero.symtab0x804fc9029FUNC<unknown>DEFAULT2
                                                                  validateMnt.symtab0x804d89073FUNC<unknown>DEFAULT2
                                                                  vsnprintf.symtab0x8050994172FUNC<unknown>DEFAULT2
                                                                  vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  w.symtab0x805abc84OBJECT<unknown>DEFAULT12
                                                                  wcrtomb.symtab0x80551e869FUNC<unknown>DEFAULT2
                                                                  wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  wcsnrtombs.symtab0x8055250131FUNC<unknown>DEFAULT2
                                                                  wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  wcsrtombs.symtab0x805523030FUNC<unknown>DEFAULT2
                                                                  wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  write.symtab0x80545d091FUNC<unknown>DEFAULT2
                                                                  x.symtab0x805abbc4OBJECT<unknown>DEFAULT12
                                                                  xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                  y.symtab0x805abc04OBJECT<unknown>DEFAULT12
                                                                  z.symtab0x805abc44OBJECT<unknown>DEFAULT12

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                                  2024-08-21T21:15:06.212809+0200TCP2030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)14568451237192.168.2.23185.196.9.5

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Aug 21, 2024 21:15:06.202019930 CEST4568451237192.168.2.23185.196.9.5
                                                                  Aug 21, 2024 21:15:06.206875086 CEST5123745684185.196.9.5192.168.2.23
                                                                  Aug 21, 2024 21:15:06.206932068 CEST4568451237192.168.2.23185.196.9.5
                                                                  Aug 21, 2024 21:15:06.209065914 CEST4433360654.171.230.55192.168.2.23
                                                                  Aug 21, 2024 21:15:06.209233046 CEST33606443192.168.2.2354.171.230.55
                                                                  Aug 21, 2024 21:15:06.212809086 CEST4568451237192.168.2.23185.196.9.5
                                                                  Aug 21, 2024 21:15:06.214082003 CEST4433360654.171.230.55192.168.2.23
                                                                  Aug 21, 2024 21:15:06.217631102 CEST5123745684185.196.9.5192.168.2.23
                                                                  Aug 21, 2024 21:15:06.637958050 CEST4568451237192.168.2.23185.196.9.5
                                                                  Aug 21, 2024 21:15:06.693814993 CEST5123745684185.196.9.5192.168.2.23
                                                                  Aug 21, 2024 21:15:07.866693020 CEST43928443192.168.2.2391.189.91.42
                                                                  Aug 21, 2024 21:15:13.497898102 CEST42836443192.168.2.2391.189.91.43
                                                                  Aug 21, 2024 21:15:15.033699989 CEST4251680192.168.2.23109.202.202.202
                                                                  Aug 21, 2024 21:15:27.598730087 CEST5123745684185.196.9.5192.168.2.23
                                                                  Aug 21, 2024 21:15:27.598829985 CEST4568451237192.168.2.23185.196.9.5
                                                                  Aug 21, 2024 21:15:28.343852043 CEST43928443192.168.2.2391.189.91.42
                                                                  Aug 21, 2024 21:15:40.630208015 CEST42836443192.168.2.2391.189.91.43
                                                                  Aug 21, 2024 21:15:44.725719929 CEST4251680192.168.2.23109.202.202.202
                                                                  Aug 21, 2024 21:16:09.298167944 CEST43928443192.168.2.2391.189.91.42

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Aug 21, 2024 21:15:06.193114042 CEST3452353192.168.2.238.8.8.8
                                                                  Aug 21, 2024 21:15:06.199883938 CEST53345238.8.8.8192.168.2.23

                                                                  ICMP Packets

                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                  Aug 21, 2024 21:15:16.153904915 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                                                  Aug 21, 2024 21:16:36.164365053 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Aug 21, 2024 21:15:06.193114042 CEST192.168.2.238.8.8.80x852eStandard query (0)fdh32fsdfhs.shopA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Aug 21, 2024 21:15:06.199883938 CEST8.8.8.8192.168.2.230x852eNo error (0)fdh32fsdfhs.shop185.196.9.5A (IP address)IN (0x0001)false

