Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report
yakuza.i586.elf

Overview

General Information

Sample name:yakuza.i586.elf
Analysis ID:1550194
MD5:da72e6333e06ec39df537436be9e69ca
SHA1:93da13060c76a396195faeff280afc0bfe4fc312
SHA256:f87003a2186bcd4c9e3a3582a8bbc884e48e3faf6f4398463ed254cf257a0456
Tags:elfuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Uses IRC for communication with a C&C
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are user agent strings indicative of HTTP manipulation
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1550194
Start date and time:2024-11-06 15:17:54 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 42s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:yakuza.i586.elf
Detection:MAL
Classification:mal68.troj.linELF@0/0@0/0
  • Report size exceeded maximum capacity and may have missing behavior information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: yakuza.i586.elf

Runtime Messages

Command:/tmp/yakuza.i586.elf
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
CAPSAICIN
Standard Error:

Process Tree

  • system is lnxubuntu20
  • yakuza.i586.elf (PID: 6223, Parent: 6147, MD5: da72e6333e06ec39df537436be9e69ca) Arguments: /tmp/yakuza.i586.elf
    • yakuza.i586.elf New Fork (PID: 6224, Parent: 6223)
      • sh (PID: 6227, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
        • sh New Fork (PID: 6228, Parent: 6227)
        • pkill (PID: 6228, Parent: 6227, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 902i13
        • sh New Fork (PID: 6229, Parent: 6227)
        • busybox (PID: 6229, Parent: 6227, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 902i13
      • sh (PID: 6230, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
        • sh New Fork (PID: 6231, Parent: 6230)
        • pkill (PID: 6231, Parent: 6230, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 BzSxLxBxeY
        • sh New Fork (PID: 6234, Parent: 6230)
        • busybox (PID: 6234, Parent: 6230, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 BzSxLxBxeY
      • sh (PID: 6235, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
        • sh New Fork (PID: 6236, Parent: 6235)
        • pkill (PID: 6236, Parent: 6235, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-LUGO7
        • sh New Fork (PID: 6237, Parent: 6235)
        • busybox (PID: 6237, Parent: 6235, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-LUGO7
      • sh (PID: 6238, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
        • sh New Fork (PID: 6239, Parent: 6238)
        • pkill (PID: 6239, Parent: 6238, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-U79OL
        • sh New Fork (PID: 6242, Parent: 6238)
        • busybox (PID: 6242, Parent: 6238, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-U79OL
      • sh (PID: 6244, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
        • sh New Fork (PID: 6245, Parent: 6244)
        • pkill (PID: 6245, Parent: 6244, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 JuYfouyf87
        • sh New Fork (PID: 6246, Parent: 6244)
        • busybox (PID: 6246, Parent: 6244, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 JuYfouyf87
      • sh (PID: 6249, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        • sh New Fork (PID: 6250, Parent: 6249)
        • pkill (PID: 6250, Parent: 6249, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd
        • sh New Fork (PID: 6251, Parent: 6249)
        • busybox (PID: 6251, Parent: 6249, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd
      • sh (PID: 6252, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
        • sh New Fork (PID: 6253, Parent: 6252)
        • pkill (PID: 6253, Parent: 6252, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SO190Ij1X
        • sh New Fork (PID: 6254, Parent: 6252)
        • busybox (PID: 6254, Parent: 6252, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SO190Ij1X
      • sh (PID: 6257, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
        • sh New Fork (PID: 6258, Parent: 6257)
        • pkill (PID: 6258, Parent: 6257, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 LOLKIKEEEDDE
        • sh New Fork (PID: 6259, Parent: 6257)
        • busybox (PID: 6259, Parent: 6257, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 LOLKIKEEEDDE
      • sh (PID: 6279, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
        • sh New Fork (PID: 6280, Parent: 6279)
        • pkill (PID: 6280, Parent: 6279, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ekjheory98e
        • sh New Fork (PID: 6281, Parent: 6279)
        • busybox (PID: 6281, Parent: 6279, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ekjheory98e
      • sh (PID: 6282, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
        • sh New Fork (PID: 6283, Parent: 6282)
        • pkill (PID: 6283, Parent: 6282, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scansh4
        • sh New Fork (PID: 6286, Parent: 6282)
        • busybox (PID: 6286, Parent: 6282, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scansh4
      • sh (PID: 6287, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
        • sh New Fork (PID: 6288, Parent: 6287)
        • pkill (PID: 6288, Parent: 6287, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MDMA
        • sh New Fork (PID: 6289, Parent: 6287)
        • busybox (PID: 6289, Parent: 6287, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MDMA
      • sh (PID: 6290, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
        • sh New Fork (PID: 6291, Parent: 6290)
        • pkill (PID: 6291, Parent: 6290, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 fdevalvex
        • sh New Fork (PID: 6294, Parent: 6290)
        • busybox (PID: 6294, Parent: 6290, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 fdevalvex
      • sh (PID: 6295, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
        • sh New Fork (PID: 6296, Parent: 6295)
        • pkill (PID: 6296, Parent: 6295, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanspc
        • sh New Fork (PID: 6297, Parent: 6295)
        • busybox (PID: 6297, Parent: 6295, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanspc
      • sh (PID: 6298, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
        • sh New Fork (PID: 6299, Parent: 6298)
        • pkill (PID: 6299, Parent: 6298, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MELTEDNINJAREALZ
        • sh New Fork (PID: 6302, Parent: 6298)
        • busybox (PID: 6302, Parent: 6298, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MELTEDNINJAREALZ
      • sh (PID: 6303, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
        • sh New Fork (PID: 6304, Parent: 6303)
        • pkill (PID: 6304, Parent: 6303, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 flexsonskids
        • sh New Fork (PID: 6305, Parent: 6303)
        • busybox (PID: 6305, Parent: 6303, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 flexsonskids
      • sh (PID: 6306, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
        • sh New Fork (PID: 6307, Parent: 6306)
        • pkill (PID: 6307, Parent: 6306, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanx86
        • sh New Fork (PID: 6310, Parent: 6306)
        • busybox (PID: 6310, Parent: 6306, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanx86
      • sh (PID: 6312, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
        • sh New Fork (PID: 6313, Parent: 6312)
        • pkill (PID: 6313, Parent: 6312, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MISAKI-U79OL
        • sh New Fork (PID: 6314, Parent: 6312)
        • busybox (PID: 6314, Parent: 6312, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MISAKI-U79OL
      • sh (PID: 6315, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
        • sh New Fork (PID: 6316, Parent: 6315)
        • pkill (PID: 6316, Parent: 6315, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 foAxi102kxe
        • sh New Fork (PID: 6319, Parent: 6315)
        • busybox (PID: 6319, Parent: 6315, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 foAxi102kxe
      • sh (PID: 6320, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
        • sh New Fork (PID: 6321, Parent: 6320)
        • pkill (PID: 6321, Parent: 6320, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 swodjwodjwoj
        • sh New Fork (PID: 6322, Parent: 6320)
        • busybox (PID: 6322, Parent: 6320, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 swodjwodjwoj
      • sh (PID: 6323, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
        • sh New Fork (PID: 6324, Parent: 6323)
        • pkill (PID: 6324, Parent: 6323, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MmKiy7f87l
        • sh New Fork (PID: 6327, Parent: 6323)
        • busybox (PID: 6327, Parent: 6323, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MmKiy7f87l
      • sh (PID: 6330, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
        • sh New Fork (PID: 6331, Parent: 6330)
        • pkill (PID: 6331, Parent: 6330, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 freecookiex86
        • sh New Fork (PID: 6332, Parent: 6330)
        • busybox (PID: 6332, Parent: 6330, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 freecookiex86
      • sh (PID: 6333, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
        • sh New Fork (PID: 6334, Parent: 6333)
        • pkill (PID: 6334, Parent: 6333, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysgpu
        • sh New Fork (PID: 6337, Parent: 6333)
        • busybox (PID: 6337, Parent: 6333, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysgpu
      • sh (PID: 6338, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        • sh New Fork (PID: 6339, Parent: 6338)
        • pkill (PID: 6339, Parent: 6338, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd
        • sh New Fork (PID: 6340, Parent: 6338)
        • busybox (PID: 6340, Parent: 6338, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd
      • sh (PID: 6341, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgege || busybox pkill -9 frgege"
        • sh New Fork (PID: 6342, Parent: 6341)
        • pkill (PID: 6342, Parent: 6341, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgege
        • sh New Fork (PID: 6345, Parent: 6341)
        • busybox (PID: 6345, Parent: 6341, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgege
      • sh (PID: 6346, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
        • sh New Fork (PID: 6347, Parent: 6346)
        • pkill (PID: 6347, Parent: 6346, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysupdater
        • sh New Fork (PID: 6350, Parent: 6346)
        • busybox (PID: 6350, Parent: 6346, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysupdater
      • sh (PID: 6351, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
        • sh New Fork (PID: 6352, Parent: 6351)
        • pkill (PID: 6352, Parent: 6351, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0DnAzepd
        • sh New Fork (PID: 6355, Parent: 6351)
        • busybox (PID: 6355, Parent: 6351, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0DnAzepd
      • sh (PID: 6356, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
        • sh New Fork (PID: 6357, Parent: 6356)
        • pkill (PID: 6357, Parent: 6356, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRD0nks69
        • sh New Fork (PID: 6359, Parent: 6356)
        • busybox (PID: 6359, Parent: 6356, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRD0nks69
      • sh (PID: 6360, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
        • sh New Fork (PID: 6361, Parent: 6360)
        • pkill (PID: 6361, Parent: 6360, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgreu
        • sh New Fork (PID: 6364, Parent: 6360)
        • busybox (PID: 6364, Parent: 6360, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgreu
      • sh (PID: 6365, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
        • sh New Fork (PID: 6366, Parent: 6365)
        • pkill (PID: 6366, Parent: 6365, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 telnetd
        • sh New Fork (PID: 6369, Parent: 6365)
        • busybox (PID: 6369, Parent: 6365, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 telnetd
      • sh (PID: 6370, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
        • sh New Fork (PID: 6371, Parent: 6370)
        • pkill (PID: 6371, Parent: 6370, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0x766f6964
        • sh New Fork (PID: 6372, Parent: 6370)
        • busybox (PID: 6372, Parent: 6370, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0x766f6964
      • sh (PID: 6373, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
        • sh New Fork (PID: 6374, Parent: 6373)
        • pkill (PID: 6374, Parent: 6373, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRd0nks1337
        • sh New Fork (PID: 6377, Parent: 6373)
        • busybox (PID: 6377, Parent: 6373, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRd0nks1337
      • sh (PID: 6378, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 gaft || busybox pkill -9 gaft"
        • sh New Fork (PID: 6379, Parent: 6378)
        • pkill (PID: 6379, Parent: 6378, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 gaft
        • sh New Fork (PID: 6382, Parent: 6378)
        • busybox (PID: 6382, Parent: 6378, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 gaft
      • sh (PID: 6383, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
        • sh New Fork (PID: 6384, Parent: 6383)
        • pkill (PID: 6384, Parent: 6383, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 urasgbsigboa
        • sh New Fork (PID: 6385, Parent: 6383)
        • busybox (PID: 6385, Parent: 6383, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 urasgbsigboa
      • sh (PID: 6386, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
        • sh New Fork (PID: 6387, Parent: 6386)
        • pkill (PID: 6387, Parent: 6386, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 120i3UI49
        • sh New Fork (PID: 6390, Parent: 6386)
        • busybox (PID: 6390, Parent: 6386, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 120i3UI49
      • sh (PID: 6391, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
        • sh New Fork (PID: 6392, Parent: 6391)
        • pkill (PID: 6392, Parent: 6391, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OaF3
        • sh New Fork (PID: 6395, Parent: 6391)
        • busybox (PID: 6395, Parent: 6391, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OaF3
      • sh (PID: 6398, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 geae || busybox pkill -9 geae"
        • sh New Fork (PID: 6399, Parent: 6398)
        • pkill (PID: 6399, Parent: 6398, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 geae
        • sh New Fork (PID: 6400, Parent: 6398)
        • busybox (PID: 6400, Parent: 6398, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 geae
      • sh (PID: 6403, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
        • sh New Fork (PID: 6404, Parent: 6403)
        • pkill (PID: 6404, Parent: 6403, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 vaiolmao
        • sh New Fork (PID: 6405, Parent: 6403)
        • busybox (PID: 6405, Parent: 6403, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 vaiolmao
      • sh (PID: 6406, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 123123a || busybox pkill -9 123123a"
        • sh New Fork (PID: 6407, Parent: 6406)
        • pkill (PID: 6407, Parent: 6406, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 123123a
        • sh New Fork (PID: 6410, Parent: 6406)
        • busybox (PID: 6410, Parent: 6406, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 123123a
      • sh (PID: 6411, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
        • sh New Fork (PID: 6412, Parent: 6411)
        • pkill (PID: 6412, Parent: 6411, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 Ofurain0n4H34D
        • sh New Fork (PID: 6415, Parent: 6411)
        • busybox (PID: 6415, Parent: 6411, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 Ofurain0n4H34D
      • sh (PID: 6418, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
        • sh New Fork (PID: 6419, Parent: 6418)
        • pkill (PID: 6419, Parent: 6418, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggTrex
        • sh New Fork (PID: 6420, Parent: 6418)
        • busybox (PID: 6420, Parent: 6418, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggTrex
      • sh (PID: 6421, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 wasads || busybox pkill -9 wasads"
        • sh New Fork (PID: 6422, Parent: 6421)
        • pkill (PID: 6422, Parent: 6421, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wasads
        • sh New Fork (PID: 6425, Parent: 6421)
        • busybox (PID: 6425, Parent: 6421, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wasads
      • sh (PID: 6426, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
        • sh New Fork (PID: 6427, Parent: 6426)
        • pkill (PID: 6427, Parent: 6426, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1293194hjXD
        • sh New Fork (PID: 6430, Parent: 6426)
        • busybox (PID: 6430, Parent: 6426, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1293194hjXD
      • sh (PID: 6431, Parent: 6224, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
        • sh New Fork (PID: 6432, Parent: 6431)
        • pkill (PID: 6432, Parent: 6431, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OthLaLosn
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
yakuza.i586.elfLinux_Trojan_Gafgyt_c573932bunknownunknown
  • 0x33b7:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
yakuza.i586.elfLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
  • 0xc879:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
yakuza.i586.elfLinux_Trojan_Gafgyt_750fe002unknownunknown
  • 0x39b2:$a: 10 8B 45 0C 40 8A 00 3C FC 75 06 C6 45 FF FE EB 50 8B 45 0C 40
yakuza.i586.elfLinux_Trojan_Gafgyt_7167d08funknownunknown
  • 0x3454:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
yakuza.i586.elfLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0xc3fc:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
Click to see the 3 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
6223.1.0000000008048000.000000000805e000.r-x.sdmpLinux_Trojan_Gafgyt_c573932bunknownunknown
  • 0x33b7:$a: 83 7D 18 00 74 22 8B 45 1C 83 E0 02 85 C0 74 18 83 EC 08 6A 2D FF
6223.1.0000000008048000.000000000805e000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
  • 0xc879:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
6223.1.0000000008048000.000000000805e000.r-x.sdmpLinux_Trojan_Gafgyt_750fe002unknownunknown
  • 0x39b2:$a: 10 8B 45 0C 40 8A 00 3C FC 75 06 C6 45 FF FE EB 50 8B 45 0C 40
6223.1.0000000008048000.000000000805e000.r-x.sdmpLinux_Trojan_Gafgyt_7167d08funknownunknown
  • 0x3454:$a: 0C 8A 00 3C 2D 75 13 FF 45 0C C7 45 E4 01 00 00 00 EB 07 FF
6223.1.0000000008048000.000000000805e000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0xc3fc:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
Click to see the 4 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Bitcoin Miner
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Stealing of Sensitive Information

