Edit tour

Linux Analysis Report
yakuza.arm7.elf

Overview

General Information

Sample name:	yakuza.arm7.elf
Analysis ID:	1561400
MD5:	ff372adbc5e569cff7db7dc149fab189
SHA1:	7348cab16bb9a6cc5e8fcbdb8b42b5db478efbde
SHA256:	fded14fcb77f6abfebea70c812efa1d72cbbd54f38fb233bc7290bd264d565e7
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Uses IRC for communication with a C&C

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings indicative of password brute-forcing capabilities

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561400
Start date and time:	2024-11-23 11:02:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	yakuza.arm7.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@2/0

Warnings

Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:	/tmp/yakuza.arm7.elf
PID:	5503
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	CAPSAICIN
Standard Error:

Process Tree

system is lnxubuntu20

yakuza.arm7.elf (PID: 5503, Parent: 5428, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/yakuza.arm7.elf

yakuza.arm7.elf New Fork (PID: 5505, Parent: 5503)

yakuza.arm7.elf New Fork (PID: 5507, Parent: 5505)

yakuza.arm7.elf New Fork (PID: 5508, Parent: 5505)

yakuza.arm7.elf New Fork (PID: 5510, Parent: 5505)

sh (PID: 5510, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 902i13 || busybox pkill -9 902i13"

sh New Fork (PID: 5513, Parent: 5510)

pkill (PID: 5513, Parent: 5510, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 902i13

sh New Fork (PID: 5547, Parent: 5510)

busybox (PID: 5547, Parent: 5510, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 902i13

yakuza.arm7.elf New Fork (PID: 5550, Parent: 5505)

sh (PID: 5550, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"

sh New Fork (PID: 5556, Parent: 5550)

pkill (PID: 5556, Parent: 5550, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 BzSxLxBxeY

sh New Fork (PID: 5557, Parent: 5550)

busybox (PID: 5557, Parent: 5550, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 BzSxLxBxeY

yakuza.arm7.elf New Fork (PID: 5558, Parent: 5505)

sh (PID: 5558, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"

sh New Fork (PID: 5560, Parent: 5558)

pkill (PID: 5560, Parent: 5558, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-LUGO7

sh New Fork (PID: 5564, Parent: 5558)

busybox (PID: 5564, Parent: 5558, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-LUGO7

yakuza.arm7.elf New Fork (PID: 5565, Parent: 5505)

sh (PID: 5565, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"

sh New Fork (PID: 5567, Parent: 5565)

pkill (PID: 5567, Parent: 5565, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-U79OL

sh New Fork (PID: 5568, Parent: 5565)

busybox (PID: 5568, Parent: 5565, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-U79OL

yakuza.arm7.elf New Fork (PID: 5569, Parent: 5505)

sh (PID: 5569, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"

sh New Fork (PID: 5575, Parent: 5569)

pkill (PID: 5575, Parent: 5569, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 JuYfouyf87

sh New Fork (PID: 5578, Parent: 5569)

busybox (PID: 5578, Parent: 5569, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 JuYfouyf87

yakuza.arm7.elf New Fork (PID: 5579, Parent: 5505)

sh (PID: 5579, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5581, Parent: 5579)

pkill (PID: 5581, Parent: 5579, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5582, Parent: 5579)

busybox (PID: 5582, Parent: 5579, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm7.elf New Fork (PID: 5583, Parent: 5505)

sh (PID: 5583, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"

sh New Fork (PID: 5588, Parent: 5583)

pkill (PID: 5588, Parent: 5583, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SO190Ij1X

sh New Fork (PID: 5591, Parent: 5583)

busybox (PID: 5591, Parent: 5583, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SO190Ij1X

yakuza.arm7.elf New Fork (PID: 5610, Parent: 5505)

sh (PID: 5610, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"

sh New Fork (PID: 5614, Parent: 5610)

pkill (PID: 5614, Parent: 5610, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 LOLKIKEEEDDE

sh New Fork (PID: 5616, Parent: 5610)

busybox (PID: 5616, Parent: 5610, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 LOLKIKEEEDDE

yakuza.arm7.elf New Fork (PID: 5617, Parent: 5505)

sh (PID: 5617, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"

sh New Fork (PID: 5619, Parent: 5617)

pkill (PID: 5619, Parent: 5617, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ekjheory98e

sh New Fork (PID: 5622, Parent: 5617)

busybox (PID: 5622, Parent: 5617, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ekjheory98e

yakuza.arm7.elf New Fork (PID: 5623, Parent: 5505)

sh (PID: 5623, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"

sh New Fork (PID: 5625, Parent: 5623)

pkill (PID: 5625, Parent: 5623, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scansh4

sh New Fork (PID: 5626, Parent: 5623)

busybox (PID: 5626, Parent: 5623, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scansh4

yakuza.arm7.elf New Fork (PID: 5627, Parent: 5505)

sh (PID: 5627, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"

sh New Fork (PID: 5633, Parent: 5627)

pkill (PID: 5633, Parent: 5627, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MDMA

sh New Fork (PID: 5636, Parent: 5627)

busybox (PID: 5636, Parent: 5627, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MDMA

yakuza.arm7.elf New Fork (PID: 5637, Parent: 5505)

sh (PID: 5637, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"

sh New Fork (PID: 5639, Parent: 5637)

pkill (PID: 5639, Parent: 5637, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 fdevalvex

sh New Fork (PID: 5640, Parent: 5637)

busybox (PID: 5640, Parent: 5637, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 fdevalvex

yakuza.arm7.elf New Fork (PID: 5641, Parent: 5505)

sh (PID: 5641, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"

sh New Fork (PID: 5646, Parent: 5641)

pkill (PID: 5646, Parent: 5641, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanspc

sh New Fork (PID: 5649, Parent: 5641)

busybox (PID: 5649, Parent: 5641, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanspc

yakuza.arm7.elf New Fork (PID: 5650, Parent: 5505)

sh (PID: 5650, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"

sh New Fork (PID: 5655, Parent: 5650)

pkill (PID: 5655, Parent: 5650, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MELTEDNINJAREALZ

sh New Fork (PID: 5656, Parent: 5650)

busybox (PID: 5656, Parent: 5650, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MELTEDNINJAREALZ

yakuza.arm7.elf New Fork (PID: 5657, Parent: 5505)

sh (PID: 5657, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"

sh New Fork (PID: 5659, Parent: 5657)

pkill (PID: 5659, Parent: 5657, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 flexsonskids

sh New Fork (PID: 5663, Parent: 5657)

busybox (PID: 5663, Parent: 5657, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 flexsonskids

yakuza.arm7.elf New Fork (PID: 5664, Parent: 5505)

sh (PID: 5664, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"

sh New Fork (PID: 5666, Parent: 5664)

pkill (PID: 5666, Parent: 5664, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanx86

sh New Fork (PID: 5667, Parent: 5664)

busybox (PID: 5667, Parent: 5664, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanx86

yakuza.arm7.elf New Fork (PID: 5668, Parent: 5505)

sh (PID: 5668, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"

sh New Fork (PID: 5674, Parent: 5668)

pkill (PID: 5674, Parent: 5668, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MISAKI-U79OL

sh New Fork (PID: 5677, Parent: 5668)

busybox (PID: 5677, Parent: 5668, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MISAKI-U79OL

yakuza.arm7.elf New Fork (PID: 5678, Parent: 5505)

sh (PID: 5678, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"

sh New Fork (PID: 5680, Parent: 5678)

pkill (PID: 5680, Parent: 5678, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 foAxi102kxe

sh New Fork (PID: 5681, Parent: 5678)

busybox (PID: 5681, Parent: 5678, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 foAxi102kxe

yakuza.arm7.elf New Fork (PID: 5682, Parent: 5505)

sh (PID: 5682, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"

sh New Fork (PID: 5684, Parent: 5682)

pkill (PID: 5684, Parent: 5682, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 swodjwodjwoj

sh New Fork (PID: 5687, Parent: 5682)

busybox (PID: 5687, Parent: 5682, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 swodjwodjwoj

yakuza.arm7.elf New Fork (PID: 5690, Parent: 5505)

sh (PID: 5690, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"

sh New Fork (PID: 5695, Parent: 5690)

pkill (PID: 5695, Parent: 5690, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MmKiy7f87l

sh New Fork (PID: 5696, Parent: 5690)

busybox (PID: 5696, Parent: 5690, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MmKiy7f87l

yakuza.arm7.elf New Fork (PID: 5697, Parent: 5505)

sh (PID: 5697, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"

sh New Fork (PID: 5703, Parent: 5697)

pkill (PID: 5703, Parent: 5697, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 freecookiex86

sh New Fork (PID: 5704, Parent: 5697)

busybox (PID: 5704, Parent: 5697, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 freecookiex86

yakuza.arm7.elf New Fork (PID: 5707, Parent: 5505)

sh (PID: 5707, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"

sh New Fork (PID: 5709, Parent: 5707)

pkill (PID: 5709, Parent: 5707, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysgpu

sh New Fork (PID: 5710, Parent: 5707)

busybox (PID: 5710, Parent: 5707, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysgpu

yakuza.arm7.elf New Fork (PID: 5711, Parent: 5505)

sh (PID: 5711, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5713, Parent: 5711)

pkill (PID: 5713, Parent: 5711, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5714, Parent: 5711)

busybox (PID: 5714, Parent: 5711, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm7.elf New Fork (PID: 5717, Parent: 5505)

sh (PID: 5717, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 frgege || busybox pkill -9 frgege"

sh New Fork (PID: 5722, Parent: 5717)

pkill (PID: 5722, Parent: 5717, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgege

sh New Fork (PID: 5723, Parent: 5717)

busybox (PID: 5723, Parent: 5717, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgege

yakuza.arm7.elf New Fork (PID: 5724, Parent: 5505)

sh (PID: 5724, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"

sh New Fork (PID: 5726, Parent: 5724)

pkill (PID: 5726, Parent: 5724, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysupdater

sh New Fork (PID: 5727, Parent: 5724)

busybox (PID: 5727, Parent: 5724, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysupdater

yakuza.arm7.elf New Fork (PID: 5730, Parent: 5505)

sh (PID: 5730, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"

sh New Fork (PID: 5735, Parent: 5730)

pkill (PID: 5735, Parent: 5730, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0DnAzepd

sh New Fork (PID: 5736, Parent: 5730)

busybox (PID: 5736, Parent: 5730, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0DnAzepd

yakuza.arm7.elf New Fork (PID: 5737, Parent: 5505)