                                                                  System Behavior

                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/tmp/i686.elf
                                                                  Arguments:/tmp/i686.elf
                                                                  File size:98176 bytes
                                                                  MD5 hash:d9440f53222512a031ff253d32d468a4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/tmp/i686.elf
                                                                  Arguments:-
                                                                  File size:98176 bytes
                                                                  MD5 hash:d9440f53222512a031ff253d32d468a4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/tmp/i686.elf
                                                                  Arguments:-
                                                                  File size:98176 bytes
                                                                  MD5 hash:d9440f53222512a031ff253d32d468a4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/udisks2/udisksd
                                                                  Arguments:-
                                                                  File size:483056 bytes
                                                                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/dumpe2fs
                                                                  Arguments:dumpe2fs -h /dev/dm-0
                                                                  File size:31112 bytes
                                                                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/dash
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/rm
                                                                  Arguments:rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1
                                                                  File size:72056 bytes
                                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-wacom
                                                                  Arguments:/usr/libexec/gsd-wacom
                                                                  File size:39520 bytes
                                                                  MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-color
                                                                  Arguments:/usr/libexec/gsd-color
                                                                  File size:92832 bytes
                                                                  MD5 hash:ac2861ad93ce047283e8e87cefef9a19

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/upower/upowerd
                                                                  Arguments:/usr/lib/upower/upowerd
                                                                  File size:260328 bytes
                                                                  MD5 hash:1253eea2fe5fe4017069664284e326cd

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/dash
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/rm
                                                                  Arguments:rm -f /tmp/tmp.kaw6UEYGUq /tmp/tmp.SwuerW1u9Y /tmp/tmp.kVyVX6YEb1
                                                                  File size:72056 bytes
                                                                  MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-sharing
                                                                  Arguments:/usr/libexec/gsd-sharing
                                                                  File size:35424 bytes
                                                                  MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-print-notifications
                                                                  Arguments:/usr/libexec/gsd-print-notifications
                                                                  File size:51840 bytes
                                                                  MD5 hash:71539698aa691718cee775d6b9450ae2

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:10
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-print-notifications
                                                                  Arguments:-
                                                                  File size:51840 bytes
                                                                  MD5 hash:71539698aa691718cee775d6b9450ae2

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:10
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-print-notifications
                                                                  Arguments:-
                                                                  File size:51840 bytes
                                                                  MD5 hash:71539698aa691718cee775d6b9450ae2

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:11
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-printer
                                                                  Arguments:/usr/libexec/gsd-printer
                                                                  File size:31120 bytes
                                                                  MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/udisks2/udisksd
                                                                  Arguments:-
                                                                  File size:483056 bytes
                                                                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/dumpe2fs
                                                                  Arguments:dumpe2fs -h /dev/dm-0
                                                                  File size:31112 bytes
                                                                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-keyboard
                                                                  Arguments:/usr/libexec/gsd-keyboard
                                                                  File size:39760 bytes
                                                                  MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/gdm3/gdm-session-worker
                                                                  Arguments:-
                                                                  File size:293360 bytes
                                                                  MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/etc/gdm3/PostSession/Default
                                                                  Arguments:/etc/gdm3/PostSession/Default
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-rfkill
                                                                  Arguments:/usr/libexec/gsd-rfkill
                                                                  File size:51808 bytes
                                                                  MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:05
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-smartcard
                                                                  Arguments:/usr/libexec/gsd-smartcard
                                                                  File size:109152 bytes
                                                                  MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/gdm3
                                                                  Arguments:-
                                                                  File size:453296 bytes
                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-datetime
                                                                  Arguments:/usr/libexec/gsd-datetime
                                                                  File size:76736 bytes
                                                                  MD5 hash:d80d39745740de37d6634d36e344d4bc

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-media-keys
                                                                  Arguments:/usr/libexec/gsd-media-keys
                                                                  File size:232936 bytes
                                                                  MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/udisks2/udisksd
                                                                  Arguments:-
                                                                  File size:483056 bytes
                                                                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/dumpe2fs
                                                                  Arguments:dumpe2fs -h /dev/dm-0
                                                                  File size:31112 bytes
                                                                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-screensaver-proxy
                                                                  Arguments:/usr/libexec/gsd-screensaver-proxy
                                                                  File size:27232 bytes
                                                                  MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-sound
                                                                  Arguments:/usr/libexec/gsd-sound
                                                                  File size:31248 bytes
                                                                  MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-a11y-settings
                                                                  Arguments:/usr/libexec/gsd-a11y-settings
                                                                  File size:23056 bytes
                                                                  MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-housekeeping
                                                                  Arguments:/usr/libexec/gsd-housekeeping
                                                                  File size:51840 bytes
                                                                  MD5 hash:b55f3394a84976ddb92a2915e5d76914