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: yakuza.i586.elfReversingLabs: Detection: 63%
Source: yakuza.i586.elfJoe Sandbox ML: detected
Source: /usr/bin/pkill (PID: 6228)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6231)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6236)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6239)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6245)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6250)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6253)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6258)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6280)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6283)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6288)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6291)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6296)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6299)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6304)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6307)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6313)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6316)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6321)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6324)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6331)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6334)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6339)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6342)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6347)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6352)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6357)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6361)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6366)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6371)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6374)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6379)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6384)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6387)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6392)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6399)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6404)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6407)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6412)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6419)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6422)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6427)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6432)Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking

barindex
Source: unknownIRC traffic detected: 192.168.2.23:39626 -> 194.110.247.46:5060 NICK [OSX|x86_32]F8UF USER F8UF localhost localhost :F8UF
Source: unknownNetwork traffic detected: IRC traffic on port 39626 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39626 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39628 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39630 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39632 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39634 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39636 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39636 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39638 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39638 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39640 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39642 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39642 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39644 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39646 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39646 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39648 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39648 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: global trafficTCP traffic: 192.168.2.23:39626 -> 194.110.247.46:5060
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: yakuza.i586.elfString found in binary or memory: http://87.20.230.96/yak.sh;
Source: yakuza.i586.elfString found in binary or memory: https://youtu.be/dQw4w9WgXcQ
Source: yakuza.i586.elfString found in binary or memory: https://youtu.be/dQw4w9WgXcQNever
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_0fa3a6e9 Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_6b3974b2 Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_750fe002 Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_0fa3a6e9 Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_6b3974b2 Author: unknown
Source: Process Memory Space: yakuza.i586.elf PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: yakuza.i586.elfELF static info symbol of initial sample: passwords
Source: yakuza.i586.elfELF static info symbol of initial sample: usernames
Source: Initial sampleString containing 'busybox' found: busybox
Source: Initial sampleString containing 'busybox' found: 902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreutelnetd0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QTjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismDeportedXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0Gb
Source: Initial sampleString containing 'busybox' found: pkill -9 %s || busybox pkill -9 %s
Source: Initial sampleString containing 'busybox' found: pkill -9 %s || busybox pkill -9 %shistory -c;history -wcd /root;rm -f .bash_historycd /var/tmp; rm -f *NOTICE %s :MOVE <server>
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_0fa3a6e9 reference_sample = 40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = fed796c5275e2e91c75dcdbf73d0c0ab37591115989312c6f6c5adcd138bc91f, id = 0fa3a6e9-89f3-4bc8-8dc1-e9ccbeeb836d, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: yakuza.i586.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_6b3974b2 reference_sample = 2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 942a35f7acacf1d07577fe159a34dc7b04e5d07ff32ea13be975cfeea23e34be, id = 6b3974b2-fd7f-4ebf-8aba-217761e7b846, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_750fe002 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f51347158a6477b0da4ed4df3374fbad92b6ac137aa4775f83035d1e30cba7dc, id = 750fe002-cac1-4832-94d2-212aa5ec17e3, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_0fa3a6e9 reference_sample = 40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = fed796c5275e2e91c75dcdbf73d0c0ab37591115989312c6f6c5adcd138bc91f, id = 0fa3a6e9-89f3-4bc8-8dc1-e9ccbeeb836d, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.000000000805e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_6b3974b2 reference_sample = 2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 942a35f7acacf1d07577fe159a34dc7b04e5d07ff32ea13be975cfeea23e34be, id = 6b3974b2-fd7f-4ebf-8aba-217761e7b846, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.i586.elf PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: classification engineClassification label: mal68.troj.linELF@0/0@0/0
Source: yakuza.i586.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crt1.S
Source: yakuza.i586.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crti.S
Source: yakuza.i586.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/crtn.S
Source: yakuza.i586.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/mmap.S
Source: yakuza.i586.elfELF static info symbol of initial sample: libc/sysdeps/linux/i386/vfork.S
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1582/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1582/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/3088/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/3088/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1579/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1579/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1699/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1699/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1335/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1335/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1698/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1698/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1334/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1334/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1576/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1576/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2302/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2302/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/910/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/910/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/6226/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/6226/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/912/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/912/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2307/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2307/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/918/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/918/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1594/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1594/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1349/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1349/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 6296)File opened: /proc/4/cmdline
Source: /tmp/yakuza.i586.elf (PID: 6227)Shell command executed: sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
Source: /tmp/yakuza.i586.elf (PID: 6230)Shell command executed: sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
Source: /tmp/yakuza.i586.elf (PID: 6235)Shell command executed: sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
Source: /tmp/yakuza.i586.elf (PID: 6238)Shell command executed: sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
Source: /tmp/yakuza.i586.elf (PID: 6244)Shell command executed: sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
Source: /tmp/yakuza.i586.elf (PID: 6249)Shell command executed: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
Source: /tmp/yakuza.i586.elf (PID: 6252)Shell command executed: sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
Source: /tmp/yakuza.i586.elf (PID: 6257)Shell command executed: sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
Source: /tmp/yakuza.i586.elf (PID: 6279)Shell command executed: sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
Source: /tmp/yakuza.i586.elf (PID: 6282)Shell command executed: sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
Source: /tmp/yakuza.i586.elf (PID: 6287)Shell command executed: sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
Source: /tmp/yakuza.i586.elf (PID: 6290)Shell command executed: sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
Source: /tmp/yakuza.i586.elf (PID: 6295)Shell command executed: sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
Source: /tmp/yakuza.i586.elf (PID: 6298)Shell command executed: sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
Source: /tmp/yakuza.i586.elf (PID: 6303)Shell command executed: sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
Source: /tmp/yakuza.i586.elf (PID: 6306)Shell command executed: sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
Source: /tmp/yakuza.i586.elf (PID: 6312)Shell command executed: sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
Source: /tmp/yakuza.i586.elf (PID: 6315)Shell command executed: sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
Source: /tmp/yakuza.i586.elf (PID: 6320)Shell command executed: sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
Source: /tmp/yakuza.i586.elf (PID: 6323)Shell command executed: sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
Source: /tmp/yakuza.i586.elf (PID: 6330)Shell command executed: sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
Source: /tmp/yakuza.i586.elf (PID: 6333)Shell command executed: sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
Source: /tmp/yakuza.i586.elf (PID: 6338)Shell command executed: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
Source: /tmp/yakuza.i586.elf (PID: 6341)Shell command executed: sh -c "pkill -9 frgege || busybox pkill -9 frgege"
Source: /tmp/yakuza.i586.elf (PID: 6346)Shell command executed: sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
Source: /tmp/yakuza.i586.elf (PID: 6351)Shell command executed: sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
Source: /tmp/yakuza.i586.elf (PID: 6356)Shell command executed: sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
Source: /tmp/yakuza.i586.elf (PID: 6360)Shell command executed: sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
Source: /tmp/yakuza.i586.elf (PID: 6365)Shell command executed: sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
Source: /tmp/yakuza.i586.elf (PID: 6370)Shell command executed: sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
Source: /tmp/yakuza.i586.elf (PID: 6373)Shell command executed: sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
Source: /tmp/yakuza.i586.elf (PID: 6378)Shell command executed: sh -c "pkill -9 gaft || busybox pkill -9 gaft"
Source: /tmp/yakuza.i586.elf (PID: 6383)Shell command executed: sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
Source: /tmp/yakuza.i586.elf (PID: 6386)Shell command executed: sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
Source: /tmp/yakuza.i586.elf (PID: 6391)Shell command executed: sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
Source: /tmp/yakuza.i586.elf (PID: 6398)Shell command executed: sh -c "pkill -9 geae || busybox pkill -9 geae"
Source: /tmp/yakuza.i586.elf (PID: 6403)Shell command executed: sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
Source: /tmp/yakuza.i586.elf (PID: 6406)Shell command executed: sh -c "pkill -9 123123a || busybox pkill -9 123123a"
Source: /tmp/yakuza.i586.elf (PID: 6411)Shell command executed: sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
Source: /tmp/yakuza.i586.elf (PID: 6418)Shell command executed: sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
Source: /tmp/yakuza.i586.elf (PID: 6421)Shell command executed: sh -c "pkill -9 wasads || busybox pkill -9 wasads"
Source: /tmp/yakuza.i586.elf (PID: 6426)Shell command executed: sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
Source: /tmp/yakuza.i586.elf (PID: 6431)Shell command executed: sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
Source: /bin/sh (PID: 6228)Pkill executable: /usr/bin/pkill -> pkill -9 902i13
Source: /bin/sh (PID: 6231)Pkill executable: /usr/bin/pkill -> pkill -9 BzSxLxBxeY
Source: /bin/sh (PID: 6236)Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-LUGO7
Source: /bin/sh (PID: 6239)Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-U79OL
Source: /bin/sh (PID: 6245)Pkill executable: /usr/bin/pkill -> pkill -9 JuYfouyf87
Source: /bin/sh (PID: 6250)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
Source: /bin/sh (PID: 6253)Pkill executable: /usr/bin/pkill -> pkill -9 SO190Ij1X
Source: /bin/sh (PID: 6258)Pkill executable: /usr/bin/pkill -> pkill -9 LOLKIKEEEDDE
Source: /bin/sh (PID: 6280)Pkill executable: /usr/bin/pkill -> pkill -9 ekjheory98e
Source: /bin/sh (PID: 6283)Pkill executable: /usr/bin/pkill -> pkill -9 scansh4
Source: /bin/sh (PID: 6288)Pkill executable: /usr/bin/pkill -> pkill -9 MDMA
Source: /bin/sh (PID: 6291)Pkill executable: /usr/bin/pkill -> pkill -9 fdevalvex
Source: /bin/sh (PID: 6296)Pkill executable: /usr/bin/pkill -> pkill -9 scanspc
Source: /bin/sh (PID: 6299)Pkill executable: /usr/bin/pkill -> pkill -9 MELTEDNINJAREALZ
Source: /bin/sh (PID: 6304)Pkill executable: /usr/bin/pkill -> pkill -9 flexsonskids
Source: /bin/sh (PID: 6307)Pkill executable: /usr/bin/pkill -> pkill -9 scanx86
Source: /bin/sh (PID: 6313)Pkill executable: /usr/bin/pkill -> pkill -9 MISAKI-U79OL
Source: /bin/sh (PID: 6316)Pkill executable: /usr/bin/pkill -> pkill -9 foAxi102kxe
Source: /bin/sh (PID: 6321)Pkill executable: /usr/bin/pkill -> pkill -9 swodjwodjwoj
Source: /bin/sh (PID: 6324)Pkill executable: /usr/bin/pkill -> pkill -9 MmKiy7f87l
Source: /bin/sh (PID: 6331)Pkill executable: /usr/bin/pkill -> pkill -9 freecookiex86
Source: /bin/sh (PID: 6334)Pkill executable: /usr/bin/pkill -> pkill -9 sysgpu
Source: /bin/sh (PID: 6339)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
Source: /bin/sh (PID: 6342)Pkill executable: /usr/bin/pkill -> pkill -9 frgege
Source: /bin/sh (PID: 6347)Pkill executable: /usr/bin/pkill -> pkill -9 sysupdater
Source: /bin/sh (PID: 6352)Pkill executable: /usr/bin/pkill -> pkill -9 0DnAzepd
Source: /bin/sh (PID: 6357)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRD0nks69
Source: /bin/sh (PID: 6361)Pkill executable: /usr/bin/pkill -> pkill -9 frgreu
Source: /bin/sh (PID: 6366)Pkill executable: /usr/bin/pkill -> pkill -9 telnetd
Source: /bin/sh (PID: 6371)Pkill executable: /usr/bin/pkill -> pkill -9 0x766f6964
Source: /bin/sh (PID: 6374)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRd0nks1337
Source: /bin/sh (PID: 6379)Pkill executable: /usr/bin/pkill -> pkill -9 gaft
Source: /bin/sh (PID: 6384)Pkill executable: /usr/bin/pkill -> pkill -9 urasgbsigboa
Source: /bin/sh (PID: 6387)Pkill executable: /usr/bin/pkill -> pkill -9 120i3UI49
Source: /bin/sh (PID: 6392)Pkill executable: /usr/bin/pkill -> pkill -9 OaF3
Source: /bin/sh (PID: 6399)Pkill executable: /usr/bin/pkill -> pkill -9 geae
Source: /bin/sh (PID: 6404)Pkill executable: /usr/bin/pkill -> pkill -9 vaiolmao
Source: /bin/sh (PID: 6407)Pkill executable: /usr/bin/pkill -> pkill -9 123123a
Source: /bin/sh (PID: 6412)Pkill executable: /usr/bin/pkill -> pkill -9 Ofurain0n4H34D
Source: /bin/sh (PID: 6419)Pkill executable: /usr/bin/pkill -> pkill -9 ggTrex
Source: /bin/sh (PID: 6422)Pkill executable: /usr/bin/pkill -> pkill -9 wasads
Source: /bin/sh (PID: 6427)Pkill executable: /usr/bin/pkill -> pkill -9 1293194hjXD
Source: /bin/sh (PID: 6432)Pkill executable: /usr/bin/pkill -> pkill -9 OthLaLosn