sh (PID: 5737, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"

sh New Fork (PID: 5739, Parent: 5737)

pkill (PID: 5739, Parent: 5737, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRD0nks69

sh New Fork (PID: 5741, Parent: 5737)

busybox (PID: 5741, Parent: 5737, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRD0nks69

yakuza.arm7.elf New Fork (PID: 5744, Parent: 5505)

sh (PID: 5744, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"

sh New Fork (PID: 5746, Parent: 5744)

pkill (PID: 5746, Parent: 5744, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgreu

sh New Fork (PID: 5747, Parent: 5744)

busybox (PID: 5747, Parent: 5744, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgreu

yakuza.arm7.elf New Fork (PID: 5748, Parent: 5505)

sh (PID: 5748, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"

sh New Fork (PID: 5750, Parent: 5748)

pkill (PID: 5750, Parent: 5748, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 telnetd

sh New Fork (PID: 5753, Parent: 5748)

busybox (PID: 5753, Parent: 5748, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 telnetd

yakuza.arm7.elf New Fork (PID: 5754, Parent: 5505)

sh (PID: 5754, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"

sh New Fork (PID: 5760, Parent: 5754)

pkill (PID: 5760, Parent: 5754, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0x766f6964

sh New Fork (PID: 5761, Parent: 5754)

busybox (PID: 5761, Parent: 5754, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0x766f6964

yakuza.arm7.elf New Fork (PID: 5762, Parent: 5505)

sh (PID: 5762, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"

sh New Fork (PID: 5764, Parent: 5762)

pkill (PID: 5764, Parent: 5762, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRd0nks1337

sh New Fork (PID: 5765, Parent: 5762)

busybox (PID: 5765, Parent: 5762, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRd0nks1337

yakuza.arm7.elf New Fork (PID: 5768, Parent: 5505)

sh (PID: 5768, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 gaft || busybox pkill -9 gaft"

sh New Fork (PID: 5770, Parent: 5768)

pkill (PID: 5770, Parent: 5768, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 gaft

sh New Fork (PID: 5771, Parent: 5768)

busybox (PID: 5771, Parent: 5768, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 gaft

yakuza.arm7.elf New Fork (PID: 5772, Parent: 5505)

sh (PID: 5772, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"

sh New Fork (PID: 5777, Parent: 5772)

pkill (PID: 5777, Parent: 5772, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 urasgbsigboa

sh New Fork (PID: 5779, Parent: 5772)

busybox (PID: 5779, Parent: 5772, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 urasgbsigboa

yakuza.arm7.elf New Fork (PID: 5782, Parent: 5505)

sh (PID: 5782, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"

sh New Fork (PID: 5787, Parent: 5782)

pkill (PID: 5787, Parent: 5782, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 120i3UI49

sh New Fork (PID: 5788, Parent: 5782)

busybox (PID: 5788, Parent: 5782, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 120i3UI49

yakuza.arm7.elf New Fork (PID: 5789, Parent: 5505)

sh (PID: 5789, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"

sh New Fork (PID: 5791, Parent: 5789)

pkill (PID: 5791, Parent: 5789, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OaF3

sh New Fork (PID: 5792, Parent: 5789)

busybox (PID: 5792, Parent: 5789, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OaF3

yakuza.arm7.elf New Fork (PID: 5795, Parent: 5505)

sh (PID: 5795, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 geae || busybox pkill -9 geae"

sh New Fork (PID: 5800, Parent: 5795)

pkill (PID: 5800, Parent: 5795, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 geae

sh New Fork (PID: 5801, Parent: 5795)

busybox (PID: 5801, Parent: 5795, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 geae

yakuza.arm7.elf New Fork (PID: 5802, Parent: 5505)

sh (PID: 5802, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"

sh New Fork (PID: 5804, Parent: 5802)

pkill (PID: 5804, Parent: 5802, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 vaiolmao

sh New Fork (PID: 5805, Parent: 5802)

busybox (PID: 5805, Parent: 5802, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 vaiolmao

yakuza.arm7.elf New Fork (PID: 5808, Parent: 5505)

sh (PID: 5808, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 123123a || busybox pkill -9 123123a"

sh New Fork (PID: 5813, Parent: 5808)

pkill (PID: 5813, Parent: 5808, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 123123a

sh New Fork (PID: 5814, Parent: 5808)

busybox (PID: 5814, Parent: 5808, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 123123a

yakuza.arm7.elf New Fork (PID: 5815, Parent: 5505)

sh (PID: 5815, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"

sh New Fork (PID: 5817, Parent: 5815)

pkill (PID: 5817, Parent: 5815, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 Ofurain0n4H34D

sh New Fork (PID: 5818, Parent: 5815)

busybox (PID: 5818, Parent: 5815, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 Ofurain0n4H34D

yakuza.arm7.elf New Fork (PID: 5822, Parent: 5505)

sh (PID: 5822, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"

sh New Fork (PID: 5826, Parent: 5822)

pkill (PID: 5826, Parent: 5822, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggTrex

sh New Fork (PID: 5829, Parent: 5822)

busybox (PID: 5829, Parent: 5822, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggTrex

yakuza.arm7.elf New Fork (PID: 5830, Parent: 5505)

sh (PID: 5830, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 wasads || busybox pkill -9 wasads"

sh New Fork (PID: 5832, Parent: 5830)

pkill (PID: 5832, Parent: 5830, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wasads

sh New Fork (PID: 5833, Parent: 5830)

busybox (PID: 5833, Parent: 5830, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wasads

yakuza.arm7.elf New Fork (PID: 5836, Parent: 5505)

sh (PID: 5836, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"

sh New Fork (PID: 5841, Parent: 5836)

pkill (PID: 5841, Parent: 5836, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1293194hjXD

sh New Fork (PID: 5842, Parent: 5836)

busybox (PID: 5842, Parent: 5836, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1293194hjXD

yakuza.arm7.elf New Fork (PID: 5843, Parent: 5505)

sh (PID: 5843, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"

sh New Fork (PID: 5845, Parent: 5843)

pkill (PID: 5845, Parent: 5843, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OthLaLosn

sh New Fork (PID: 5846, Parent: 5843)

busybox (PID: 5846, Parent: 5843, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OthLaLosn

yakuza.arm7.elf New Fork (PID: 5849, Parent: 5505)

sh (PID: 5849, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggt || busybox pkill -9 ggt"

sh New Fork (PID: 5854, Parent: 5849)

pkill (PID: 5854, Parent: 5849, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggt

sh New Fork (PID: 5857, Parent: 5849)

busybox (PID: 5857, Parent: 5849, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggt

yakuza.arm7.elf New Fork (PID: 5858, Parent: 5505)

sh (PID: 5858, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"

sh New Fork (PID: 5860, Parent: 5858)

pkill (PID: 5860, Parent: 5858, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wget-log

sh New Fork (PID: 5861, Parent: 5858)

busybox (PID: 5861, Parent: 5858, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wget-log

yakuza.arm7.elf New Fork (PID: 5862, Parent: 5505)

sh (PID: 5862, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"

sh New Fork (PID: 5868, Parent: 5862)

pkill (PID: 5868, Parent: 5862, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1337SoraLOADER

sh New Fork (PID: 5871, Parent: 5862)

busybox (PID: 5871, Parent: 5862, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1337SoraLOADER

yakuza.arm7.elf New Fork (PID: 5872, Parent: 5505)

sh (PID: 5872, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"

sh New Fork (PID: 5877, Parent: 5872)

pkill (PID: 5877, Parent: 5872, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKINA

sh New Fork (PID: 5878, Parent: 5872)

busybox (PID: 5878, Parent: 5872, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKINA

yakuza.arm7.elf New Fork (PID: 5879, Parent: 5505)

sh (PID: 5879, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"

sh New Fork (PID: 5881, Parent: 5879)

pkill (PID: 5881, Parent: 5879, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtq

sh New Fork (PID: 5884, Parent: 5879)

busybox (PID: 5884, Parent: 5879, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtq

yakuza.arm7.elf New Fork (PID: 5885, Parent: 5505)

sh (PID: 5885, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"

sh New Fork (PID: 5889, Parent: 5885)

pkill (PID: 5889, Parent: 5885, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1378bfp919GRB1Q2

sh New Fork (PID: 5891, Parent: 5885)

busybox (PID: 5891, Parent: 5885, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1378bfp919GRB1Q2

yakuza.arm7.elf New Fork (PID: 5892, Parent: 5505)

sh (PID: 5892, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"

sh New Fork (PID: 5894, Parent: 5892)

pkill (PID: 5894, Parent: 5892, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKUSO

sh New Fork (PID: 5897, Parent: 5892)

busybox (PID: 5897, Parent: 5892, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKUSO

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
yakuza.arm7.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
yakuza.arm7.elf	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
yakuza.arm7.elf	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
yakuza.arm7.elf	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1ec25:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1f2b9:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20

Memory Dumps

Source	Rule	Description	Author	Strings
5503.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1fb06:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1fb06:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5507.1.00007fa380017000.00007fa380039000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5507.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5507.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5507.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1ec25:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1f2b9:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
5503.1.00007fa380017000.00007fa380039000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5503.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5503.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5503.1.00007fa380017000.00007fa380039000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1ec25:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1f2b9:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm7.elf PID: 5503	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x4470:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x4582:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x4b5a:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm7.elf PID: 5507	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x15948:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x15a5a:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x16032:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: yakuza.arm7.elf

ReversingLabs: Detection: 50%

Source: /usr/bin/pkill (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5567)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5575)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5588)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5614)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5619)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5625)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5633)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5639)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5646)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5655)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5659)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5666)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5674)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5680)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5684)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5695)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5703)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5709)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5713)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5722)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5726)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5739)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5746)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5750)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5760)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5764)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5770)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5777)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5791)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5800)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5804)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5813)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5826)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5832)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5841)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5845)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5854)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5860)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5868)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5877)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5881)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5889)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5894)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking

Uses IRC for communication with a C&C

Source: unknown

IRC traffic detected: 192.168.2.14:56978 -> 95.234.158.87:6780 NICK [OSX|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 56978 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56980 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56982 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56984 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56986 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56990 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56992 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56994 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56996 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56998 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57000 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57002 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57004 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57006 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57008 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57010 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57012 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57014 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57016 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57018 -> 6780

Source: global traffic

TCP traffic: 192.168.2.14:56978 -> 95.234.158.87:6780

Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87
Source: unknown	TCP traffic detected without corresponding DNS query: 95.234.158.87