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gnome-session-binary
                                                                  Arguments:-
                                                                  File size:334664 bytes
                                                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:06
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/gsd-power
                                                                  Arguments:/usr/libexec/gsd-power
                                                                  File size:88672 bytes
                                                                  MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/xorg/Xorg
                                                                  Arguments:-
                                                                  File size:2448840 bytes
                                                                  MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/xkbcomp
                                                                  Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                                                                  File size:217184 bytes
                                                                  MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/udisks2/udisksd
                                                                  Arguments:-
                                                                  File size:483056 bytes
                                                                  MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:07
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/dumpe2fs
                                                                  Arguments:dumpe2fs -h /dev/dm-0
                                                                  File size:31112 bytes
                                                                  MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:09
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:09
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/lib/systemd/systemd-user-runtime-dir
                                                                  Arguments:/lib/systemd/systemd-user-runtime-dir stop 1000
                                                                  File size:22672 bytes
                                                                  MD5 hash:d55f4b0847f88131dbcfb07435178e54

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:10
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:10
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/lib/systemd/systemd-hostnamed
                                                                  Arguments:/lib/systemd/systemd-hostnamed
                                                                  File size:35040 bytes
                                                                  MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:12
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/xorg/Xorg
                                                                  Arguments:-
                                                                  File size:2448840 bytes
                                                                  MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:12
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:12
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:12
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/xkbcomp
                                                                  Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                                                                  File size:217184 bytes
                                                                  MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:13
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/dbus-daemon
                                                                  Arguments:-
                                                                  File size:249032 bytes
                                                                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:13
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/false
                                                                  Arguments:/bin/false
                                                                  File size:39256 bytes
                                                                  MD5 hash:3177546c74e4f0062909eae43d948bfc

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:18
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:18
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/colord
                                                                  Arguments:/usr/libexec/colord
                                                                  File size:346632 bytes
                                                                  MD5 hash:70861d1b2818c9279cd4a5c9035dac1f

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:24
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/colord
                                                                  Arguments:-
                                                                  File size:346632 bytes
                                                                  MD5 hash:70861d1b2818c9279cd4a5c9035dac1f

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:24
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/libexec/colord-sane
                                                                  Arguments:/usr/libexec/colord-sane
                                                                  File size:18736 bytes
                                                                  MD5 hash:5f98d754a07bf1385c3ff001cde3882e

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:18
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:18
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/accountsservice/accounts-daemon
                                                                  Arguments:/usr/lib/accountsservice/accounts-daemon
                                                                  File size:203192 bytes
                                                                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/accountsservice/accounts-daemon
                                                                  Arguments:-
                                                                  File size:203192 bytes
                                                                  MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/share/language-tools/language-validate
                                                                  Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/share/language-tools/language-validate
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/share/language-tools/language-options
                                                                  Arguments:/usr/share/language-tools/language-options
                                                                  File size:3478464 bytes
                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/share/language-tools/language-options
                                                                  Arguments:-
                                                                  File size:3478464 bytes
                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:21
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:sh -c "locale -a | grep -F .utf8 "
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:22
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:22
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/locale
                                                                  Arguments:locale -a
                                                                  File size:58944 bytes
                                                                  MD5 hash:c72a78792469db86d91369c9057f20d2

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:22
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/bin/sh
                                                                  Arguments:-
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:22
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/bin/grep
                                                                  Arguments:grep -F .utf8
                                                                  File size:199136 bytes
                                                                  MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:25
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/lib/systemd/systemd
                                                                  Arguments:-
                                                                  File size:1620224 bytes
                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:25
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/lib/systemd/systemd-localed
                                                                  Arguments:/lib/systemd/systemd-localed
                                                                  File size:43232 bytes
                                                                  MD5 hash:1244af9646256d49594f2a8203329aa9

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:26
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/gdm3
                                                                  Arguments:-
                                                                  File size:453296 bytes
                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:26
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:26
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/usr/sbin/gdm3
                                                                  Arguments:-
                                                                  File size:453296 bytes
                                                                  MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):19:15:26
                                                                  Start date (UTC):21/08/2024
                                                                  Path:/etc/gdm3/PrimeOff/Default
                                                                  Arguments:/etc/gdm3/PrimeOff/Default
                                                                  File size:129816 bytes
                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                  Chronological Activities