Hooking and other Techniques for Hiding and Protection

barindex
Source: unknownNetwork traffic detected: IRC traffic on port 39626 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39626 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39628 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39630 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39632 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39634 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39636 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39636 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39638 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39638 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39640 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39642 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39642 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39644 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39646 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39646 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39648 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39648 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: unknownNetwork traffic detected: IRC traffic on port 39650 -> 5060
Source: /usr/bin/pkill (PID: 6228)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6231)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6236)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6239)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6245)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6250)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6253)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6258)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6280)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6283)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6288)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6291)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6296)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6299)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6304)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6307)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/pkill (PID: 6313)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6316)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6321)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6324)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6331)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6334)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6339)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6342)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6347)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6352)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6357)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6361)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6366)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6371)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6374)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6379)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6384)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6387)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6392)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6399)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6404)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6407)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6412)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6419)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6422)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6427)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6432)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/busybox (PID: 6229)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6234)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6237)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6242)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6246)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6251)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6254)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6259)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6281)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6286)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6289)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6294)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6297)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6302)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6305)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6310)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6314)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6319)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6322)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6327)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6332)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6337)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6340)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6345)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6350)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6355)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6359)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6364)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6369)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6372)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6377)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6382)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6385)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6390)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6395)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6400)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6405)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6410)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6415)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6420)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6425)Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 6430)Queries kernel information via 'uname':
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sampleUser agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		Remote ServicesData from Local System1
Data Obfuscation		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550194 Sample: yakuza.i586.elf Startdate: 06/11/2024 Architecture: LINUX Score: 68 39 194.110.247.46, 39626, 39628, 39630 FIRSTROOT-ASDE unknown 2->39 41 109.202.202.202, 80 INIT7CH Switzerland 2->41 43 2 other IPs or domains 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Uses IRC for communication with a C&C 2->49 51 2 other signatures 2->51 9 yakuza.i586.elf 2->9         started        signatures3 process4 process5 11 yakuza.i586.elf 9->11         started        process6 13 yakuza.i586.elf sh 11->13         started        15 yakuza.i586.elf sh 11->15         started        17 yakuza.i586.elf sh 11->17         started        19 42 other processes 11->19 process7 21 sh pkill 13->21         started        23 sh busybox 13->23         started        25 sh pkill 15->25         started        27 sh busybox 15->27         started        29 sh pkill 17->29         started        31 sh busybox 17->31         started        33 sh pkill 19->33         started        35 sh busybox 19->35         started        37 77 other processes 19->37

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
yakuza.i586.elf63%ReversingLabsLinux.Trojan.Tsunami
yakuza.i586.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://87.20.230.96/yak.sh;yakuza.i586.elffalse
    		unknown
    https://youtu.be/dQw4w9WgXcQyakuza.i586.elffalse
      		high
      https://youtu.be/dQw4w9WgXcQNeveryakuza.i586.elffalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        109.202.202.202
        		unknownSwitzerland
        		13030INIT7CHfalse
        194.110.247.46
        		unknownunknown
        		41108FIRSTROOT-ASDEtrue
        91.189.91.43
        		unknownUnited Kingdom
        		41231CANONICAL-ASGBfalse
        91.189.91.42
        		unknownUnited Kingdom
        		41231CANONICAL-ASGBfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
        Entropy (8bit):6.5302147291383745
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:yakuza.i586.elf
        File size:119'163 bytes
        MD5:da72e6333e06ec39df537436be9e69ca
        SHA1:93da13060c76a396195faeff280afc0bfe4fc312
        SHA256:f87003a2186bcd4c9e3a3582a8bbc884e48e3faf6f4398463ed254cf257a0456
        SHA512:6fa17ad74542696fe40e4fed339a35bc64bb210788b1e06113a9033d13b7317b782cbbff5e0f431021060106de39934a3e4dcc7ceea9620e19be28185e427993
        SSDEEP:3072:bUUFbuueauAv3alZePCqH5nKduWGfv69ny6JP/KTiFi:bUQjekCZqHZEurv69ny6JHKTiFi
        TLSH:6DC34BC3E780C7B3D0930AB612A7971402B2E9375A1BCE95F31C2CB49F19585F6266BC
        File Content Preview:.ELF....................d...4...|m......4. ...(.....................8V..8V..............8V..8...8.......0...........Q.td............................U..S........e...h....S...[]...$.............U......=.....t..5....d......d.......u........t....h4...........

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:Intel 80386
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - System V
        ABI Version:0
        Entry Point Address:0x8048164
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:93564
        Section Header Size:40
        Number of Section Headers:16
        Header String Table Index:13

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80480940x940x1c0x00x6AX001
        .textPROGBITS0x80480b00xb00x103780x00x6AX0016
        .finiPROGBITS0x80584280x104280x170x00x6AX001
        .rodataPROGBITS0x80584400x104400x51f20x00x2A0032
        .eh_framePROGBITS0x805d6340x156340x40x00x2A004
        .ctorsPROGBITS0x805e6380x156380x80x00x3WA004
        .dtorsPROGBITS0x805e6400x156400x80x00x3WA004
        .jcrPROGBITS0x805e6480x156480x40x00x3WA004
        .got.pltPROGBITS0x805e64c0x1564c0xc0x40x3WA004
        .dataPROGBITS0x805e6600x156600x9600x00x3WA0032
        .bssNOBITS0x805efc00x15fc00x7ba80x00x3WA0032
        .commentPROGBITS0x00x15fc00xd4a0x00x0001
        .shstrtabSTRTAB0x00x16d0a0x6f0x00x0001
        .symtabSYMTAB0x00x16ffc0x38400x100x0152964
        .strtabSTRTAB0x00x1a83c0x293f0x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80480000x80480000x156380x156386.68450x5R E0x1000.init .text .fini .rodata .eh_frame
        LOAD0x156380x805e6380x805e6380x9880x85304.76030x6RW 0x1000.ctors .dtors .jcr .got.plt .data .bss
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Symbols

        NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
        .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        .symtab0x80480940SECTION<unknown>DEFAULT1
        .symtab0x80480b00SECTION<unknown>DEFAULT2
        .symtab0x80584280SECTION<unknown>DEFAULT3
        .symtab0x80584400SECTION<unknown>DEFAULT4
        .symtab0x805d6340SECTION<unknown>DEFAULT5
        .symtab0x805e6380SECTION<unknown>DEFAULT6
        .symtab0x805e6400SECTION<unknown>DEFAULT7
        .symtab0x805e6480SECTION<unknown>DEFAULT8
        .symtab0x805e64c0SECTION<unknown>DEFAULT9
        .symtab0x805e6600SECTION<unknown>DEFAULT10
        .symtab0x805efc00SECTION<unknown>DEFAULT11
        .symtab0x00SECTION<unknown>DEFAULT12
        .symtab0x00SECTION<unknown>DEFAULT13
        .symtab0x00SECTION<unknown>DEFAULT14
        .symtab0x00SECTION<unknown>DEFAULT15
        C.73.5600.symtab0x8059d8036OBJECT<unknown>DEFAULT4
        C.91.5818.symtab0x805a3a0312OBJECT<unknown>DEFAULT4
        ClearHistory.symtab0x804d2ec56FUNC<unknown>DEFAULT2
        HTTP.symtab0x8049ea4263FUNC<unknown>DEFAULT2
        Q.symtab0x805f42016384OBJECT<unknown>DEFAULT11
        Send.symtab0x804832d87FUNC<unknown>DEFAULT2
        UserAgents.symtab0x805e9c0144OBJECT<unknown>DEFAULT10
        _352.symtab0x804e6f95FUNC<unknown>DEFAULT2
        _376.symtab0x804e66d110FUNC<unknown>DEFAULT2
        _433.symtab0x804e6fe57FUNC<unknown>DEFAULT2
        _GLOBAL_OFFSET_TABLE_.symtab0x805e64c0OBJECT<unknown>HIDDEN9
        _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        _NICK.symtab0x804e737170FUNC<unknown>DEFAULT2
        _PING.symtab0x804e6db30FUNC<unknown>DEFAULT2
        _PRIVMSG.symtab0x804dc402605FUNC<unknown>DEFAULT2
        _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __CTOR_END__.symtab0x805e63c0OBJECT<unknown>DEFAULT6
        __CTOR_LIST__.symtab0x805e6380OBJECT<unknown>DEFAULT6
        __C_ctype_b.symtab0x805ef7c4OBJECT<unknown>DEFAULT10
        __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_b_data.symtab0x805cee0768OBJECT<unknown>DEFAULT4
        __C_ctype_tolower.symtab0x805ef844OBJECT<unknown>DEFAULT10
        __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_tolower_data.symtab0x805d1e0768OBJECT<unknown>DEFAULT4
        __C_ctype_toupper.symtab0x805ed204OBJECT<unknown>DEFAULT10
        __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __C_ctype_toupper_data.symtab0x805bc40768OBJECT<unknown>DEFAULT4
        __DTOR_END__.symtab0x805e6440OBJECT<unknown>DEFAULT7
        __DTOR_LIST__.symtab0x805e6400OBJECT<unknown>DEFAULT7
        __EH_FRAME_BEGIN__.symtab0x805d6340OBJECT<unknown>DEFAULT5
        __FRAME_END__.symtab0x805d6340OBJECT<unknown>DEFAULT5
        __GI___C_ctype_b.symtab0x805ef7c4OBJECT<unknown>HIDDEN10
        __GI___C_ctype_b_data.symtab0x805cee0768OBJECT<unknown>HIDDEN4
        __GI___C_ctype_tolower.symtab0x805ef844OBJECT<unknown>HIDDEN10
        __GI___C_ctype_tolower_data.symtab0x805d1e0768OBJECT<unknown>HIDDEN4
        __GI___C_ctype_toupper.symtab0x805ed204OBJECT<unknown>HIDDEN10
        __GI___C_ctype_toupper_data.symtab0x805bc40768OBJECT<unknown>HIDDEN4
        __GI___ctype_b.symtab0x805ef804OBJECT<unknown>HIDDEN10
        __GI___ctype_tolower.symtab0x805ef884OBJECT<unknown>HIDDEN10
        __GI___ctype_toupper.symtab0x805ed244OBJECT<unknown>HIDDEN10
        __GI___errno_location.symtab0x804f7d86FUNC<unknown>HIDDEN2
        __GI___fgetc_unlocked.symtab0x8055df4220FUNC<unknown>HIDDEN2
        __GI___fputc_unlocked.symtab0x8051230197FUNC<unknown>HIDDEN2
        __GI___glibc_strerror_r.symtab0x805147c29FUNC<unknown>HIDDEN2
        __GI___h_errno_location.symtab0x805538c6FUNC<unknown>HIDDEN2
        __GI___libc_fcntl.symtab0x804f35487FUNC<unknown>HIDDEN2
        __GI___libc_fcntl64.symtab0x804f3ac63FUNC<unknown>HIDDEN2
        __GI___libc_open.symtab0x80551f475FUNC<unknown>HIDDEN2
        __GI___uClibc_fini.symtab0x8054be863FUNC<unknown>HIDDEN2
        __GI___uClibc_init.symtab0x8054c5f64FUNC<unknown>HIDDEN2
        __GI___xpg_strerror_r.symtab0x805149c183FUNC<unknown>HIDDEN2
        __GI__exit.symtab0x8054fe440FUNC<unknown>HIDDEN2
        __GI_abort.symtab0x80540e0273FUNC<unknown>HIDDEN2
        __GI_accept.symtab0x805303043FUNC<unknown>HIDDEN2
        __GI_asprintf.symtab0x804f9f030FUNC<unknown>HIDDEN2
        __GI_atoi.symtab0x80546ac20FUNC<unknown>HIDDEN2
        __GI_atol.symtab0x80546ac20FUNC<unknown>HIDDEN2
        __GI_bind.symtab0x805305c43FUNC<unknown>HIDDEN2
        __GI_brk.symtab0x805787054FUNC<unknown>HIDDEN2
        __GI_chdir.symtab0x804f3ec46FUNC<unknown>HIDDEN2
        __GI_clock_getres.symtab0x805500c50FUNC<unknown>HIDDEN2
        __GI_close.symtab0x804f41c46FUNC<unknown>HIDDEN2
        __GI_connect.symtab0x805308843FUNC<unknown>HIDDEN2
        __GI_dup2.symtab0x805504050FUNC<unknown>HIDDEN2
        __GI_endservent.symtab0x80562bc92FUNC<unknown>HIDDEN2
        __GI_errno.symtab0x80654944OBJECT<unknown>HIDDEN11
        __GI_execl.symtab0x8054878105FUNC<unknown>HIDDEN2
        __GI_execve.symtab0x805507454FUNC<unknown>HIDDEN2
        __GI_exit.symtab0x8054810103FUNC<unknown>HIDDEN2
        __GI_fclose.symtab0x804f7e0265FUNC<unknown>HIDDEN2
        __GI_fcntl.symtab0x804f35487FUNC<unknown>HIDDEN2
        __GI_fcntl64.symtab0x804f3ac63FUNC<unknown>HIDDEN2
        __GI_fdopen.symtab0x805548050FUNC<unknown>HIDDEN2
        __GI_fflush_unlocked.symtab0x8051080321FUNC<unknown>HIDDEN2
        __GI_fgetc_unlocked.symtab0x8055df4220FUNC<unknown>HIDDEN2
        __GI_fgets.symtab0x8050e4498FUNC<unknown>HIDDEN2
        __GI_fgets_unlocked.symtab0x80511c4105FUNC<unknown>HIDDEN2
        __GI_fopen.symtab0x804f8ec24FUNC<unknown>HIDDEN2
        __GI_fork.symtab0x804f44c38FUNC<unknown>HIDDEN2
        __GI_fprintf.symtab0x804f9d030FUNC<unknown>HIDDEN2
        __GI_fputc.symtab0x8050ea8146FUNC<unknown>HIDDEN2
        __GI_fputs.symtab0x8050f3c95FUNC<unknown>HIDDEN2
        __GI_fputs_unlocked.symtab0x80512f851FUNC<unknown>HIDDEN2
        __GI_freeaddrinfo.symtab0x805212635FUNC<unknown>HIDDEN2
        __GI_fseek.symtab0x80578c027FUNC<unknown>HIDDEN2
        __GI_fseeko64.symtab0x805793c227FUNC<unknown>HIDDEN2
        __GI_fwrite_unlocked.symtab0x805132c116FUNC<unknown>HIDDEN2
        __GI_getaddrinfo.symtab0x8052149652FUNC<unknown>HIDDEN2
        __GI_getc_unlocked.symtab0x8055df4220FUNC<unknown>HIDDEN2
        __GI_getcwd.symtab0x804f474185FUNC<unknown>HIDDEN2
        __GI_getdtablesize.symtab0x804f53037FUNC<unknown>HIDDEN2
        __GI_getegid.symtab0x80550ac38FUNC<unknown>HIDDEN2
        __GI_geteuid.symtab0x80550d438FUNC<unknown>HIDDEN2
        __GI_getgid.symtab0x80550fc38FUNC<unknown>HIDDEN2
        __GI_gethostbyaddr_r.symtab0x8052cbc884FUNC<unknown>HIDDEN2
        __GI_gethostbyname2_r.symtab0x805298c815FUNC<unknown>HIDDEN2
        __GI_gethostbyname_r.symtab0x80573d4818FUNC<unknown>HIDDEN2
        __GI_getpagesize.symtab0x804f55819FUNC<unknown>HIDDEN2
        __GI_getpid.symtab0x804f56c38FUNC<unknown>HIDDEN2
        __GI_getrlimit.symtab0x804f5bc50FUNC<unknown>HIDDEN2
        __GI_getservbyname_r.symtab0x805646e224FUNC<unknown>HIDDEN2
        __GI_getservbyport.symtab0x805643a52FUNC<unknown>HIDDEN2
        __GI_getservbyport_r.symtab0x805638b175FUNC<unknown>HIDDEN2
        __GI_getservent_r.symtab0x80560c2464FUNC<unknown>HIDDEN2
        __GI_getuid.symtab0x805512438FUNC<unknown>HIDDEN2
        __GI_h_errno.symtab0x80654984OBJECT<unknown>HIDDEN11
        __GI_if_freenameindex.symtab0x805680a52FUNC<unknown>HIDDEN2
        __GI_if_nameindex.symtab0x8056670410FUNC<unknown>HIDDEN2
        __GI_if_nametoindex.symtab0x80565fb117FUNC<unknown>HIDDEN2
        __GI_in6addr_loopback.symtab0x805cbf816OBJECT<unknown>HIDDEN4
        __GI_inet_addr.symtab0x805296437FUNC<unknown>HIDDEN2
        __GI_inet_aton.symtab0x8056840148FUNC<unknown>HIDDEN2
        __GI_inet_ntoa.symtab0x805294f21FUNC<unknown>HIDDEN2
        __GI_inet_ntoa_r.symtab0x805290079FUNC<unknown>HIDDEN2
        __GI_inet_ntop.symtab0x8052730462FUNC<unknown>HIDDEN2
        __GI_inet_pton.symtab0x805245e458FUNC<unknown>HIDDEN2
        __GI_initstate_r.symtab0x80544ca171FUNC<unknown>HIDDEN2
        __GI_ioctl.symtab0x804f5f063FUNC<unknown>HIDDEN2
        __GI_isatty.symtab0x805164c29FUNC<unknown>HIDDEN2
        __GI_kill.symtab0x804f63050FUNC<unknown>HIDDEN2
        __GI_listen.symtab0x80530f035FUNC<unknown>HIDDEN2
        __GI_lseek64.symtab0x805829095FUNC<unknown>HIDDEN2
        __GI_memchr.symtab0x8055ed035FUNC<unknown>HIDDEN2
        __GI_memcpy.symtab0x80513a039FUNC<unknown>HIDDEN2
        __GI_memmove.symtab0x8055ef439FUNC<unknown>HIDDEN2
        __GI_mempcpy.symtab0x8055f3c33FUNC<unknown>HIDDEN2
        __GI_memrchr.symtab0x8055f60176FUNC<unknown>HIDDEN2
        __GI_memset.symtab0x80513c821FUNC<unknown>HIDDEN2
        __GI_mmap.symtab0x8054f5827FUNC<unknown>HIDDEN2
        __GI_mremap.symtab0x805514c63FUNC<unknown>HIDDEN2
        __GI_munmap.symtab0x805518c50FUNC<unknown>HIDDEN2
        __GI_nanosleep.symtab0x80551c050FUNC<unknown>HIDDEN2
        __GI_open.symtab0x80551f475FUNC<unknown>HIDDEN2
        __GI_perror.symtab0x804f90450FUNC<unknown>HIDDEN2
        __GI_pipe.symtab0x805525846FUNC<unknown>HIDDEN2
        __GI_poll.symtab0x804f66454FUNC<unknown>HIDDEN2
        __GI_putc.symtab0x8050ea8146FUNC<unknown>HIDDEN2
        __GI_putc_unlocked.symtab0x8051230197FUNC<unknown>HIDDEN2
        __GI_raise.symtab0x805773024FUNC<unknown>HIDDEN2
        __GI_random.symtab0x80541fc72FUNC<unknown>HIDDEN2
        __GI_random_r.symtab0x80543d595FUNC<unknown>HIDDEN2
        __GI_rawmemchr.symtab0x8057c2099FUNC<unknown>HIDDEN2
        __GI_read.symtab0x80582f054FUNC<unknown>HIDDEN2
        __GI_recv.symtab0x805311451FUNC<unknown>HIDDEN2
        __GI_rewind.symtab0x80578dc94FUNC<unknown>HIDDEN2
        __GI_sbrk.symtab0x805528878FUNC<unknown>HIDDEN2
        __GI_select.symtab0x804f69c63FUNC<unknown>HIDDEN2
        __GI_send.symtab0x805314851FUNC<unknown>HIDDEN2
        __GI_sendto.symtab0x805317c67FUNC<unknown>HIDDEN2
        __GI_setservent.symtab0x8056318115FUNC<unknown>HIDDEN2
        __GI_setsid.symtab0x804f6dc38FUNC<unknown>HIDDEN2
        __GI_setsockopt.symtab0x80531c059FUNC<unknown>HIDDEN2
        __GI_setstate_r.symtab0x805433c153FUNC<unknown>HIDDEN2
        __GI_sigaction.symtab0x8054e67217FUNC<unknown>HIDDEN2
        __GI_signal.symtab0x8057748175FUNC<unknown>HIDDEN2
        __GI_sigprocmask.symtab0x80552d885FUNC<unknown>HIDDEN2
        __GI_sleep.symtab0x80548e4393FUNC<unknown>HIDDEN2
        __GI_socket.symtab0x80531fc43FUNC<unknown>HIDDEN2
        __GI_sprintf.symtab0x804fa1031FUNC<unknown>HIDDEN2
        __GI_srandom_r.symtab0x8054434150FUNC<unknown>HIDDEN2
        __GI_strcasecmp.symtab0x805156c54FUNC<unknown>HIDDEN2
        __GI_strcasestr.symtab0x80515a483FUNC<unknown>HIDDEN2
        __GI_strchr.symtab0x8055f1c30FUNC<unknown>HIDDEN2
        __GI_strcmp.symtab0x8057bd029FUNC<unknown>HIDDEN2
        __GI_strcoll.symtab0x8057bd029FUNC<unknown>HIDDEN2
        __GI_strcpy.symtab0x80513e027FUNC<unknown>HIDDEN2
        __GI_strdup.symtab0x80515f854FUNC<unknown>HIDDEN2
        __GI_strlen.symtab0x80513fc19FUNC<unknown>HIDDEN2
        __GI_strncat.symtab0x8057bf046FUNC<unknown>HIDDEN2
        __GI_strncmp.symtab0x805141037FUNC<unknown>HIDDEN2
        __GI_strncpy.symtab0x805143838FUNC<unknown>HIDDEN2
        __GI_strnlen.symtab0x805146025FUNC<unknown>HIDDEN2
        __GI_strpbrk.symtab0x805606c39FUNC<unknown>HIDDEN2
        __GI_strspn.symtab0x8057c8450FUNC<unknown>HIDDEN2
        __GI_strtok.symtab0x805163025FUNC<unknown>HIDDEN2
        __GI_strtok_r.symtab0x805601089FUNC<unknown>HIDDEN2
        __GI_strtol.symtab0x80546c026FUNC<unknown>HIDDEN2
        __GI_strtoul.symtab0x80546dc26FUNC<unknown>HIDDEN2
        __GI_sysconf.symtab0x8054a70325FUNC<unknown>HIDDEN2
        __GI_tcgetattr.symtab0x805166c112FUNC<unknown>HIDDEN2
        __GI_time.symtab0x804f70446FUNC<unknown>HIDDEN2
        __GI_tolower.symtab0x805536c29FUNC<unknown>HIDDEN2
        __GI_toupper.symtab0x804f7b829FUNC<unknown>HIDDEN2
        __GI_vasprintf.symtab0x804fa30115FUNC<unknown>HIDDEN2
        __GI_vfork.symtab0x8054f4021FUNC<unknown>HIDDEN2
        __GI_vfprintf.symtab0x805016c136FUNC<unknown>HIDDEN2
        __GI_vsnprintf.symtab0x804faa4178FUNC<unknown>HIDDEN2
        __GI_wait4.symtab0x805533059FUNC<unknown>HIDDEN2
        __GI_waitpid.symtab0x804f76426FUNC<unknown>HIDDEN2
        __GI_wcrtomb.symtab0x805539468FUNC<unknown>HIDDEN2
        __GI_wcsnrtombs.symtab0x80553f8134FUNC<unknown>HIDDEN2
        __GI_wcsrtombs.symtab0x80553d830FUNC<unknown>HIDDEN2
        __GI_write.symtab0x804f78054FUNC<unknown>HIDDEN2
        __JCR_END__.symtab0x805e6480OBJECT<unknown>DEFAULT8
        __JCR_LIST__.symtab0x805e6480OBJECT<unknown>DEFAULT8
        __app_fini.symtab0x80654884OBJECT<unknown>HIDDEN11
        __atexit_lock.symtab0x805ef6024OBJECT<unknown>DEFAULT10
        __bsd_signal.symtab0x8057748175FUNC<unknown>HIDDEN2
        __bss_start.symtab0x805efc00NOTYPE<unknown>DEFAULTSHN_ABS
        __check_one_fd.symtab0x8054c2b52FUNC<unknown>DEFAULT2
        __ctype_b.symtab0x805ef804OBJECT<unknown>DEFAULT10
        __ctype_tolower.symtab0x805ef884OBJECT<unknown>DEFAULT10