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: yakuza.arm7.elf	String found in binary or memory: http://linux-it.abuser.eu/yak.sh;
Source: yakuza.arm7.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQ
Source: yakuza.arm7.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQNever

System Summary

Malicious sample detected (through community Yara rule)

Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5503.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm7.elf PID: 5503, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm7.elf PID: 5507, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown

Source: yakuza.arm7.elf

ELF static info symbol of initial sample: __gnu_unwind_execute

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %s
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %shistory -c;history -wcd /root;rm -f .bash_historycd /var/tmp; rm -f *NOTICE %s :MOVE <server>

Source: Initial sample	String containing potential weak password found: guest
Source: Initial sample	String containing potential weak password found: default
Source: Initial sample	String containing potential weak password found: admin
Source: Initial sample	String containing potential weak password found: supervisor
Source: Initial sample	String containing potential weak password found: service
Source: Initial sample	String containing potential weak password found: administrator
Source: Initial sample	String containing potential weak password found: support
Source: Initial sample	String containing potential weak password found: 123456
Source: Initial sample	String containing potential weak password found: password
Source: Initial sample	String containing potential weak password found: 12345

Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5503.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm7.elf PID: 5503, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm7.elf PID: 5507, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.troj.linELF@0/0@2/0

Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1583/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/2672/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/110/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/110/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/111/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/111/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/112/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/112/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/113/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/113/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/234/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/234/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1577/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1577/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/114/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/114/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/235/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/235/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/115/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/115/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/116/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/116/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/117/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/117/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/118/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/118/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/119/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/119/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3752/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3752/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3753/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3753/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3754/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3754/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3755/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3755/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/10/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/10/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/917/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/917/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/11/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/11/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/12/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/12/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/13/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/13/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/14/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/14/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/15/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/15/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/16/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/16/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/17/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/17/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/18/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/18/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/19/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/19/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1593/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/240/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/240/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/120/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/120/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3094/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3094/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/121/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/121/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/242/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/242/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3406/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3406/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/122/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/122/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/243/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/243/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/2/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/2/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/123/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/123/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/244/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/244/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1589/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1589/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/124/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/124/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/245/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/245/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1588/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/125/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/125/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/4/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/4/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/246/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/246/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3402/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/3402/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/126/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	File opened: /proc/126/cmdline	Jump to behavior

Source: /tmp/yakuza.arm7.elf (PID: 5510)	Shell command executed: /bin/sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5550)	Shell command executed: /bin/sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5558)	Shell command executed: /bin/sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5565)	Shell command executed: /bin/sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5569)	Shell command executed: /bin/sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5579)	Shell command executed: /bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5583)	Shell command executed: /bin/sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5610)	Shell command executed: /bin/sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5617)	Shell command executed: /bin/sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5623)	Shell command executed: /bin/sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5627)	Shell command executed: /bin/sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5637)	Shell command executed: /bin/sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5641)	Shell command executed: /bin/sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5650)	Shell command executed: /bin/sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5657)	Shell command executed: /bin/sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5664)	Shell command executed: /bin/sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
Source: /tmp/yakuza.arm7.elf (PID: 5668)	Shell command executed: /bin/sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
Source: /tmp/yakuza.arm7.elf (PID: 5678)	Shell command executed: /bin/sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
Source: /tmp/yakuza.arm7.elf (PID: 5682)	Shell command executed: /bin/sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
Source: /tmp/yakuza.arm7.elf (PID: 5690)	Shell command executed: /bin/sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
Source: /tmp/yakuza.arm7.elf (PID: 5697)	Shell command executed: /bin/sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
Source: /tmp/yakuza.arm7.elf (PID: 5707)	Shell command executed: /bin/sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
Source: /tmp/yakuza.arm7.elf (PID: 5711)	Shell command executed: /bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
Source: /tmp/yakuza.arm7.elf (PID: 5717)	Shell command executed: /bin/sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
Source: /tmp/yakuza.arm7.elf (PID: 5724)	Shell command executed: /bin/sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
Source: /tmp/yakuza.arm7.elf (PID: 5730)	Shell command executed: /bin/sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
Source: /tmp/yakuza.arm7.elf (PID: 5737)	Shell command executed: /bin/sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
Source: /tmp/yakuza.arm7.elf (PID: 5744)	Shell command executed: /bin/sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
Source: /tmp/yakuza.arm7.elf (PID: 5748)	Shell command executed: /bin/sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
Source: /tmp/yakuza.arm7.elf (PID: 5754)	Shell command executed: /bin/sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
Source: /tmp/yakuza.arm7.elf (PID: 5762)	Shell command executed: /bin/sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
Source: /tmp/yakuza.arm7.elf (PID: 5768)	Shell command executed: /bin/sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
Source: /tmp/yakuza.arm7.elf (PID: 5772)	Shell command executed: /bin/sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
Source: /tmp/yakuza.arm7.elf (PID: 5782)	Shell command executed: /bin/sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
Source: /tmp/yakuza.arm7.elf (PID: 5789)	Shell command executed: /bin/sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
Source: /tmp/yakuza.arm7.elf (PID: 5795)	Shell command executed: /bin/sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
Source: /tmp/yakuza.arm7.elf (PID: 5802)	Shell command executed: /bin/sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
Source: /tmp/yakuza.arm7.elf (PID: 5808)	Shell command executed: /bin/sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
Source: /tmp/yakuza.arm7.elf (PID: 5815)	Shell command executed: /bin/sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
Source: /tmp/yakuza.arm7.elf (PID: 5822)	Shell command executed: /bin/sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
Source: /tmp/yakuza.arm7.elf (PID: 5830)	Shell command executed: /bin/sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
Source: /tmp/yakuza.arm7.elf (PID: 5836)	Shell command executed: /bin/sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
Source: /tmp/yakuza.arm7.elf (PID: 5843)	Shell command executed: /bin/sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
Source: /tmp/yakuza.arm7.elf (PID: 5849)	Shell command executed: /bin/sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
Source: /tmp/yakuza.arm7.elf (PID: 5858)	Shell command executed: /bin/sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
Source: /tmp/yakuza.arm7.elf (PID: 5862)	Shell command executed: /bin/sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
Source: /tmp/yakuza.arm7.elf (PID: 5872)	Shell command executed: /bin/sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
Source: /tmp/yakuza.arm7.elf (PID: 5879)	Shell command executed: /bin/sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
Source: /tmp/yakuza.arm7.elf (PID: 5885)	Shell command executed: /bin/sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"
Source: /tmp/yakuza.arm7.elf (PID: 5892)	Shell command executed: /bin/sh -c "pkill -9 SAIAKUSO \|\| busybox pkill -9 SAIAKUSO"

Source: /bin/sh (PID: 5513)	Pkill executable: /usr/bin/pkill -> pkill -9 902i13	Jump to behavior
Source: /bin/sh (PID: 5556)	Pkill executable: /usr/bin/pkill -> pkill -9 BzSxLxBxeY	Jump to behavior
Source: /bin/sh (PID: 5560)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-LUGO7	Jump to behavior
Source: /bin/sh (PID: 5567)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-U79OL	Jump to behavior
Source: /bin/sh (PID: 5575)	Pkill executable: /usr/bin/pkill -> pkill -9 JuYfouyf87	Jump to behavior
Source: /bin/sh (PID: 5581)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd	Jump to behavior
Source: /bin/sh (PID: 5588)	Pkill executable: /usr/bin/pkill -> pkill -9 SO190Ij1X	Jump to behavior
Source: /bin/sh (PID: 5614)	Pkill executable: /usr/bin/pkill -> pkill -9 LOLKIKEEEDDE	Jump to behavior
Source: /bin/sh (PID: 5619)	Pkill executable: /usr/bin/pkill -> pkill -9 ekjheory98e	Jump to behavior
Source: /bin/sh (PID: 5625)	Pkill executable: /usr/bin/pkill -> pkill -9 scansh4	Jump to behavior
Source: /bin/sh (PID: 5633)	Pkill executable: /usr/bin/pkill -> pkill -9 MDMA	Jump to behavior
Source: /bin/sh (PID: 5639)	Pkill executable: /usr/bin/pkill -> pkill -9 fdevalvex	Jump to behavior
Source: /bin/sh (PID: 5646)	Pkill executable: /usr/bin/pkill -> pkill -9 scanspc	Jump to behavior
Source: /bin/sh (PID: 5655)	Pkill executable: /usr/bin/pkill -> pkill -9 MELTEDNINJAREALZ	Jump to behavior
Source: /bin/sh (PID: 5659)	Pkill executable: /usr/bin/pkill -> pkill -9 flexsonskids
Source: /bin/sh (PID: 5666)	Pkill executable: /usr/bin/pkill -> pkill -9 scanx86
Source: /bin/sh (PID: 5674)	Pkill executable: /usr/bin/pkill -> pkill -9 MISAKI-U79OL
Source: /bin/sh (PID: 5680)	Pkill executable: /usr/bin/pkill -> pkill -9 foAxi102kxe
Source: /bin/sh (PID: 5684)	Pkill executable: /usr/bin/pkill -> pkill -9 swodjwodjwoj
Source: /bin/sh (PID: 5695)	Pkill executable: /usr/bin/pkill -> pkill -9 MmKiy7f87l
Source: /bin/sh (PID: 5703)	Pkill executable: /usr/bin/pkill -> pkill -9 freecookiex86
Source: /bin/sh (PID: 5709)	Pkill executable: /usr/bin/pkill -> pkill -9 sysgpu
Source: /bin/sh (PID: 5713)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
Source: /bin/sh (PID: 5722)	Pkill executable: /usr/bin/pkill -> pkill -9 frgege
Source: /bin/sh (PID: 5726)	Pkill executable: /usr/bin/pkill -> pkill -9 sysupdater
Source: /bin/sh (PID: 5735)	Pkill executable: /usr/bin/pkill -> pkill -9 0DnAzepd
Source: /bin/sh (PID: 5739)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRD0nks69
Source: /bin/sh (PID: 5746)	Pkill executable: /usr/bin/pkill -> pkill -9 frgreu
Source: /bin/sh (PID: 5750)	Pkill executable: /usr/bin/pkill -> pkill -9 telnetd
Source: /bin/sh (PID: 5760)	Pkill executable: /usr/bin/pkill -> pkill -9 0x766f6964
Source: /bin/sh (PID: 5764)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRd0nks1337
Source: /bin/sh (PID: 5770)	Pkill executable: /usr/bin/pkill -> pkill -9 gaft
Source: /bin/sh (PID: 5777)	Pkill executable: /usr/bin/pkill -> pkill -9 urasgbsigboa
Source: /bin/sh (PID: 5787)	Pkill executable: /usr/bin/pkill -> pkill -9 120i3UI49
Source: /bin/sh (PID: 5791)	Pkill executable: /usr/bin/pkill -> pkill -9 OaF3
Source: /bin/sh (PID: 5800)	Pkill executable: /usr/bin/pkill -> pkill -9 geae
Source: /bin/sh (PID: 5804)	Pkill executable: /usr/bin/pkill -> pkill -9 vaiolmao
Source: /bin/sh (PID: 5813)	Pkill executable: /usr/bin/pkill -> pkill -9 123123a
Source: /bin/sh (PID: 5817)	Pkill executable: /usr/bin/pkill -> pkill -9 Ofurain0n4H34D
Source: /bin/sh (PID: 5826)	Pkill executable: /usr/bin/pkill -> pkill -9 ggTrex
Source: /bin/sh (PID: 5832)	Pkill executable: /usr/bin/pkill -> pkill -9 wasads
Source: /bin/sh (PID: 5841)	Pkill executable: /usr/bin/pkill -> pkill -9 1293194hjXD
Source: /bin/sh (PID: 5845)	Pkill executable: /usr/bin/pkill -> pkill -9 OthLaLosn
Source: /bin/sh (PID: 5854)	Pkill executable: /usr/bin/pkill -> pkill -9 ggt
Source: /bin/sh (PID: 5860)	Pkill executable: /usr/bin/pkill -> pkill -9 wget-log
Source: /bin/sh (PID: 5868)	Pkill executable: /usr/bin/pkill -> pkill -9 1337SoraLOADER
Source: /bin/sh (PID: 5877)	Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKINA
Source: /bin/sh (PID: 5881)	Pkill executable: /usr/bin/pkill -> pkill -9 ggtq
Source: /bin/sh (PID: 5889)	Pkill executable: /usr/bin/pkill -> pkill -9 1378bfp919GRB1Q2
Source: /bin/sh (PID: 5894)	Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKUSO

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 56978 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56980 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56982 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56984 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56986 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56988 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56990 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56992 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56994 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56996 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 56998 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57000 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57002 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57004 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57006 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57008 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57010 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57012 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57014 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57016 -> 6780
Source: unknown	Network traffic detected: IRC traffic on port 57018 -> 6780

Source: /usr/bin/pkill (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5556)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5567)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5575)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5581)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5588)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5614)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5619)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5625)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5633)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5639)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5646)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5655)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5659)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5666)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5674)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5680)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5684)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5695)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5703)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5709)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5713)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5722)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5726)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5739)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5746)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5750)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5760)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5764)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5770)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5777)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5791)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5800)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5804)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5813)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5826)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5832)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5841)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5845)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5854)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5860)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5868)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5877)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5881)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5889)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5894)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /tmp/yakuza.arm7.elf (PID: 5503)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5557)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5564)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5568)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5578)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5582)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5591)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5616)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5622)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5626)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5636)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5640)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5649)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5656)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5663)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5667)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5677)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5681)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5687)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5696)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5704)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5710)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5714)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5723)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5727)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5736)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5741)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5747)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5753)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5761)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5765)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5771)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5779)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5788)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5792)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5801)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5805)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5814)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5818)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5829)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5833)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5842)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5846)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5857)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5861)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5871)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5878)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5884)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5891)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5897)	Queries kernel information via 'uname':

Source: yakuza.arm7.elf, 5503.1.000055c0c739a000.000055c0c74c8000.rw-.sdmp, yakuza.arm7.elf, 5507.1.000055c0c739a000.000055c0c74c8000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: yakuza.arm7.elf, 5503.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, yakuza.arm7.elf, 5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/yakuza.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yakuza.arm7.elf
Source: yakuza.arm7.elf, 5503.1.000055c0c739a000.000055c0c74c8000.rw-.sdmp, yakuza.arm7.elf, 5507.1.000055c0c739a000.000055c0c74c8000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: yakuza.arm7.elf, 5503.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp, yakuza.arm7.elf, 5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: yakuza.arm7.elf, 5507.1.00007ffe74a5b000.00007ffe74a7c000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: yakuza.arm7.elf, type: SAMPLE
Source: Yara match	File source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sample	User agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: yakuza.arm7.elf, type: SAMPLE
Source: Yara match	File source: 5507.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5503.1.00007fa380017000.00007fa380039000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	1 Brute Force	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
yakuza.arm7.elf	50%	ReversingLabs	Linux.Backdoor.Tsunami

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://youtu.be/dQw4w9WgXcQ	yakuza.arm7.elf	false	high
http://linux-it.abuser.eu/yak.sh;	yakuza.arm7.elf	false	unknown
https://youtu.be/dQw4w9WgXcQNever	yakuza.arm7.elf	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.234.158.87	unknown	Italy		3269	ASN-IBSNAZIT	true

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	hidakibest.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	hidakibest.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	hidakibest.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	hidakibest.sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-IBSNAZIT	sparc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	131.1.112.117
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	79.16.25.108
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	95.224.165.124
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	79.58.184.246
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	79.39.13.191
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	2.114.140.56
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	87.16.92.237
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	95.235.74.87
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	80.181.217.0
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	79.62.54.196

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.044629773987973
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	yakuza.arm7.elf
File size:	211'913 bytes
MD5:	ff372adbc5e569cff7db7dc149fab189
SHA1:	7348cab16bb9a6cc5e8fcbdb8b42b5db478efbde
SHA256:	fded14fcb77f6abfebea70c812efa1d72cbbd54f38fb233bc7290bd264d565e7
SHA512:	f4a19499e074d4271695fb0015f86f6d27ba83179f3839a12d697d6ed6033ab0bdf51360445a94cb2a124fc900ccc1c19a0fee554bf291894fca1134e2140a32
SSDEEP:	6144:iKa02alxxjgXkQnNfocz7dEip7Dt+M/9F+mr2nBPNg2:la02alLgXkQnNws7aip1P/+mr2nBPNg2
TLSH:	2B243B09DA509767C1E32BFBF79B828A33234754A7D7331949286BF43BC2B9D4E26105
File Content Preview:	.ELF..............(.........4...........4. ...(........p............ ... ...........................................................................................................Q.td..................................-...L..................G.F.G.F.G.F.G.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x81d0
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	168644
Section Header Size:	40
Number of Section Headers:	30
Header String Table Index:	27

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80f0	0xf0	0x1c2b4	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x243a4	0x1c3a4	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x243b8	0x1c3b8	0x5604	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x299bc	0x219bc	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x299d4	0x219d4	0x120	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x31af4	0x21af4	0x4	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x31af8	0x21af8	0x8	0x0	0x403	WAT	0	0	4
.init_array	INIT_ARRAY	0x31af8	0x21af8	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x31afc	0x21afc	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x31b00	0x21b00	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x31b04	0x21b04	0x18	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x31b1c	0x21b1c	0xb8	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x31bd4	0x21bd4	0xc24	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x327f8	0x227f8	0x85f4	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x227f8	0xe38	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x23630	0x140	0x0	0x0		0	0	8
.debug_pubnames	PROGBITS	0x0	0x23770	0x213	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x23983	0x2043	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x259c6	0x6e2	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x260a8	0xe76	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x26f20	0x2b8	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x271d8	0x8ca	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x27aa2	0x118f	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x28c31	0x558	0x0	0x0		0	0	1
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x29189	0x16	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x2919f	0x124	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x29774	0x6e40	0x10	0x0		29	986	4
.strtab	STRTAB	0x0	0x305b4	0x3615	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x219d4	0x299d4	0x299d4	0x120	0x120	4.4514	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x21af4	0x21af4	6.1986	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x21af4	0x31af4	0x31af4	0xd04	0x92f8	4.5404	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .jcr .data.rel.ro .got .data .bss
TLS	0x21af8	0x31af8	0x31af8	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80f0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x243a4	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x243b8	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x299bc	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x299d4	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x31af4	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x31af8	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x31af8	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x31afc	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x31b00	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x31b04	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x31b1c	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x31bd4	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x327f8	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	26
$a	.symtab	0x80d4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x243a4	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80e0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x243b0	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x812c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8170	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x820c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8230	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x86a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8840	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8c10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8e68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x945c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9598	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x95d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9798	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x98d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x99f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9abc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9b94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9cd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9fa4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa070	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa3c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa874	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xaba8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xacf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb320	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb9b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbaf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc684	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xce5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd3bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd660	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd8e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdca0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf39c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf49c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf64c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf728	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf7bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10df0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10e98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10ed4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10f5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1106c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x113c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11494	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12004	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1225c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12270	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12308	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x123fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12434	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12560	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12588	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1259c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x125d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1272c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x127a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x127e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12868	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1299c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x129cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x129ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12db0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13044	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13114	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13994	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ba8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13cec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x144b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14558	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1459c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1474c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x147a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15084	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x157fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1589c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15aa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ac0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15be0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15eb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15fc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1602c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16114	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16138	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16214	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16e80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x171ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x174a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17890	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17938	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17960	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17c4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17fd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1801c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18060	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1811c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1815c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x181a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x182c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18310	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x183e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18dd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19194	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19634	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19674	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1979c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x197b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19858	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19910	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x199d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19a74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19bdc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19cd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19dc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19de0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19dfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19e18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ff0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a0b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a160	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a2ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a8d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a990	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1adf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1afe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b028	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b33c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b344	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b3cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b3d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b400	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b488	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b564	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b624	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b678	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b6d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1babc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bc10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c15c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c1e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c25c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c288	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c310	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c318	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c324	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c330	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c340	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c380	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c3e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c428	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c468	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c47c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c53c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c57c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c5bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c61c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c65c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c6c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c754	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c78c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c89c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c96c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ca30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cbcc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cf70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cfc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cfe8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d1bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d2fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d3d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d44c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d478	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d5d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ddc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1df0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e040	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e4d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e5c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e5e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e6c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e7b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e8a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e8e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e934	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e980	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e9f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eb40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ec0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ed90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ef08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f050	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f0b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f100	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f1ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f224	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f4bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f504	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f9fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1faf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1fbec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x203fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x204a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20904	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2099c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20a34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20a80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20dc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20e08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20e4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20ec0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20ef8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21038	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x210b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2136c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x213b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21408	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2146c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x214d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21554	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x215b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x215f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21770	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x218b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x218dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21a9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21af4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21bbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21bec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21c90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21cd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21ce0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21d90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21ebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21f70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21fd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22000	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22218	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22360	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2240c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22828	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22cc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22e04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22e58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ef8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22efc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23160	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x232b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x232cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2332c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23470	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x235b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23afc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23bd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23c14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x24328	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x24370	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8164	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x31afc	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x81bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x31af8	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x31bd8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x8200	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x31bdc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x822c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8530	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x883c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8c08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8e64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x944c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9584	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x95d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9688	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x978c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x98b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x99d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9ab0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9b8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9ccc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2627d	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x9f90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa06c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa3b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa860	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xab94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xacf0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb318	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb9ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbaec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc35c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc678	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xce58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd3b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd65c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd694	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd8dc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdc80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf354	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf498	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf61c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf71c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf7b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfad4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc78	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10138	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10d90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10e7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10ed0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10f58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11068	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x113ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11490	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11f94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x26	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x2c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x4c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x53	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x12300	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x123ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12430	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1252c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x125d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x126a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x126e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12728	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12798	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x127e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12860	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x128a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1291c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12994	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x129c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x325d0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x28218	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x129e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12da0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12efc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1310c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13240	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13508	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13960	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a04	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x325dc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x325d8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x14494	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2858c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x14748	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14794	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14ce0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x326c0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x28594	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x15434	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x157e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15a94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15e94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fb0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x28618	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x16024	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x160a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1610c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x161b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16e4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17198	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x31b04	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x29184	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17494	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x175f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1787c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x291d0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17930	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17c3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17fd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18014	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18058	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x180cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18114	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18158	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18198	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1824c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x182bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18308	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18390	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x183d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1841c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18db0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x326c4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x19174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19618	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1966c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x326dc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1983c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x198f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x199b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19a58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x326f4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x3278c	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x19b00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19bd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19cc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19db4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29210	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x19fe0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a094	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327a0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1a158	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a288	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a8a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a91c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ad34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ae50	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1afd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b10c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b238	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b250	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b2e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b370	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b55c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b610	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b670	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b6c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ba70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327b8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1bbf8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c118	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c1d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c254	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c284	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c304	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c37c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c3e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c424	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c464	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c4e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c538	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c578	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c5b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c614	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c658	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c6c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c750	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327c4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x292ac	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x327cc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x295ac	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1c880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c964	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ca24	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cad8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x298ac	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1cbb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cf68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d0a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d1b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d3d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1dda8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x298e0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1e030	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e5b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e6bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e7ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e898	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ea7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eb20	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ebe8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ed64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ee88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eefc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f034	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f0a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f0f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327d4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1f1a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f220	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f4b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f4fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f9e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327ec	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1faec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x203b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327f0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x20448	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x204a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x208bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327f2	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x2998c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x20984	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20dac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20eb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2101c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21098	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21108	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21344	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x213a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327f4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x21454	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x214cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21550	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x215b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x215f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x218b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21a98	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21bb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21c8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21d88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21ff8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22260	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2235c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23144	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23aec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x58	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	24
$d	.symtab	0x23c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0xe39	0	NOTYPE	<unknown>	DEFAULT	24
$t	.symtab	0x80f0	0	NOTYPE	<unknown>	DEFAULT	2
C.11.5548	.symtab	0x29280	12	OBJECT	<unknown>	DEFAULT	4
C.5.5083	.symtab	0x298ac	24	OBJECT	<unknown>	DEFAULT	4
C.7.5370	.symtab	0x2928c	12	OBJECT	<unknown>	DEFAULT	4
C.7.6078	.symtab	0x28524	12	OBJECT	<unknown>	DEFAULT	4
C.7.6109	.symtab	0x28564	12	OBJECT	<unknown>	DEFAULT	4
C.7.6182	.symtab	0x28540	12	OBJECT	<unknown>	DEFAULT	4
C.72.5941	.symtab	0x2627d	36	OBJECT	<unknown>	DEFAULT	4
C.8.6110	.symtab	0x28558	12	OBJECT	<unknown>	DEFAULT	4
C.9.6119	.symtab	0x2854c	12	OBJECT	<unknown>	DEFAULT	4
C.90.6159	.symtab	0x268f8	312	OBJECT	<unknown>	DEFAULT	4
C.96.6253	.symtab	0x26aa4	12	OBJECT	<unknown>	DEFAULT	4
ClearHistory	.symtab	0xf6ec	60	FUNC	<unknown>	DEFAULT	2
HTTP	.symtab	0xaba8	336	FUNC	<unknown>	DEFAULT	2
Laligned	.symtab	0x15ba8	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x15bc4	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x32c30	16384	OBJECT	<unknown>	DEFAULT	15
Send	.symtab	0x84cc	104	FUNC	<unknown>	DEFAULT	2
UserAgents	.symtab	0x31f04	144	OBJECT	<unknown>	DEFAULT	14
_352	.symtab	0x10ed4	40	FUNC	<unknown>	DEFAULT	2
_376	.symtab	0x10df0	168	FUNC	<unknown>	DEFAULT	2
_433	.symtab	0x10efc	96	FUNC	<unknown>	DEFAULT	2
_Exit	.symtab	0x1c380	104	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x31b1c	0	OBJECT	<unknown>	HIDDEN	13
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_NICK	.symtab	0x10f5c	272	FUNC	<unknown>	DEFAULT	2
_PING	.symtab	0x10e98	60	FUNC	<unknown>	DEFAULT	2
_PRIVMSG	.symtab	0x10154	3228	FUNC	<unknown>	DEFAULT	2
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_Unwind_Complete	.symtab	0x22ef8	4	FUNC	<unknown>	HIDDEN	2
_Unwind_DeleteException	.symtab	0x22efc	44	FUNC	<unknown>	HIDDEN	2
_Unwind_ForcedUnwind	.symtab	0x23bac	36	FUNC	<unknown>	HIDDEN	2
_Unwind_GetCFA	.symtab	0x22ef0	8	FUNC	<unknown>	HIDDEN	2
_Unwind_GetDataRelBase	.symtab	0x22f34	12	FUNC	<unknown>	HIDDEN	2
_Unwind_GetLanguageSpecificData	.symtab	0x23bd0	68	FUNC	<unknown>	HIDDEN	2
_Unwind_GetRegionStart	.symtab	0x24370	52	FUNC	<unknown>	HIDDEN	2
_Unwind_GetTextRelBase	.symtab	0x22f28	12	FUNC	<unknown>	HIDDEN	2
_Unwind_RaiseException	.symtab	0x23b40	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume	.symtab	0x23b64	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume_or_Rethrow	.symtab	0x23b88	36	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Get	.symtab	0x22e58	76	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Pop	.symtab	0x23470	324	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Set	.symtab	0x22ea4	76	FUNC	<unknown>	HIDDEN	2
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x327c4	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x292ac	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x327cc	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x295ac	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x325d0	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x28218	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x31af4	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x31af4	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x327c4	4	OBJECT	<unknown>	HIDDEN	14
__GI___C_ctype_tolower	.symtab	0x327cc	4	OBJECT	<unknown>	HIDDEN	14
__GI___C_ctype_toupper	.symtab	0x325d0	4	OBJECT	<unknown>	HIDDEN	14
__GI___close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI___close_nocancel	.symtab	0x1b254	24	FUNC	<unknown>	HIDDEN	2
__GI___ctype_b	.symtab	0x327c8	4	OBJECT	<unknown>	HIDDEN	14
__GI___ctype_tolower	.symtab	0x327d0	4	OBJECT	<unknown>	HIDDEN	14
__GI___ctype_toupper	.symtab	0x325d4	4	OBJECT	<unknown>	HIDDEN	14
__GI___errno_location	.symtab	0x129cc	32	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x12270	152	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI___fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x15e9c	24	FUNC	<unknown>	HIDDEN	2
__GI___libc_close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x12308	244	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__GI___open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI___open_nocancel	.symtab	0x1b2e4	24	FUNC	<unknown>	HIDDEN	2
__GI___read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI___read_nocancel	.symtab	0x22264	24	FUNC	<unknown>	HIDDEN	2
__GI___register_atfork	.symtab	0x1ae58	392	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x1b5a8	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x1b678	88	FUNC	<unknown>	HIDDEN	2
__GI___write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__GI___write_nocancel	.symtab	0x1b374	24	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x15eb4	268	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x1c380	104	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x19674	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0x17f64	116	FUNC	<unknown>	HIDDEN	2
__GI_asprintf	.symtab	0x12f58	48	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x19dc0	32	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x17fd8	68	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x21408	88	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x123fc	56	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x1c78c	272	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x1cef4	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x1cf28	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x1cbcc	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x18060	116	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x1c3e8	64	FUNC	<unknown>	HIDDEN	2
__GI_endservent	.symtab	0x1ea84	188	FUNC	<unknown>	HIDDEN	2
__GI_execl	.symtab	0x1a0b4	172	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x1c428	64	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x19ff0	196	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x129ec	816	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x12308	244	FUNC	<unknown>	HIDDEN	2
__GI_fdopen	.symtab	0x1d0a4	60	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x15450	940	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x1ddc8	324	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x14e14	284	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x157fc	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x12d1c	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x1a990	972	FUNC	<unknown>	HIDDEN	2
__GI_fprintf	.symtab	0x12f28	48	FUNC	<unknown>	HIDDEN	2
__GI_fputc	.symtab	0x14f30	340	FUNC	<unknown>	HIDDEN	2
__GI_fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI_fputs	.symtab	0x15084	284	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x159a4	56	FUNC	<unknown>	HIDDEN	2
__GI_freeaddrinfo	.symtab	0x16e80	36	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x218b8	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x218dc	448	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x2146c	100	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x159dc	188	FUNC	<unknown>	HIDDEN	2
__GI_getaddrinfo	.symtab	0x16ea4	776	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI_getcwd	.symtab	0x12434	256	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x12534	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x1c468	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x1c47c	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x1c490	20	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyaddr_r	.symtab	0x17960	748	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x17c4c	724	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x20a80	836	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x214d0	132	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x12560	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x1afe0	72	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x1259c	56	FUNC	<unknown>	HIDDEN	2
__GI_getservbyname_r	.symtab	0x1ef08	328	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport	.symtab	0x1eea4	100	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport_r	.symtab	0x1ed90	276	FUNC	<unknown>	HIDDEN	2
__GI_getservent_r	.symtab	0x1ec0c	388	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x20dc4	68	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x1c4a4	64	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1c4e4	20	FUNC	<unknown>	HIDDEN	2
__GI_htonl	.symtab	0x161c4	32	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x161b4	16	FUNC	<unknown>	HIDDEN	2
__GI_if_freenameindex	.symtab	0x1f224	72	FUNC	<unknown>	HIDDEN	2
__GI_if_nameindex	.symtab	0x1f26c	592	FUNC	<unknown>	HIDDEN	2
__GI_if_nametoindex	.symtab	0x1f1ac	120	FUNC	<unknown>	HIDDEN	2
__GI_in6addr_loopback	.symtab	0x291d0	16	OBJECT	<unknown>	HIDDEN	4
__GI_inet_addr	.symtab	0x17938	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x1f9fc	248	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x1791c	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x17890	140	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x175f4	668	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x1727c	552	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x19bdc	248	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x125d4	224	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x16114	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x126b4	56	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x1811c	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x222f0	112	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x1e4d0	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x15ab0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x21cd0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x1e5c0	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x1e5e4	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x15ac0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x1c1e0	124	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x1c4f8	68	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x1c53c	64	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x1c5bc	96	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x161f4	32	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x161e4	16	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x1c96c	196	FUNC	<unknown>	HIDDEN	2
__GI_perror	.symtab	0x12d3c	116	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x1c61c	64	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x1272c	116	FUNC	<unknown>	HIDDEN	2
__GI_putc	.symtab	0x14f30	340	FUNC	<unknown>	HIDDEN	2
__GI_putc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x1b028	240	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x197b4	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x19a74	144	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x21ce0	176	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x1cae0	236	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x181a0	112	FUNC	<unknown>	HIDDEN	2
__GI_recvmsg	.symtab	0x20e4c	116	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x1c65c	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x127e4	132	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x18254	112	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x18310	136	FUNC	<unknown>	HIDDEN	2
__GI_setservent	.symtab	0x1eb40	204	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x12868	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x18398	72	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x19cd4	236	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x1c288	136	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x1c6c8	140	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x1b118	300	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x183e0	68	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x12f88	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x19b04	216	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x21554	100	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x15fc0	108	FUNC	<unknown>	HIDDEN	2
__GI_strcasestr	.symtab	0x1602c	132	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x1e6c4	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x1e7b4	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x15b60	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x15b60	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x15be0	36	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x1e8a0	68	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x160b0	52	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x15b80	96	FUNC	<unknown>	HIDDEN	2
__GI_strncmp	.symtab	0x15c04	272	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x15d14	188	FUNC	<unknown>	HIDDEN	2
__GI_strndup	.symtab	0x21d90	64	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x15dd0	204	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x1e9f8	64	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x1e8e4	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x1e934	76	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x160e4	48	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x1e980	120	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x19de0	28	FUNC	<unknown>	HIDDEN	2
__GI_strtoul	.symtab	0x19dfc	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x1a2ac	1572	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x16138	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x128a8	48	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x1299c	48	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x215b8	64	FUNC	<unknown>	HIDDEN	2
__GI_vasprintf	.symtab	0x12fbc	136	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x1a920	112	FUNC	<unknown>	HIDDEN	2
__GI_vfprintf	.symtab	0x13ba8	324	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x13044	208	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x1c754	56	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x12920	124	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x1cf70	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x1cfe8	188	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x1cfc4	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x31b00	0	OBJECT	<unknown>	DEFAULT	11
__JCR_LIST__	.symtab	0x31b00	0	OBJECT	<unknown>	DEFAULT	11
___Unwind_ForcedUnwind	.symtab	0x23bac	36	FUNC	<unknown>	HIDDEN	2
___Unwind_RaiseException	.symtab	0x23b40	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume	.symtab	0x23b64	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume_or_Rethrow	.symtab	0x23b88	36	FUNC	<unknown>	HIDDEN	2
__adddf3	.symtab	0x22418	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x22d74	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x22d74	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x22d58	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x22e04	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x22418	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x22d8c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x22dd4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x22dec	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x22dbc	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x22da4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x22ab8	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x22828	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x2240c	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x22414	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x22774	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x2274c	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x12118	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x12244	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x227c8	96	FUNC	<unknown>	HIDDEN	2
__aeabi_read_tp	.symtab	0x1c330	8	FUNC	<unknown>	DEFAULT	2
__aeabi_ui2d	.symtab	0x22728	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x12004	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x12100	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x227b4	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x23b0c	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr1	.symtab	0x23b04	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr2	.symtab	0x23afc	8	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x391e8	4	OBJECT	<unknown>	HIDDEN	15
__atexit_lock	.symtab	0x327a0	24	OBJECT	<unknown>	DEFAULT	14
__bss_end__	.symtab	0x3adec	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x327f8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x327f8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x1b624	84	FUNC	<unknown>	DEFAULT	2
__close	.symtab	0x1b270	100	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x20904	152	FUNC	<unknown>	HIDDEN	2
__close_nocancel	.symtab	0x1b254	24	FUNC	<unknown>	DEFAULT	2
__cmpdf2	.symtab	0x22cd4	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x327c8	4	OBJECT	<unknown>	DEFAULT	14
__ctype_tolower	.symtab	0x327d0	4	OBJECT	<unknown>	DEFAULT	14
__ctype_toupper	.symtab	0x325d4	4	OBJECT	<unknown>	DEFAULT	14
__curbrk	.symtab	0x39798	4	OBJECT	<unknown>	HIDDEN	15
__cxa_begin_cleanup	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_call_unexpected	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_type_match	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__data_start	.symtab	0x31bd4	0	NOTYPE	<unknown>	DEFAULT	14
__decode_dotted	.symtab	0x1faf4	248	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x21ebc	180	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x1c328	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x1c31c	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x1225c	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x22ab8	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x12118	300	FUNC	<unknown>	HIDDEN	2
__dns_lookup	.symtab	0x1fbec	2064	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x812c	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x31afc	0	OBJECT	<unknown>	DEFAULT	10
__dso_handle	.symtab	0x31bd4	0	OBJECT	<unknown>	HIDDEN	14
__encode_dotted	.symtab	0x22360	172	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x21dd0	236	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x21f70	96	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x3adec	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x391e0	4	OBJECT	<unknown>	DEFAULT	15
__eqdf2	.symtab	0x22cd4	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x129cc	32	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x1a98c	0	NOTYPE	<unknown>	DEFAULT	2
__exidx_end	.symtab	0x29af4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x299d4	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x38c90	4	OBJECT	<unknown>	HIDDEN	15
__extendsfdf2	.symtab	0x22774	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x12270	152	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x31b00	0	NOTYPE	<unknown>	HIDDEN	10
__fini_array_start	.symtab	0x31afc	0	NOTYPE	<unknown>	HIDDEN	10
__fixunsdfsi	.symtab	0x22e04	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x227c8	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x2274c	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x227b4	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x22728	36	FUNC	<unknown>	HIDDEN	2
__fork	.symtab	0x1a990	972	FUNC	<unknown>	DEFAULT	2
__fork_generation_pointer	.symtab	0x3ada4	4	OBJECT	<unknown>	HIDDEN	15
__fork_handlers	.symtab	0x3ada8	4	OBJECT	<unknown>	HIDDEN	15
__fork_lock	.symtab	0x38c94	4	OBJECT	<unknown>	HIDDEN	15
__fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	DEFAULT	2
__frame_dummy_init_array_entry	.symtab	0x31af8	0	OBJECT	<unknown>	DEFAULT	9
__gedf2	.symtab	0x22cc4	148	FUNC	<unknown>	HIDDEN	2
__get_hosts_byaddr_r	.symtab	0x2099c	152	FUNC	<unknown>	HIDDEN	2
__get_hosts_byname_r	.symtab	0x20a34	76	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x21770	328	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x12560	40	FUNC	<unknown>	DEFAULT	2
__getpid	.symtab	0x1afe0	72	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x15e9c	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gnu_Unwind_Find_exidx	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__gnu_Unwind_ForcedUnwind	.symtab	0x232b0	28	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_RaiseException	.symtab	0x23398	184	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Restore_VFP	.symtab	0x23b30	0	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume	.symtab	0x2332c	108	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume_or_Rethrow	.symtab	0x23450	32	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Save_VFP	.symtab	0x23b38	0	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_execute	.symtab	0x23c14	1812	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_frame	.symtab	0x24328	72	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_pr_common	.symtab	0x235b4	1352	FUNC	<unknown>	DEFAULT	2
__gtdf2	.symtab	0x22cc4	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x31afc	0	NOTYPE	<unknown>	HIDDEN	9
__init_array_start	.symtab	0x31af8	0	NOTYPE	<unknown>	HIDDEN	9
__initbuf	.symtab	0x1ea38	76	FUNC	<unknown>	DEFAULT	2
__ledf2	.symtab	0x22ccc	140	FUNC	<unknown>	HIDDEN	2
__libc_accept	.symtab	0x17f64	116	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x1b270	100	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x18060	116	FUNC	<unknown>	DEFAULT	2
__libc_disable_asynccancel	.symtab	0x1b400	136	FUNC	<unknown>	HIDDEN	2
__libc_enable_asynccancel	.symtab	0x1b488	220	FUNC	<unknown>	HIDDEN	2
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	8
__libc_fcntl	.symtab	0x12308	244	FUNC	<unknown>	DEFAULT	2