        __ctype_toupper.symtab0x805ed244OBJECT<unknown>DEFAULT10
        __curbrk.symtab0x80654d44OBJECT<unknown>HIDDEN11
        __data_start.symtab0x805e6680NOTYPE<unknown>DEFAULT10
        __decode_answer.symtab0x8057e8c249FUNC<unknown>HIDDEN2
        __decode_dotted.symtab0x80568d4215FUNC<unknown>HIDDEN2
        __decode_header.symtab0x8057d6c171FUNC<unknown>HIDDEN2
        __deregister_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __dns_lookup.symtab0x80569ac1876FUNC<unknown>HIDDEN2
        __do_global_ctors_aux.symtab0x80584000FUNC<unknown>DEFAULT2
        __do_global_dtors_aux.symtab0x80480c00FUNC<unknown>DEFAULT2
        __dso_handle.symtab0x805e6600OBJECT<unknown>HIDDEN10
        __encode_dotted.symtab0x8058328144FUNC<unknown>HIDDEN2
        __encode_header.symtab0x8057cb8177FUNC<unknown>HIDDEN2
        __encode_question.symtab0x8057e1883FUNC<unknown>HIDDEN2
        __environ.symtab0x80654804OBJECT<unknown>DEFAULT11
        __errno_location.symtab0x804f7d86FUNC<unknown>DEFAULT2
        __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __exit_cleanup.symtab0x80654784OBJECT<unknown>HIDDEN11
        __fgetc_unlocked.symtab0x8055df4220FUNC<unknown>DEFAULT2
        __fini_array_end.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __fini_array_start.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __fputc_unlocked.symtab0x8051230197FUNC<unknown>DEFAULT2
        __get_hosts_byaddr_r.symtab0x805737097FUNC<unknown>HIDDEN2
        __get_hosts_byname_r.symtab0x805734444FUNC<unknown>HIDDEN2
        __get_pc_thunk_bx.symtab0x80480b00FUNC<unknown>HIDDEN2
        __getpagesize.symtab0x804f55819FUNC<unknown>DEFAULT2
        __glibc_strerror_r.symtab0x805147c29FUNC<unknown>DEFAULT2
        __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __h_errno_location.symtab0x805538c6FUNC<unknown>DEFAULT2
        __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __init_array_end.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __init_array_start.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __initbuf.symtab0x805609446FUNC<unknown>DEFAULT2
        __length_dotted.symtab0x80583b865FUNC<unknown>HIDDEN2
        __length_question.symtab0x8057e6c30FUNC<unknown>HIDDEN2
        __libc_accept.symtab0x805303043FUNC<unknown>DEFAULT2
        __libc_close.symtab0x804f41c46FUNC<unknown>DEFAULT2
        __libc_connect.symtab0x805308843FUNC<unknown>DEFAULT2
        __libc_creat.symtab0x805523f25FUNC<unknown>DEFAULT2
        __libc_fcntl.symtab0x804f35487FUNC<unknown>DEFAULT2
        __libc_fcntl64.symtab0x804f3ac63FUNC<unknown>DEFAULT2
        __libc_fork.symtab0x804f44c38FUNC<unknown>DEFAULT2
        __libc_getpid.symtab0x804f56c38FUNC<unknown>DEFAULT2
        __libc_lseek64.symtab0x805829095FUNC<unknown>DEFAULT2
        __libc_nanosleep.symtab0x80551c050FUNC<unknown>DEFAULT2
        __libc_open.symtab0x80551f475FUNC<unknown>DEFAULT2
        __libc_poll.symtab0x804f66454FUNC<unknown>DEFAULT2
        __libc_read.symtab0x80582f054FUNC<unknown>DEFAULT2
        __libc_recv.symtab0x805311451FUNC<unknown>DEFAULT2
        __libc_select.symtab0x804f69c63FUNC<unknown>DEFAULT2
        __libc_send.symtab0x805314851FUNC<unknown>DEFAULT2
        __libc_sendto.symtab0x805317c67FUNC<unknown>DEFAULT2
        __libc_sigaction.symtab0x8054e67217FUNC<unknown>DEFAULT2
        __libc_stack_end.symtab0x806547c4OBJECT<unknown>DEFAULT11
        __libc_system.symtab0x8054578305FUNC<unknown>DEFAULT2
        __libc_waitpid.symtab0x804f76426FUNC<unknown>DEFAULT2
        __libc_write.symtab0x804f78054FUNC<unknown>DEFAULT2
        __malloc_consolidate.symtab0x8053d79424FUNC<unknown>HIDDEN2
        __malloc_largebin_index.symtab0x805322838FUNC<unknown>DEFAULT2
        __malloc_lock.symtab0x805ee7024OBJECT<unknown>DEFAULT10
        __malloc_state.symtab0x8066740888OBJECT<unknown>DEFAULT11
        __malloc_trim.symtab0x8053cec141FUNC<unknown>DEFAULT2
        __nameserver.symtab0x8066ac812OBJECT<unknown>HIDDEN11
        __nameservers.symtab0x8066ad44OBJECT<unknown>HIDDEN11
        __open_etc_hosts.symtab0x8057f8849FUNC<unknown>HIDDEN2
        __open_nameservers.symtab0x8057100579FUNC<unknown>HIDDEN2
        __opensock.symtab0x805770840FUNC<unknown>HIDDEN2
        __pagesize.symtab0x80654844OBJECT<unknown>DEFAULT11
        __preinit_array_end.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __preinit_array_start.symtab0x805e6380NOTYPE<unknown>HIDDENSHN_ABS
        __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __pthread_mutex_init.symtab0x8054c273FUNC<unknown>DEFAULT2
        __pthread_mutex_lock.symtab0x8054c273FUNC<unknown>DEFAULT2
        __pthread_mutex_trylock.symtab0x8054c273FUNC<unknown>DEFAULT2
        __pthread_mutex_unlock.symtab0x8054c273FUNC<unknown>DEFAULT2
        __pthread_return_0.symtab0x8054c273FUNC<unknown>DEFAULT2
        __pthread_return_void.symtab0x8054c2a1FUNC<unknown>DEFAULT2
        __raise.symtab0x805773024FUNC<unknown>HIDDEN2
        __read_etc_hosts_r.symtab0x8057fb9724FUNC<unknown>HIDDEN2
        __register_frame_info_bases.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
        __resolv_lock.symtab0x805efa824OBJECT<unknown>DEFAULT10
        __restore.symtab0x8054e5f0NOTYPE<unknown>DEFAULT2
        __restore_rt.symtab0x8054e580NOTYPE<unknown>DEFAULT2
        __rtld_fini.symtab0x806548c4OBJECT<unknown>HIDDEN11
        __searchdomain.symtab0x8066ab816OBJECT<unknown>HIDDEN11
        __searchdomains.symtab0x8066ad84OBJECT<unknown>HIDDEN11
        __sigaddset.symtab0x805781c32FUNC<unknown>DEFAULT2
        __sigdelset.symtab0x805783c32FUNC<unknown>DEFAULT2
        __sigismember.symtab0x80577f836FUNC<unknown>DEFAULT2
        __socketcall.symtab0x8054f7450FUNC<unknown>HIDDEN2
        __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __stdin.symtab0x805ed344OBJECT<unknown>DEFAULT10
        __stdio_READ.symtab0x8057a2068FUNC<unknown>HIDDEN2
        __stdio_WRITE.symtab0x80554b4126FUNC<unknown>HIDDEN2
        __stdio_adjust_position.symtab0x8057a64168FUNC<unknown>HIDDEN2
        __stdio_fwrite.symtab0x8055534240FUNC<unknown>HIDDEN2
        __stdio_init_mutex.symtab0x80500a123FUNC<unknown>HIDDEN2
        __stdio_mutex_initializer.3991.symtab0x805bf5824OBJECT<unknown>DEFAULT4
        __stdio_rfill.symtab0x8057b0c40FUNC<unknown>HIDDEN2
        __stdio_seek.symtab0x8057b9c51FUNC<unknown>HIDDEN2
        __stdio_trans2r_o.symtab0x8057b34101FUNC<unknown>HIDDEN2
        __stdio_trans2w_o.symtab0x8055624158FUNC<unknown>HIDDEN2
        __stdio_wcommit.symtab0x805014043FUNC<unknown>HIDDEN2
        __stdout.symtab0x805ed384OBJECT<unknown>DEFAULT10
        __syscall_error.symtab0x80578a821FUNC<unknown>HIDDEN2
        __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_fcntl64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __syscall_rt_sigaction.symtab0x8054fa859FUNC<unknown>HIDDEN2
        __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __uClibc_fini.symtab0x8054be863FUNC<unknown>DEFAULT2
        __uClibc_init.symtab0x8054c5f64FUNC<unknown>DEFAULT2
        __uClibc_main.symtab0x8054c9f441FUNC<unknown>DEFAULT2
        __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        __uclibc_progname.symtab0x805ef784OBJECT<unknown>HIDDEN10
        __vfork.symtab0x8054f4021FUNC<unknown>HIDDEN2
        __xpg_strerror_r.symtab0x805149c183FUNC<unknown>DEFAULT2
        __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _charpad.symtab0x80501f454FUNC<unknown>DEFAULT2
        _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _dl_aux_init.symtab0x805785c18FUNC<unknown>DEFAULT2
        _dl_phdr.symtab0x8066b604OBJECT<unknown>DEFAULT11
        _dl_phnum.symtab0x8066b644OBJECT<unknown>DEFAULT11
        _edata.symtab0x805efc00NOTYPE<unknown>DEFAULTSHN_ABS
        _end.symtab0x8066b680NOTYPE<unknown>DEFAULTSHN_ABS
        _errno.symtab0x80654944OBJECT<unknown>DEFAULT11
        _exit.symtab0x8054fe440FUNC<unknown>DEFAULT2
        _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fini.symtab0x80584283FUNC<unknown>DEFAULT3
        _fixed_buffers.symtab0x80634608192OBJECT<unknown>DEFAULT11
        _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fp_out_narrow.symtab0x805022a106FUNC<unknown>DEFAULT2
        _fpmaxtostr.symtab0x80558301476FUNC<unknown>HIDDEN2
        _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _h_errno.symtab0x80654984OBJECT<unknown>DEFAULT11
        _init.symtab0x80480943FUNC<unknown>DEFAULT1
        _load_inttype.symtab0x80556c486FUNC<unknown>HIDDEN2
        _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_init.symtab0x805083c111FUNC<unknown>HIDDEN2
        _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_parsespec.symtab0x8050a29966FUNC<unknown>HIDDEN2
        _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_prepargs.symtab0x80508ac66FUNC<unknown>HIDDEN2
        _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _ppfs_setargs.symtab0x80508f0271FUNC<unknown>HIDDEN2
        _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _promoted_size.symtab0x8050a0041FUNC<unknown>DEFAULT2
        _pthread_cleanup_pop_restore.symtab0x8054c2a1FUNC<unknown>DEFAULT2
        _pthread_cleanup_push_defer.symtab0x8054c2a1FUNC<unknown>DEFAULT2
        _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _sigintr.symtab0x8066ae0128OBJECT<unknown>HIDDEN11
        _start.symtab0x804816434FUNC<unknown>DEFAULT2
        _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _stdio_fopen.symtab0x804fe10559FUNC<unknown>HIDDEN2
        _stdio_init.symtab0x805004097FUNC<unknown>HIDDEN2
        _stdio_openlist.symtab0x805ed3c4OBJECT<unknown>DEFAULT10
        _stdio_openlist_add_lock.symtab0x805ed4024OBJECT<unknown>DEFAULT10
        _stdio_openlist_dec_use.symtab0x8050f9c228FUNC<unknown>DEFAULT2
        _stdio_openlist_del_count.symtab0x80634404OBJECT<unknown>DEFAULT11
        _stdio_openlist_del_lock.symtab0x805ed5824OBJECT<unknown>DEFAULT10
        _stdio_openlist_use_count.symtab0x806343c4OBJECT<unknown>DEFAULT11
        _stdio_streams.symtab0x805ed80240OBJECT<unknown>DEFAULT10
        _stdio_term.symtab0x80500b8136FUNC<unknown>HIDDEN2
        _stdio_user_locking.symtab0x805ed704OBJECT<unknown>DEFAULT10
        _stdlib_strto_l.symtab0x80546f8277FUNC<unknown>HIDDEN2
        _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _store_inttype.symtab0x805571c61FUNC<unknown>HIDDEN2
        _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _string_syserrmsgs.symtab0x805c0202906OBJECT<unknown>HIDDEN4
        _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _uintmaxtostr.symtab0x805575c209FUNC<unknown>HIDDEN2
        _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _vfprintf_internal.symtab0x80502941448FUNC<unknown>HIDDEN2
        _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        abort.symtab0x80540e0273FUNC<unknown>DEFAULT2
        abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        accept.symtab0x805303043FUNC<unknown>DEFAULT2
        accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        actualparent.symtab0x80655f44OBJECT<unknown>DEFAULT11
        advance_telstate.symtab0x804bc7080FUNC<unknown>DEFAULT2
        advances.symtab0x805eb4428OBJECT<unknown>DEFAULT10
        advances2.symtab0x805ebc044OBJECT<unknown>DEFAULT10
        ak47scan.symtab0x804d019185FUNC<unknown>DEFAULT2
        ak47scantoggle.symtab0x804d0d2421FUNC<unknown>DEFAULT2
        ak47telscan.symtab0x804bd0e4875FUNC<unknown>DEFAULT2
        append.symtab0x804d8e941FUNC<unknown>DEFAULT2
        asprintf.symtab0x804f9f030FUNC<unknown>DEFAULT2
        asprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        atoi.symtab0x80546ac20FUNC<unknown>DEFAULT2
        atol.symtab0x80546ac20FUNC<unknown>DEFAULT2
        atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        bcopy.symtab0x805155421FUNC<unknown>DEFAULT2
        bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        been_there_done_that.symtab0x80654741OBJECT<unknown>DEFAULT11
        been_there_done_that.2832.symtab0x80654901OBJECT<unknown>DEFAULT11
        bind.symtab0x805305c43FUNC<unknown>DEFAULT2
        bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        blacknurse.symtab0x80492ff576FUNC<unknown>DEFAULT2
        botkill.symtab0x804d277117FUNC<unknown>DEFAULT2
        brk.symtab0x805787054FUNC<unknown>DEFAULT2
        brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        bsd_signal.symtab0x8057748175FUNC<unknown>DEFAULT2
        buf.2658.symtab0x806546416OBJECT<unknown>DEFAULT11
        c.symtab0x805ebfc4OBJECT<unknown>DEFAULT10
        capsaicin2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        chan.symtab0x80667304OBJECT<unknown>DEFAULT11
        changeservers.symtab0x805efe44OBJECT<unknown>DEFAULT11
        chdir.symtab0x804f3ec46FUNC<unknown>DEFAULT2
        chdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        clock_getres.symtab0x805500c50FUNC<unknown>DEFAULT2
        clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        close.symtab0x804f41c46FUNC<unknown>DEFAULT2
        close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        completed.2429.symtab0x805efc01OBJECT<unknown>DEFAULT11