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 11:03:01.535269022 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:01.656626940 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:01.656678915 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:02.568042994 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:02.687772989 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:02.901859999 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:02.901912928 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:03.019748926 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:03.019799948 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:03.020165920 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:03.020167112 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:03.020220041 CET	56978	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:03.139769077 CET	6780	56978	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:08.024485111 CET	56980	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:08.144108057 CET	6780	56980	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:08.144167900 CET	56980	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:09.031954050 CET	56980	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:09.151823997 CET	6780	56980	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:09.314553976 CET	6780	56980	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:09.314630985 CET	6780	56980	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:09.314918995 CET	56980	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:09.314918995 CET	56980	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:09.434534073 CET	6780	56980	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:14.317610025 CET	56982	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:14.437493086 CET	6780	56982	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:14.438574076 CET	56982	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:15.322295904 CET	56982	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:15.541729927 CET	6780	56982	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:15.653604031 CET	6780	56982	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:15.653630018 CET	6780	56982	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:15.653656006 CET	56982	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:15.653737068 CET	56982	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:15.797507048 CET	6780	56982	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:20.655958891 CET	56984	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:20.775568008 CET	6780	56984	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:20.775645971 CET	56984	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:21.660736084 CET	56984	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:21.781117916 CET	6780	56984	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:21.936956882 CET	6780	56984	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:21.937005043 CET	6780	56984	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:21.937338114 CET	56984	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:21.937338114 CET	56984	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:22.057136059 CET	6780	56984	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:26.939387083 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:27.059124947 CET	6780	56986	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:27.059233904 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:27.944159031 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:28.063913107 CET	6780	56986	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:28.238886118 CET	6780	56986	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:28.238934994 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:28.238961935 CET	6780	56986	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:28.238998890 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:28.239012003 CET	56986	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:28.358509064 CET	6780	56986	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:33.241200924 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:33.423435926 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:33.423516989 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:33.601959944 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:33.603039980 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.246701956 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.274000883 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.295268059 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.317080021 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.338829041 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.361392975 CET	56988	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.366278887 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.367232084 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:34.393806934 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.414810896 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.437474012 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.458596945 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.480891943 CET	6780	56988	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.486828089 CET	6780	56990	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:34.486920118 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:35.372915983 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:35.493839979 CET	6780	56990	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:35.699053049 CET	6780	56990	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:35.699105024 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:35.699139118 CET	6780	56990	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:35.699157953 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:35.699183941 CET	56990	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:35.818646908 CET	6780	56990	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:40.701349974 CET	56992	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:40.821695089 CET	6780	56992	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:40.821763992 CET	56992	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:41.705202103 CET	56992	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:41.824711084 CET	6780	56992	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:42.008634090 CET	6780	56992	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:42.008656025 CET	6780	56992	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:42.008898973 CET	56992	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:42.008898973 CET	56992	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:42.128509998 CET	6780	56992	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:47.010693073 CET	56994	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:47.132603884 CET	6780	56994	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:47.132682085 CET	56994	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:48.015187025 CET	56994	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:48.134767056 CET	6780	56994	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:48.261104107 CET	6780	56994	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:48.261117935 CET	6780	56994	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:48.261178017 CET	56994	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:48.261265993 CET	56994	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:48.380810022 CET	6780	56994	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:53.263278961 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:53.383120060 CET	6780	56996	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:53.384860039 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:54.269481897 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:54.389242887 CET	6780	56996	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:54.553143978 CET	6780	56996	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:54.553193092 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:54.553255081 CET	6780	56996	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:54.553272009 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:54.553308010 CET	56996	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:54.672898054 CET	6780	56996	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:59.554891109 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:03:59.677125931 CET	6780	56998	95.234.158.87	192.168.2.14
Nov 23, 2024 11:03:59.677200079 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:00.558913946 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:00.678731918 CET	6780	56998	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:00.829308033 CET	6780	56998	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:00.829392910 CET	6780	56998	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:00.829407930 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:00.829576015 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:00.829659939 CET	56998	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:00.949029922 CET	6780	56998	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:05.830987930 CET	57000	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:05.950469971 CET	6780	57000	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:05.950540066 CET	57000	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:06.835817099 CET	57000	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:06.955512047 CET	6780	57000	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:07.054775953 CET	6780	57000	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:07.054817915 CET	57000	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:07.054828882 CET	6780	57000	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:07.054882050 CET	57000	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:07.174460888 CET	6780	57000	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:12.057707071 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:12.177602053 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:12.177678108 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:13.062572002 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:13.182180882 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:13.466115952 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:13.466377974 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:13.581813097 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:13.581976891 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:13.582098007 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:13.582206011 CET	57002	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:13.701687098 CET	6780	57002	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:18.584146023 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:18.704000950 CET	6780	57004	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:18.704092026 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:19.590106964 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:19.710067987 CET	6780	57004	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:19.871735096 CET	6780	57004	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:19.871793032 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:19.871901989 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:19.871915102 CET	6780	57004	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:19.871958971 CET	57004	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:19.991635084 CET	6780	57004	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:24.874231100 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:24.994359970 CET	6780	57006	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:24.994422913 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:25.879108906 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:25.999403000 CET	6780	57006	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:26.182750940 CET	6780	57006	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:26.182828903 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:26.182841063 CET	6780	57006	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:26.182889938 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:26.182889938 CET	57006	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:26.302342892 CET	6780	57006	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:31.184858084 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:31.357443094 CET	6780	57008	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:31.357500076 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:32.264138937 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:32.383527040 CET	6780	57008	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:32.636693001 CET	6780	57008	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:32.636842966 CET	6780	57008	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:32.636921883 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:32.636921883 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:32.636961937 CET	57008	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:32.756493092 CET	6780	57008	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:37.638123989 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:37.757834911 CET	6780	57010	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:37.757946968 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:38.642565966 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:38.762326956 CET	6780	57010	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:38.899036884 CET	6780	57010	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:38.899091959 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:38.899214029 CET	6780	57010	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:38.899291039 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:38.899291039 CET	57010	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:39.018809080 CET	6780	57010	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:43.901165009 CET	57012	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:44.020673990 CET	6780	57012	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:44.020793915 CET	57012	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:44.905766010 CET	57012	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:45.025741100 CET	6780	57012	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:45.188203096 CET	6780	57012	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:45.188262939 CET	6780	57012	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:45.188344955 CET	57012	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:45.188410997 CET	57012	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:45.308027983 CET	6780	57012	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:50.190376997 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:50.310340881 CET	6780	57014	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:50.310408115 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:51.194256067 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:51.314379930 CET	6780	57014	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:51.439774990 CET	6780	57014	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:51.439830065 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:51.439871073 CET	6780	57014	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:51.439909935 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:51.439930916 CET	57014	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:51.762479067 CET	6780	57014	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:56.441803932 CET	57016	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:56.561927080 CET	6780	57016	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:56.562186003 CET	57016	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:57.446993113 CET	57016	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:57.738323927 CET	6780	57016	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:57.760751009 CET	6780	57016	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:57.760761976 CET	6780	57016	95.234.158.87	192.168.2.14
Nov 23, 2024 11:04:57.760791063 CET	57016	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:57.760839939 CET	57016	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:04:57.880319118 CET	6780	57016	95.234.158.87	192.168.2.14
Nov 23, 2024 11:05:02.762803078 CET	57018	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:05:02.882355928 CET	6780	57018	95.234.158.87	192.168.2.14
Nov 23, 2024 11:05:02.882419109 CET	57018	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:05:03.766823053 CET	57018	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:05:03.888164997 CET	6780	57018	95.234.158.87	192.168.2.14
Nov 23, 2024 11:05:04.048338890 CET	6780	57018	95.234.158.87	192.168.2.14
Nov 23, 2024 11:05:04.048374891 CET	6780	57018	95.234.158.87	192.168.2.14
Nov 23, 2024 11:05:04.048475981 CET	57018	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:05:04.048573017 CET	57018	6780	192.168.2.14	95.234.158.87
Nov 23, 2024 11:05:04.168586016 CET	6780	57018	95.234.158.87	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 11:03:03.093698978 CET	60887	53	192.168.2.14	1.1.1.1
Nov 23, 2024 11:03:03.093763113 CET	37566	53	192.168.2.14	1.1.1.1
Nov 23, 2024 11:03:03.317265034 CET	53	60887	1.1.1.1	192.168.2.14
Nov 23, 2024 11:03:03.350330114 CET	53	37566	1.1.1.1	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 23, 2024 11:03:03.093698978 CET	192.168.2.14	1.1.1.1	0x2333	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 11:03:03.093763113 CET	192.168.2.14	1.1.1.1	0x3be1	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 23, 2024 11:03:03.317265034 CET	1.1.1.1	192.168.2.14	0x2333	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Nov 23, 2024 11:03:03.317265034 CET	1.1.1.1	192.168.2.14	0x2333	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

IRC Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 23, 2024 11:03:02.568042994 CET	56978	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:09.031954050 CET	56980	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:15.322295904 CET	56982	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:21.660736084 CET	56984	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:27.944159031 CET	56986	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.246701956 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.274000883 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.295268059 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.317080021 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.338829041 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:34.361392975 CET	56988	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:35.372915983 CET	56990	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:41.705202103 CET	56992	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:48.015187025 CET	56994	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:03:54.269481897 CET	56996	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:00.558913946 CET	56998	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:06.835817099 CET	57000	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:13.062572002 CET	57002	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:19.590106964 CET	57004	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:25.879108906 CET	57006	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:32.264138937 CET	57008	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:38.642565966 CET	57010	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:44.905766010 CET	57012	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:51.194256067 CET	57014	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:04:57.446993113 CET	57016	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS
Nov 23, 2024 11:05:03.766823053 CET	57018	6780	192.168.2.14	95.234.158.87	NICK [OSX\|ARM4T]GZT45PcS USER GZT45PcS localhost localhost :GZT45PcS

System Behavior

Analysis Process: yakuza.arm7.elf PID: 5503, Parent PID: 5428

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	/tmp/yakuza.arm7.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5505, Parent PID: 5503

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5507, Parent PID: 5505

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5508, Parent PID: 5505

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5510, Parent PID: 5505

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5510, Parent PID: 5505

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5513, Parent PID: 5510

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5513, Parent PID: 5510

General

Start time (UTC):	10:03:00
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 902i13
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5547, Parent PID: 5510

General

Start time (UTC):	10:03:04
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5547, Parent PID: 5510

General

Start time (UTC):	10:03:04
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 902i13
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5550, Parent PID: 5505

General

Start time (UTC):	10:03:05
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5550, Parent PID: 5505

General

Start time (UTC):	10:03:05
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5556, Parent PID: 5550

General

Start time (UTC):	10:03:05
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5556, Parent PID: 5550

General

Start time (UTC):	10:03:05
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 BzSxLxBxeY
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5557, Parent PID: 5550

General

Start time (UTC):	10:03:07
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5557, Parent PID: 5550

General

Start time (UTC):	10:03:07
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 BzSxLxBxeY
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5558, Parent PID: 5505

General

Start time (UTC):	10:03:08
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5558, Parent PID: 5505

General

Start time (UTC):	10:03:08
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5560, Parent PID: 5558

General

Start time (UTC):	10:03:08
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5560, Parent PID: 5558

General

Start time (UTC):	10:03:08
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-LUGO7
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5564, Parent PID: 5558

General

Start time (UTC):	10:03:10
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5564, Parent PID: 5558

General

Start time (UTC):	10:03:10
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-LUGO7
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5565, Parent PID: 5505

General

Start time (UTC):	10:03:11
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5565, Parent PID: 5505

General

Start time (UTC):	10:03:11
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5567, Parent PID: 5565