        con.symtab0x804e7e1631FUNC<unknown>DEFAULT2
        connect.symtab0x805308843FUNC<unknown>DEFAULT2
        connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        contains_fail.symtab0x804badd27FUNC<unknown>DEFAULT2
        contains_response.symtab0x804baf863FUNC<unknown>DEFAULT2
        contains_string.symtab0x804ba4e116FUNC<unknown>DEFAULT2
        contains_success.symtab0x804bac227FUNC<unknown>DEFAULT2
        creat.symtab0x805523f25FUNC<unknown>DEFAULT2
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        csum.symtab0x8048192113FUNC<unknown>DEFAULT2
        data_start.symtab0x805e6680NOTYPE<unknown>DEFAULT10
        decodea.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        disable.symtab0x8048f79264FUNC<unknown>DEFAULT2
        disabled.symtab0x805efe81OBJECT<unknown>DEFAULT11
        dispass.symtab0x80654e0256OBJECT<unknown>DEFAULT11
        dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        dns.symtab0x804af79602FUNC<unknown>DEFAULT2
        dns_format.symtab0x804a8b2167FUNC<unknown>DEFAULT2
        dns_hdr_create.symtab0x804a959112FUNC<unknown>DEFAULT2
        dns_send.symtab0x804a9c91021FUNC<unknown>DEFAULT2
        dnsflood.symtab0x804adc6435FUNC<unknown>DEFAULT2
        dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        download.symtab0x804891e1055FUNC<unknown>DEFAULT2
        dup2.symtab0x805504050FUNC<unknown>DEFAULT2
        dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        enable.symtab0x8049081200FUNC<unknown>DEFAULT2
        encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        endservent.symtab0x80562bc92FUNC<unknown>DEFAULT2
        environ.symtab0x80654804OBJECT<unknown>DEFAULT11
        errno.symtab0x80654944OBJECT<unknown>DEFAULT11
        errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        execfile.symtab0x8065600256OBJECT<unknown>DEFAULT11
        execl.symtab0x8054878105FUNC<unknown>DEFAULT2
        execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        execve.symtab0x805507454FUNC<unknown>DEFAULT2
        execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        exit.symtab0x8054810103FUNC<unknown>DEFAULT2
        exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        exp10_table.symtab0x805d520156OBJECT<unknown>DEFAULT4
        fails.symtab0x805eb6036OBJECT<unknown>DEFAULT10
        fastflux.symtab0x804da7e450FUNC<unknown>DEFAULT2
        fclose.symtab0x804f7e0265FUNC<unknown>DEFAULT2
        fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fcntl.symtab0x804f35487FUNC<unknown>DEFAULT2
        fcntl64.symtab0x804f3ac63FUNC<unknown>DEFAULT2
        fdopen.symtab0x805548050FUNC<unknown>DEFAULT2
        fdopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        feof.symtab0x8050df083FUNC<unknown>DEFAULT2
        feof.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fflush_unlocked.symtab0x8051080321FUNC<unknown>DEFAULT2
        fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgetc_unlocked.symtab0x8055df4220FUNC<unknown>DEFAULT2
        fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets.symtab0x8050e4498FUNC<unknown>DEFAULT2
        fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fgets_unlocked.symtab0x80511c4105FUNC<unknown>DEFAULT2
        fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        filter.symtab0x8048463114FUNC<unknown>DEFAULT2
        flooders.symtab0x805ec20176OBJECT<unknown>DEFAULT10
        fmt.symtab0x805d4f020OBJECT<unknown>DEFAULT4
        fopen.symtab0x804f8ec24FUNC<unknown>DEFAULT2
        fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fork.symtab0x804f44c38FUNC<unknown>DEFAULT2
        fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fprintf.symtab0x804f9d030FUNC<unknown>DEFAULT2
        fprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fputc.symtab0x8050ea8146FUNC<unknown>DEFAULT2
        fputc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fputc_unlocked.symtab0x8051230197FUNC<unknown>DEFAULT2
        fputc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fputs.symtab0x8050f3c95FUNC<unknown>DEFAULT2
        fputs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fputs_unlocked.symtab0x80512f851FUNC<unknown>DEFAULT2
        fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        frame_dummy.symtab0x80481100FUNC<unknown>DEFAULT2
        free.symtab0x8053f21412FUNC<unknown>DEFAULT2
        free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        freeaddrinfo.symtab0x805212635FUNC<unknown>DEFAULT2
        fseek.symtab0x80578c027FUNC<unknown>DEFAULT2
        fseeko.symtab0x80578c027FUNC<unknown>DEFAULT2
        fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fseeko64.symtab0x805793c227FUNC<unknown>DEFAULT2
        fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        fwrite_unlocked.symtab0x805132c116FUNC<unknown>DEFAULT2
        fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gaih.symtab0x805cb7c24OBJECT<unknown>DEFAULT4
        gaih_inet.symtab0x80517972447FUNC<unknown>DEFAULT2
        gaih_inet_serv.symtab0x8051704147FUNC<unknown>DEFAULT2
        gaih_inet_typeproto.symtab0x805cba035OBJECT<unknown>DEFAULT4
        get.symtab0x8048d3d241FUNC<unknown>DEFAULT2
        getBuild.symtab0x804818810FUNC<unknown>DEFAULT2
        getDatIP.symtab0x804b675734FUNC<unknown>DEFAULT2
        getHost.symtab0x8049c4459FUNC<unknown>DEFAULT2
        getPublicIP.symtab0x804d9b5123FUNC<unknown>DEFAULT2
        get_hosts_byaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        get_telstate_host.symtab0x804bc5131FUNC<unknown>DEFAULT2
        getaddrinfo.symtab0x8052149652FUNC<unknown>DEFAULT2
        getaddrinfo.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getc_unlocked.symtab0x8055df4220FUNC<unknown>DEFAULT2
        getcwd.symtab0x804f474185FUNC<unknown>DEFAULT2
        getcwd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getdtablesize.symtab0x804f53037FUNC<unknown>DEFAULT2
        getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getegid.symtab0x80550ac38FUNC<unknown>DEFAULT2
        getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        geteuid.symtab0x80550d438FUNC<unknown>DEFAULT2
        geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getgid.symtab0x80550fc38FUNC<unknown>DEFAULT2
        getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyaddr_r.symtab0x8052cbc884FUNC<unknown>DEFAULT2
        gethostbyaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname2_r.symtab0x805298c815FUNC<unknown>DEFAULT2
        gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        gethostbyname_r.symtab0x80573d4818FUNC<unknown>DEFAULT2
        gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getmyip.symtab0x804da3078FUNC<unknown>DEFAULT2
        getpagesize.symtab0x804f55819FUNC<unknown>DEFAULT2
        getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getpid.symtab0x804f56c38FUNC<unknown>DEFAULT2
        getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getppid.symtab0x804f59438FUNC<unknown>DEFAULT2
        getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getrlimit.symtab0x804f5bc50FUNC<unknown>DEFAULT2
        getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getservbyname.symtab0x805654e52FUNC<unknown>DEFAULT2
        getservbyname_r.symtab0x805646e224FUNC<unknown>DEFAULT2
        getservbyport.symtab0x805643a52FUNC<unknown>DEFAULT2
        getservbyport_r.symtab0x805638b175FUNC<unknown>DEFAULT2
        getservent.symtab0x805629242FUNC<unknown>DEFAULT2
        getservent_r.symtab0x80560c2464FUNC<unknown>DEFAULT2
        getservice.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getsockopt.symtab0x80530b459FUNC<unknown>DEFAULT2
        getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        getuid.symtab0x805512438FUNC<unknown>DEFAULT2
        getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        h_errno.symtab0x80654984OBJECT<unknown>DEFAULT11
        head.symtab0x80667204OBJECT<unknown>DEFAULT11
        help.symtab0x804d3831090FUNC<unknown>DEFAULT2
        histClear.symtab0x804d99235FUNC<unknown>DEFAULT2
        hold.symtab0x804a7f4190FUNC<unknown>DEFAULT2
        host2ip.symtab0x8049149135FUNC<unknown>DEFAULT2
        htonl.symtab0x80516e87FUNC<unknown>DEFAULT2
        htons.symtab0x80516dc12FUNC<unknown>DEFAULT2
        i.5507.symtab0x805f4004OBJECT<unknown>DEFAULT11
        i.5549.symtab0x805ec004OBJECT<unknown>DEFAULT10
        ident.symtab0x80655e44OBJECT<unknown>DEFAULT11
        identd.symtab0x8048575578FUNC<unknown>DEFAULT2
        if_freenameindex.symtab0x805680a52FUNC<unknown>DEFAULT2
        if_index.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        if_indextoname.symtab0x8056584119FUNC<unknown>DEFAULT2
        if_nameindex.symtab0x8056670410FUNC<unknown>DEFAULT2
        if_nametoindex.symtab0x80565fb117FUNC<unknown>DEFAULT2
        in6_addr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        in6addr_any.symtab0x805cbe816OBJECT<unknown>DEFAULT4
        in6addr_loopback.symtab0x805cbf816OBJECT<unknown>DEFAULT4
        in_cksum.symtab0x80487fb133FUNC<unknown>DEFAULT2
        index.symtab0x8055f1c30FUNC<unknown>DEFAULT2
        inet_addr.symtab0x805296437FUNC<unknown>DEFAULT2
        inet_aton.symtab0x8056840148FUNC<unknown>DEFAULT2
        inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_ntoa.symtab0x805294f21FUNC<unknown>DEFAULT2
        inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        inet_ntoa_r.symtab0x805290079FUNC<unknown>DEFAULT2
        inet_ntop.symtab0x8052730462FUNC<unknown>DEFAULT2
        inet_ntop4.symtab0x8052628264FUNC<unknown>DEFAULT2
        inet_pton.symtab0x805245e458FUNC<unknown>DEFAULT2
        inet_pton4.symtab0x80523d8134FUNC<unknown>DEFAULT2
        infected.symtab0x805ebf48OBJECT<unknown>DEFAULT10
        init_rand.symtab0x80491d0111FUNC<unknown>DEFAULT2
        initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        initstate.symtab0x80542a187FUNC<unknown>DEFAULT2
        initstate_r.symtab0x80544ca171FUNC<unknown>DEFAULT2
        ioctl.symtab0x804f5f063FUNC<unknown>DEFAULT2
        ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        isatty.symtab0x805164c29FUNC<unknown>DEFAULT2
        isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        ismaster.symtab0x804d912128FUNC<unknown>DEFAULT2
        junk.symtab0x804a372190FUNC<unknown>DEFAULT2
        key.symtab0x80667284OBJECT<unknown>DEFAULT11
        kill.symtab0x804f63050FUNC<unknown>DEFAULT2
        kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        killall.symtab0x804d7c5189FUNC<unknown>DEFAULT2
        killd.symtab0x804d882103FUNC<unknown>DEFAULT2
        knownBots.symtab0x805e6a0776OBJECT<unknown>DEFAULT10
        legit.symtab0x805ebec8OBJECT<unknown>DEFAULT10
        lengthd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        lengthq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc/sysdeps/linux/i386/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc/sysdeps/linux/i386/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc/sysdeps/linux/i386/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc/sysdeps/linux/i386/mmap.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        libc/sysdeps/linux/i386/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        limiter.symtab0x80655e84OBJECT<unknown>DEFAULT11
        listFork.symtab0x80498b7177FUNC<unknown>DEFAULT2
        listen.symtab0x80530f035FUNC<unknown>DEFAULT2
        listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        lseek64.symtab0x805829095FUNC<unknown>DEFAULT2
        main.symtab0x804eb0d2117FUNC<unknown>DEFAULT2
        makeFukdString.symtab0x804ea58100FUNC<unknown>DEFAULT2
        makeRandomShit.symtab0x804953f98FUNC<unknown>DEFAULT2
        malloc.symtab0x805324e1908FUNC<unknown>DEFAULT2
        malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        malloc_trim.symtab0x80540bd34FUNC<unknown>DEFAULT2
        masters.symtab0x805e6904OBJECT<unknown>DEFAULT10
        memchr.symtab0x8055ed035FUNC<unknown>DEFAULT2
        memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memcpy.symtab0x80513a039FUNC<unknown>DEFAULT2
        memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memmove.symtab0x8055ef439FUNC<unknown>DEFAULT2
        memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mempcpy.symtab0x8055f3c33FUNC<unknown>DEFAULT2
        mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memrchr.symtab0x8055f60176FUNC<unknown>DEFAULT2
        memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        memset.symtab0x80513c821FUNC<unknown>DEFAULT2
        memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mfork.symtab0x8048384223FUNC<unknown>DEFAULT2
        mmap.symtab0x8054f5827FUNC<unknown>DEFAULT2
        move.symtab0x804d32495FUNC<unknown>DEFAULT2
        mremap.symtab0x805514c63FUNC<unknown>DEFAULT2
        mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        msgs.symtab0x805ece064OBJECT<unknown>DEFAULT10
        munmap.symtab0x805518c50FUNC<unknown>DEFAULT2
        munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        mygethostbyname.symtab0x8048880158FUNC<unknown>DEFAULT2
        mylock.symtab0x806342024OBJECT<unknown>DEFAULT11
        mylock.symtab0x805ee8824OBJECT<unknown>DEFAULT10
        mylock.symtab0x805eea024OBJECT<unknown>DEFAULT10
        mylock.symtab0x805ef8c24OBJECT<unknown>DEFAULT10
        mylock.symtab0x80654b824OBJECT<unknown>DEFAULT11
        nanosleep.symtab0x80551c050FUNC<unknown>DEFAULT2
        nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        negotiate.symtab0x804b953251FUNC<unknown>DEFAULT2
        next_start.1109.symtab0x80654604OBJECT<unknown>DEFAULT11
        nick.symtab0x80655ec4OBJECT<unknown>DEFAULT11
        nickc.symtab0x8048e4c141FUNC<unknown>DEFAULT2
        ntohl.symtab0x80516fb7FUNC<unknown>DEFAULT2
        ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        ntohs.symtab0x80516ef12FUNC<unknown>DEFAULT2
        ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        nummasters.symtab0x805e68c4OBJECT<unknown>DEFAULT10
        numpids.symtab0x805eff44OBJECT<unknown>DEFAULT11
        numservers.symtab0x805e6804OBJECT<unknown>DEFAULT10
        object.2482.symtab0x805efc424OBJECT<unknown>DEFAULT11
        open.symtab0x80551f475FUNC<unknown>DEFAULT2
        open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        opensock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        p.2427.symtab0x805e6640OBJECT<unknown>DEFAULT10
        passwords.symtab0x805eae0100OBJECT<unknown>DEFAULT10
        pclose.symtab0x804fb58190FUNC<unknown>DEFAULT2
        perror.symtab0x804f90450FUNC<unknown>DEFAULT2
        perror.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        pid.symtab0x80655e04OBJECT<unknown>DEFAULT11
        pids.symtab0x80667344OBJECT<unknown>DEFAULT11
        pipe.symtab0x805525846FUNC<unknown>DEFAULT2
        pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        poll.symtab0x804f66454FUNC<unknown>DEFAULT2
        poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        popen.symtab0x804fc16506FUNC<unknown>DEFAULT2
        popen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        popen_list.symtab0x80634384OBJECT<unknown>DEFAULT11
        poww.symtab0x80487b768FUNC<unknown>DEFAULT2
        pps.symtab0x80657004OBJECT<unknown>DEFAULT11
        prefix.4202.symtab0x805bf7d12OBJECT<unknown>DEFAULT4
        print.symtab0x804b409584FUNC<unknown>DEFAULT2
        printchar.symtab0x804b1d358FUNC<unknown>DEFAULT2
        printi.symtab0x804b2e4293FUNC<unknown>DEFAULT2
        prints.symtab0x804b20d215FUNC<unknown>DEFAULT2
        putc.symtab0x8050ea8146FUNC<unknown>DEFAULT2
        putc_unlocked.symtab0x8051230197FUNC<unknown>DEFAULT2
        puts.symtab0x804f938124FUNC<unknown>DEFAULT2
        puts.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        qual_chars.4208.symtab0x805bf9020OBJECT<unknown>DEFAULT4
        raise.symtab0x805773024FUNC<unknown>DEFAULT2
        raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand.symtab0x80541f45FUNC<unknown>DEFAULT2
        rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rand_cmwc.symtab0x804923f192FUNC<unknown>DEFAULT2
        random.symtab0x80541fc72FUNC<unknown>DEFAULT2
        random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        random_poly_info.symtab0x805cc4040OBJECT<unknown>DEFAULT4
        random_r.symtab0x80543d595FUNC<unknown>DEFAULT2
        random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        randstring.symtab0x80484d5160FUNC<unknown>DEFAULT2
        randtbl.symtab0x805eee0128OBJECT<unknown>DEFAULT10
        rawmemchr.symtab0x8057c2099FUNC<unknown>DEFAULT2
        rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        read.symtab0x80582f054FUNC<unknown>DEFAULT2
        read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        read_until_response.symtab0x804bbda119FUNC<unknown>DEFAULT2
        read_with_timeout.symtab0x804bb37163FUNC<unknown>DEFAULT2
        realloc.symtab0x80539c4808FUNC<unknown>DEFAULT2
        realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        realrand.symtab0x8048ed979FUNC<unknown>DEFAULT2
        recv.symtab0x805311451FUNC<unknown>DEFAULT2
        recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rekdevice.symtab0x805e6944OBJECT<unknown>DEFAULT10
        reset_telstate.symtab0x804bcc031FUNC<unknown>DEFAULT2
        rewind.symtab0x80578dc94FUNC<unknown>DEFAULT2
        rewind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        rnd.symtab0x806672c4OBJECT<unknown>DEFAULT11
        rndnick.symtab0x8048f2881FUNC<unknown>DEFAULT2
        rseed.symtab0x80657204096OBJECT<unknown>DEFAULT11
        rsi.symtab0x80655f84OBJECT<unknown>DEFAULT11
        sbrk.symtab0x805528878FUNC<unknown>DEFAULT2
        sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        scanPid.symtab0x805efe04OBJECT<unknown>DEFAULT11
        sclose.symtab0x804bcdf47FUNC<unknown>DEFAULT2
        select.symtab0x804f69c63FUNC<unknown>DEFAULT2
        select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        send.symtab0x805314851FUNC<unknown>DEFAULT2
        send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sendHOLD.symtab0x804a430964FUNC<unknown>DEFAULT2
        sendHTTP.symtab0x8049d36366FUNC<unknown>DEFAULT2
        sendJUNK.symtab0x8049fab967FUNC<unknown>DEFAULT2
        sendSTD.symtab0x8049968732FUNC<unknown>DEFAULT2
        sendto.symtab0x805317c67FUNC<unknown>DEFAULT2
        sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        serv.symtab0x80654a416OBJECT<unknown>DEFAULT11
        serv_stayopen.symtab0x80654b41OBJECT<unknown>DEFAULT11
        servbuf.symtab0x806549c4OBJECT<unknown>DEFAULT11
        server.symtab0x80657044OBJECT<unknown>DEFAULT11
        servers.symtab0x805e6848OBJECT<unknown>DEFAULT10
        servf.symtab0x80654a04OBJECT<unknown>DEFAULT11
        setservent.symtab0x8056318115FUNC<unknown>DEFAULT2
        setsid.symtab0x804f6dc38FUNC<unknown>DEFAULT2
        setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setsockopt.symtab0x80531c059FUNC<unknown>DEFAULT2
        setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        setstate.symtab0x805424493FUNC<unknown>DEFAULT2
        setstate_r.symtab0x805433c153FUNC<unknown>DEFAULT2
        sigaction.symtab0x8054e67217FUNC<unknown>DEFAULT2
        sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        signal.symtab0x8057748175FUNC<unknown>DEFAULT2
        signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigprocmask.symtab0x80552d885FUNC<unknown>DEFAULT2
        sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sleep.symtab0x80548e4393FUNC<unknown>DEFAULT2
        sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        sleeptime.symtab0x805ec044OBJECT<unknown>DEFAULT10
        sock.symtab0x80655f04OBJECT<unknown>DEFAULT11
        socket.symtab0x80531fc43FUNC<unknown>DEFAULT2
        socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        socket_connect.symtab0x8049c7f183FUNC<unknown>DEFAULT2
        spec_and_mask.4207.symtab0x805bfa416OBJECT<unknown>DEFAULT4
        spec_base.4201.symtab0x805bf897OBJECT<unknown>DEFAULT4
        spec_chars.4204.symtab0x805bfcd21OBJECT<unknown>DEFAULT4
        spec_flags.4203.symtab0x805bfe28OBJECT<unknown>DEFAULT4
        spec_or_mask.4206.symtab0x805bfb416OBJECT<unknown>DEFAULT4
        spec_ranges.4205.symtab0x805bfc49OBJECT<unknown>DEFAULT4
        spoofs.symtab0x805efec4OBJECT<unknown>DEFAULT11
        spoofsm.symtab0x805eff04OBJECT<unknown>DEFAULT11
        sprintf.symtab0x804fa1031FUNC<unknown>DEFAULT2
        sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        srand.symtab0x80542f867FUNC<unknown>DEFAULT2
        srandom.symtab0x80542f867FUNC<unknown>DEFAULT2
        srandom_r.symtab0x8054434150FUNC<unknown>DEFAULT2
        static_id.symtab0x805efa42OBJECT<unknown>DEFAULT10
        static_ns.symtab0x80654d04OBJECT<unknown>DEFAULT11
        stderr.symtab0x805ed304OBJECT<unknown>DEFAULT10
        stdin.symtab0x805ed284OBJECT<unknown>DEFAULT10
        stdout.symtab0x805ed2c4OBJECT<unknown>DEFAULT10
        strcasecmp.symtab0x805156c54FUNC<unknown>DEFAULT2
        strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcasestr.symtab0x80515a483FUNC<unknown>DEFAULT2
        strcasestr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strchr.symtab0x8055f1c30FUNC<unknown>DEFAULT2
        strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcmp.symtab0x8057bd029FUNC<unknown>DEFAULT2
        strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strcoll.symtab0x8057bd029FUNC<unknown>DEFAULT2
        strcpy.symtab0x80513e027FUNC<unknown>DEFAULT2
        strcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strdup.symtab0x80515f854FUNC<unknown>DEFAULT2
        strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strerror_r.symtab0x805149c183FUNC<unknown>DEFAULT2
        strlen.symtab0x80513fc19FUNC<unknown>DEFAULT2
        strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strncat.symtab0x8057bf046FUNC<unknown>DEFAULT2
        strncat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strncmp.symtab0x805141037FUNC<unknown>DEFAULT2
        strncmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strncpy.symtab0x805143838FUNC<unknown>DEFAULT2
        strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strnlen.symtab0x805146025FUNC<unknown>DEFAULT2
        strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strpbrk.symtab0x805606c39FUNC<unknown>DEFAULT2
        strpbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strspn.symtab0x8057c8450FUNC<unknown>DEFAULT2
        strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtok.symtab0x805163025FUNC<unknown>DEFAULT2
        strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtok_r.symtab0x805601089FUNC<unknown>DEFAULT2
        strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtol.symtab0x80546c026FUNC<unknown>DEFAULT2
        strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strtoul.symtab0x80546dc26FUNC<unknown>DEFAULT2
        strtoul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        strwildmatch.symtab0x8048203298FUNC<unknown>DEFAULT2
        successes.symtab0x805eba032OBJECT<unknown>DEFAULT10
        sysconf.symtab0x8054a70325FUNC<unknown>DEFAULT2
        sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        system.symtab0x8054578305FUNC<unknown>DEFAULT2
        system.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        szprintf.symtab0x804b65136FUNC<unknown>DEFAULT2
        tcgetattr.symtab0x805166c112FUNC<unknown>DEFAULT2
        tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        tehport.symtab0x80667244OBJECT<unknown>DEFAULT11
        textBuffer.5000.symtab0x805f0001024OBJECT<unknown>DEFAULT11
        thanks.symtab0x805ec084OBJECT<unknown>DEFAULT10
        time.symtab0x804f70446FUNC<unknown>DEFAULT2
        time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        tolower.symtab0x805536c29FUNC<unknown>DEFAULT2
        tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        touchMyself.symtab0x804eabc81FUNC<unknown>DEFAULT2
        toupper.symtab0x804f7b829FUNC<unknown>DEFAULT2
        toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        type_codes.symtab0x805bfea24OBJECT<unknown>DEFAULT4
        type_sizes.symtab0x805c00212OBJECT<unknown>DEFAULT4
        umask.symtab0x804f73448FUNC<unknown>DEFAULT2
        umask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        unknown.symtab0x80495a1790FUNC<unknown>DEFAULT2
        unknown.1161.symtab0x805c00e14OBJECT<unknown>DEFAULT4
        unsafe_state.symtab0x805eeb828OBJECT<unknown>DEFAULT10
        user.symtab0x80655fc4OBJECT<unknown>DEFAULT11
        usernames.symtab0x805ea60100OBJECT<unknown>DEFAULT10
        usleep.symtab0x8054bb848FUNC<unknown>DEFAULT2
        usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        vasprintf.symtab0x804fa30115FUNC<unknown>DEFAULT2
        vasprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        version.symtab0x8048e2e30FUNC<unknown>DEFAULT2
        vfork.symtab0x8054f4021FUNC<unknown>DEFAULT2
        vfprintf.symtab0x805016c136FUNC<unknown>DEFAULT2
        vfprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        vsnprintf.symtab0x804faa4178FUNC<unknown>DEFAULT2
        vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        vsprintf.symtab0x804f9b426FUNC<unknown>DEFAULT2
        vsprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wait4.symtab0x805533059FUNC<unknown>DEFAULT2
        wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        waitpid.symtab0x804f76426FUNC<unknown>DEFAULT2
        waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wcrtomb.symtab0x805539468FUNC<unknown>DEFAULT2
        wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wcsnrtombs.symtab0x80553f8134FUNC<unknown>DEFAULT2
        wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        wcsrtombs.symtab0x80553d830FUNC<unknown>DEFAULT2
        wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        write.symtab0x804f78054FUNC<unknown>DEFAULT2
        write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
        xdigits.3116.symtab0x805cbd717OBJECT<unknown>DEFAULT4

        Network Behavior

        Network Port Distribution

        • Total Packets: 58
        • 5060 undefined
        • 443 (HTTPS)
        • 80 (HTTP)
        TimestampSource PortDest PortSource IPDest IP
        Nov 6, 2024 15:18:43.499269962 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:43.504215002 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:43.504266977 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:44.308387995 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:44.308451891 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:44.501827955 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:44.713803053 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:44.768731117 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:44.768838882 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:44.769673109 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:44.769684076 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:45.048975945 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:45.049129963 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:45.049175024 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:45.054642916 CET506039626194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:45.054702997 CET396265060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:45.189728975 CET43928443192.168.2.2391.189.91.42
        Nov 6, 2024 15:18:50.056406975 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:50.061383963 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:50.061448097 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:50.564981937 CET42836443192.168.2.2391.189.91.43
        Nov 6, 2024 15:18:50.905962944 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:50.906011105 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:51.058784008 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:51.063643932 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:51.214215994 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:51.214270115 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:51.344620943 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:51.344671965 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:51.344707012 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:51.349864006 CET506039628194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:51.349903107 CET396285060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:52.356682062 CET4251680192.168.2.23109.202.202.202
        Nov 6, 2024 15:18:56.345983028 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:56.350843906 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:56.351012945 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.143656969 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:57.143748045 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.340821028 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:57.340919971 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.349339962 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.354141951 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:57.630944014 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:57.630994081 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.631033897 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:18:57.636404037 CET506039630194.110.247.46192.168.2.23
        Nov 6, 2024 15:18:57.636451006 CET396305060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:02.633101940 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:02.638183117 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:02.638295889 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:03.489233017 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:03.489388943 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:03.635785103 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:03.636507988 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:03.643192053 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:03.643254995 CET396325060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:03.643719912 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:03.644503117 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:03.648123026 CET506039632194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:05.157654047 CET43928443192.168.2.2391.189.91.42
        Nov 6, 2024 15:19:08.636962891 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:08.642013073 CET506039634194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:08.642080069 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:09.640038967 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:09.644948959 CET506039634194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:10.506066084 CET506039634194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:10.506299973 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:10.506299973 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:10.511909008 CET506039634194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:10.512018919 CET396345060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:15.507474899 CET396365060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:15.512320995 CET506039636194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:15.512404919 CET396365060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:16.510071993 CET396365060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:16.515199900 CET506039636194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:17.445086002 CET42836443192.168.2.2391.189.91.43
        Nov 6, 2024 15:19:18.899909973 CET506039636194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:18.900741100 CET396365060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:18.906018972 CET506039636194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:18.906989098 CET396385060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:18.912185907 CET506039638194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:18.912244081 CET396385060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:19.908766985 CET396385060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:19.913856030 CET506039638194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:20.199790955 CET506039638194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:20.200670958 CET396385060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:20.200900078 CET396385060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:20.205812931 CET506039638194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:20.206023932 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:20.210796118 CET506039640194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:20.210911989 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:21.216521978 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:21.221664906 CET506039640194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:21.221745968 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:22.007415056 CET506039640194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:22.007571936 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:22.189625978 CET506039640194.110.247.46192.168.2.23
        Nov 6, 2024 15:19:22.211759090 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:22.214968920 CET396405060192.168.2.23194.110.247.46
        Nov 6, 2024 15:19:22.216774940 CET506039640194.110.247.46192.168.2.23

        IRC Packets

        TimestampSource PortDest PortSource IPDest IPCommands
        Nov 6, 2024 15:18:44.501827955 CET396265060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:18:44.713803053 CET396265060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:18:51.058784008 CET396285060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:18:57.349339962 CET396305060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:03.635785103 CET396325060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:09.640038967 CET396345060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:16.510071993 CET396365060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:18.900741100 CET396365060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:19.908766985 CET396385060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:20.200900078 CET396385060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:22.211759090 CET396405060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:28.220447063 CET396425060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:29.012233019 CET396425060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:30.020684958 CET396445060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:36.025005102 CET396465060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:36.299305916 CET396465060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:37.307254076 CET396485060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:38.595571041 CET396485060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:39.603043079 CET396505060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:39.817905903 CET396505060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF
        Nov 6, 2024 15:19:42.313112974 CET396505060192.168.2.23194.110.247.46NICK [OSX|x86_32]F8UF
        USER F8UF localhost localhost :F8UF

        System Behavior

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:/tmp/yakuza.i586.elf
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:42
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 902i13
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:43
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:43
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 902i13
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:44
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:45
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:45
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:45
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 BzSxLxBxeY
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:46
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:46
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 BzSxLxBxeY
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:47
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:47
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:47
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:47
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 HOHO-LUGO7
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:49
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:49
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 HOHO-LUGO7
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:50
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:50
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:50
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:50
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 HOHO-U79OL
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:51
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:51
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 HOHO-U79OL
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:52
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:52
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:53
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:53
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 JuYfouyf87
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:54
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:54
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 JuYfouyf87
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:55
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:55
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:55
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:55
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 NiGGeR69xd
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:57
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:57
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 NiGGeR69xd
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:18:58
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:18:58
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:18:58
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:58
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 SO190Ij1X
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:18:59
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:18:59
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 SO190Ij1X
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:00
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:00
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:00
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:00
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 LOLKIKEEEDDE
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:02
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:02
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 LOLKIKEEEDDE
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:03
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:03
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:03
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:03
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 ekjheory98e
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:04
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:04
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 ekjheory98e
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:05
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:05
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:05
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:05
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 scansh4
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:06
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:06
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 scansh4
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:07
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:07
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:07
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:07
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 MDMA
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:09
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:09
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 MDMA
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:10
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:10
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:10
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:10
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 fdevalvex
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:12
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:12
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 fdevalvex
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:13
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:13
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:13
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:13
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 scanspc
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:14
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:14
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 scanspc
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:15
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:15
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:15
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:15
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 MELTEDNINJAREALZ
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:16
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:16
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 MELTEDNINJAREALZ
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:17
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:17
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:17
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:17
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 flexsonskids
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:18
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:18
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 flexsonskids
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:19
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:19
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        File Activities

        General

        Start time (UTC):14:19:19
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:19
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 scanx86
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        File Activities

        General

        Start time (UTC):14:19:21
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:21
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 scanx86
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:22
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:22
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:22
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:22
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 MISAKI-U79OL
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:24
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:24
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 MISAKI-U79OL
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:25
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:25
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:25
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:25
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 foAxi102kxe
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:26
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:26
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 foAxi102kxe
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:27
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:27
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:27
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:27
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 swodjwodjwoj
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:29
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:29
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 swodjwodjwoj
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:30
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:30
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:30
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:30
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 MmKiy7f87l
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:31
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:31
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 MmKiy7f87l
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:32
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:32
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:32
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:32
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 freecookiex86
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:33
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:33
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 freecookiex86
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:34
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:34
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:35
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:35
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 sysgpu
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:36
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:36
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 sysgpu
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:37
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:37
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:37
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:37
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 NiGGeR69xd
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:38
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:38
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 NiGGeR69xd
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:39
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:39
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 frgege || busybox pkill -9 frgege"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:39
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:39
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 frgege
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:41
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:41
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 frgege
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:42
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:42
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:42
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:42
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 sysupdater
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:47
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:47
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 sysupdater
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:48
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:48
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:48
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:48
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 0DnAzepd
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:50
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:50
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 0DnAzepd
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:51
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:51
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:51
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:52
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 NiGGeRD0nks69
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:54
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:54
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 NiGGeRD0nks69
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:55
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:55
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:55
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:55
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 frgreu
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:19:57
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:57
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 frgreu
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:19:58
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:19:58
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:58
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:19:58
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 telnetd
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:00
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:00
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 telnetd
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:02
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:02
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:02
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:02
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 0x766f6964
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:04
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:04
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 0x766f6964
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:05
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:05
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:05
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:05
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 NiGGeRd0nks1337
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:07
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:07
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 NiGGeRd0nks1337
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:08
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:08
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 gaft || busybox pkill -9 gaft"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:08
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:08
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 gaft
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:10
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:10
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 gaft
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:11
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:11
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:12
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:12
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 urasgbsigboa
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:14
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:14
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 urasgbsigboa
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:15
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:15
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:15
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:15
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 120i3UI49
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:17
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:17
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 120i3UI49
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:18
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:18
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:19
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:19
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 OaF3
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:21
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:21
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 OaF3
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:22
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:22
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 geae || busybox pkill -9 geae"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:22
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:22
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 geae
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:25
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:25
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 geae
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:26
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:26
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:26
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:26
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 vaiolmao
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:27
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:27
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 vaiolmao
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:28
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:28
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 123123a || busybox pkill -9 123123a"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:28
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:28
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 123123a
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:30
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:30
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 123123a
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:32
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:32
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:32
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:32
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 Ofurain0n4H34D
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:35
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:35
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 Ofurain0n4H34D
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:36
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:36
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:36
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:36
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 ggTrex
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:38
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:38
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 ggTrex
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:39
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:39
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 wasads || busybox pkill -9 wasads"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:39
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:39
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 wasads
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:42
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:42
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 wasads
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:43
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:43
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:43
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:43
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 1293194hjXD
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f

        General

        Start time (UTC):14:20:46
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:46
        Start date (UTC):06/11/2024
        Path:/usr/bin/busybox
        Arguments:busybox pkill -9 1293194hjXD
        File size:2172376 bytes
        MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

        General

        Start time (UTC):14:20:47
        Start date (UTC):06/11/2024
        Path:/tmp/yakuza.i586.elf
        Arguments:-
        File size:119163 bytes
        MD5 hash:da72e6333e06ec39df537436be9e69ca

        General

        Start time (UTC):14:20:47
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:47
        Start date (UTC):06/11/2024
        Path:/bin/sh
        Arguments:-
        File size:129816 bytes
        MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

        General

        Start time (UTC):14:20:47
        Start date (UTC):06/11/2024
        Path:/usr/bin/pkill
        Arguments:pkill -9 OthLaLosn
        File size:30968 bytes
        MD5 hash:fa96a75a08109d8842e4865b2907d51f