General

Start time (UTC):	10:03:11
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5567, Parent PID: 5565

General

Start time (UTC):	10:03:11
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5568, Parent PID: 5565

General

Start time (UTC):	10:03:12
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5568, Parent PID: 5565

General

Start time (UTC):	10:03:12
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5569, Parent PID: 5505

General

Start time (UTC):	10:03:13
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5569, Parent PID: 5505

General

Start time (UTC):	10:03:13
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5575, Parent PID: 5569

General

Start time (UTC):	10:03:13
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5575, Parent PID: 5569

General

Start time (UTC):	10:03:13
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 JuYfouyf87
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5578, Parent PID: 5569

General

Start time (UTC):	10:03:15
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5578, Parent PID: 5569

General

Start time (UTC):	10:03:15
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 JuYfouyf87
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5579, Parent PID: 5505

General

Start time (UTC):	10:03:16
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5579, Parent PID: 5505

General

Start time (UTC):	10:03:16
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5581, Parent PID: 5579

General

Start time (UTC):	10:03:16
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5581, Parent PID: 5579

General

Start time (UTC):	10:03:16
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5582, Parent PID: 5579

General

Start time (UTC):	10:03:17
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5582, Parent PID: 5579

General

Start time (UTC):	10:03:17
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5583, Parent PID: 5505

General

Start time (UTC):	10:03:18
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5583, Parent PID: 5505

General

Start time (UTC):	10:03:18
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5588, Parent PID: 5583

General

Start time (UTC):	10:03:18
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5588, Parent PID: 5583

General

Start time (UTC):	10:03:18
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SO190Ij1X
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5591, Parent PID: 5583

General

Start time (UTC):	10:03:19
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5591, Parent PID: 5583

General

Start time (UTC):	10:03:19
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SO190Ij1X
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5610, Parent PID: 5505

General

Start time (UTC):	10:03:20
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5610, Parent PID: 5505

General

Start time (UTC):	10:03:20
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5614, Parent PID: 5610

General

Start time (UTC):	10:03:20
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5614, Parent PID: 5610

General

Start time (UTC):	10:03:20
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 LOLKIKEEEDDE
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5616, Parent PID: 5610

General

Start time (UTC):	10:03:22
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5616, Parent PID: 5610

General

Start time (UTC):	10:03:22
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 LOLKIKEEEDDE
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5617, Parent PID: 5505

General

Start time (UTC):	10:03:23
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5617, Parent PID: 5505

General

Start time (UTC):	10:03:23
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5619, Parent PID: 5617

General

Start time (UTC):	10:03:23
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5619, Parent PID: 5617

General

Start time (UTC):	10:03:23
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ekjheory98e
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5622, Parent PID: 5617

General

Start time (UTC):	10:03:25
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5622, Parent PID: 5617

General

Start time (UTC):	10:03:25
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ekjheory98e
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5623, Parent PID: 5505

General

Start time (UTC):	10:03:26
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5623, Parent PID: 5505

General

Start time (UTC):	10:03:26
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5625, Parent PID: 5623

General

Start time (UTC):	10:03:26
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5625, Parent PID: 5623

General

Start time (UTC):	10:03:26
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scansh4
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5626, Parent PID: 5623

General

Start time (UTC):	10:03:27
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5626, Parent PID: 5623

General

Start time (UTC):	10:03:27
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scansh4
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5627, Parent PID: 5505

General

Start time (UTC):	10:03:28
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5627, Parent PID: 5505

General

Start time (UTC):	10:03:28
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5633, Parent PID: 5627

General

Start time (UTC):	10:03:28
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5633, Parent PID: 5627

General

Start time (UTC):	10:03:28
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MDMA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5636, Parent PID: 5627

General

Start time (UTC):	10:03:30
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5636, Parent PID: 5627

General

Start time (UTC):	10:03:30
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MDMA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5637, Parent PID: 5505

General

Start time (UTC):	10:03:31
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5637, Parent PID: 5505

General

Start time (UTC):	10:03:31
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5639, Parent PID: 5637

General

Start time (UTC):	10:03:31
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5639, Parent PID: 5637

General

Start time (UTC):	10:03:31
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 fdevalvex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5640, Parent PID: 5637

General

Start time (UTC):	10:03:32
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5640, Parent PID: 5637

General

Start time (UTC):	10:03:32
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 fdevalvex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5641, Parent PID: 5505

General

Start time (UTC):	10:03:33
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5641, Parent PID: 5505

General

Start time (UTC):	10:03:33
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5646, Parent PID: 5641

General

Start time (UTC):	10:03:33
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5646, Parent PID: 5641

General

Start time (UTC):	10:03:33
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanspc
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5649, Parent PID: 5641

General

Start time (UTC):	10:03:34
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5649, Parent PID: 5641

General

Start time (UTC):	10:03:34
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanspc
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5650, Parent PID: 5505

General

Start time (UTC):	10:03:35
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5650, Parent PID: 5505

General

Start time (UTC):	10:03:35
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5655, Parent PID: 5650

General

Start time (UTC):	10:03:35
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5655, Parent PID: 5650

General

Start time (UTC):	10:03:35
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MELTEDNINJAREALZ
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5656, Parent PID: 5650

General

Start time (UTC):	10:03:37
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5656, Parent PID: 5650

General

Start time (UTC):	10:03:37
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MELTEDNINJAREALZ
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5657, Parent PID: 5505

General

Start time (UTC):	10:03:38
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5657, Parent PID: 5505

General

Start time (UTC):	10:03:38
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5659, Parent PID: 5657

General

Start time (UTC):	10:03:38
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5659, Parent PID: 5657

General

Start time (UTC):	10:03:38
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 flexsonskids
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5663, Parent PID: 5657

General

Start time (UTC):	10:03:40
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5663, Parent PID: 5657

General

Start time (UTC):	10:03:40
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 flexsonskids
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5664, Parent PID: 5505

General

Start time (UTC):	10:03:41
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5664, Parent PID: 5505

General

Start time (UTC):	10:03:41
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5666, Parent PID: 5664

General

Start time (UTC):	10:03:41
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5666, Parent PID: 5664

General

Start time (UTC):	10:03:41
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanx86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5667, Parent PID: 5664

General

Start time (UTC):	10:03:42
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5667, Parent PID: 5664

General

Start time (UTC):	10:03:42
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanx86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5668, Parent PID: 5505

General

Start time (UTC):	10:03:43
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5668, Parent PID: 5505

General

Start time (UTC):	10:03:43
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5674, Parent PID: 5668

General

Start time (UTC):	10:03:43
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5674, Parent PID: 5668

General

Start time (UTC):	10:03:43
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MISAKI-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5677, Parent PID: 5668

General

Start time (UTC):	10:03:45
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5677, Parent PID: 5668

General

Start time (UTC):	10:03:45
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MISAKI-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5678, Parent PID: 5505

General

Start time (UTC):	10:03:46
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5678, Parent PID: 5505

General

Start time (UTC):	10:03:46
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5680, Parent PID: 5678

General

Start time (UTC):	10:03:46
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5680, Parent PID: 5678

General

Start time (UTC):	10:03:46
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 foAxi102kxe
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5681, Parent PID: 5678

General

Start time (UTC):	10:03:47
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5681, Parent PID: 5678

General

Start time (UTC):	10:03:47
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 foAxi102kxe
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5682, Parent PID: 5505

General

Start time (UTC):	10:03:48
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5682, Parent PID: 5505

General

Start time (UTC):	10:03:48
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5684, Parent PID: 5682

General

Start time (UTC):	10:03:48
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5684, Parent PID: 5682

General

Start time (UTC):	10:03:48
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 swodjwodjwoj
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5687, Parent PID: 5682

General

Start time (UTC):	10:03:49
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5687, Parent PID: 5682

General

Start time (UTC):	10:03:49
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 swodjwodjwoj
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5690, Parent PID: 5505

General

Start time (UTC):	10:03:50
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5690, Parent PID: 5505

General

Start time (UTC):	10:03:50
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5695, Parent PID: 5690

General

Start time (UTC):	10:03:50
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5695, Parent PID: 5690

General

Start time (UTC):	10:03:50
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MmKiy7f87l
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5696, Parent PID: 5690

General

Start time (UTC):	10:03:51
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5696, Parent PID: 5690

General

Start time (UTC):	10:03:51
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MmKiy7f87l
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5697, Parent PID: 5505

General

Start time (UTC):	10:03:52
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5697, Parent PID: 5505

General

Start time (UTC):	10:03:52
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5703, Parent PID: 5697

General

Start time (UTC):	10:03:52
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5703, Parent PID: 5697

General

Start time (UTC):	10:03:52
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 freecookiex86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5704, Parent PID: 5697

General

Start time (UTC):	10:03:54
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5704, Parent PID: 5697

General

Start time (UTC):	10:03:54
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 freecookiex86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5707, Parent PID: 5505

General

Start time (UTC):	10:03:55
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5707, Parent PID: 5505

General

Start time (UTC):	10:03:55
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5709, Parent PID: 5707

General

Start time (UTC):	10:03:55
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5709, Parent PID: 5707

General

Start time (UTC):	10:03:55
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysgpu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5710, Parent PID: 5707

General

Start time (UTC):	10:03:56
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5710, Parent PID: 5707

General

Start time (UTC):	10:03:56
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysgpu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5711, Parent PID: 5505

General

Start time (UTC):	10:03:57
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5711, Parent PID: 5505

General

Start time (UTC):	10:03:57
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5713, Parent PID: 5711

General

Start time (UTC):	10:03:57
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5713, Parent PID: 5711

General

Start time (UTC):	10:03:57
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5714, Parent PID: 5711

General

Start time (UTC):	10:03:58
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5714, Parent PID: 5711

General

Start time (UTC):	10:03:58
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5717, Parent PID: 5505

General

Start time (UTC):	10:03:59
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5717, Parent PID: 5505

General

Start time (UTC):	10:03:59
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5722, Parent PID: 5717

General

Start time (UTC):	10:03:59
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5722, Parent PID: 5717

General

Start time (UTC):	10:03:59
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgege
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5723, Parent PID: 5717

General

Start time (UTC):	10:04:01
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5723, Parent PID: 5717

General

Start time (UTC):	10:04:01
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgege
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5724, Parent PID: 5505

General

Start time (UTC):	10:04:02
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5724, Parent PID: 5505

General

Start time (UTC):	10:04:02
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5726, Parent PID: 5724

General

Start time (UTC):	10:04:02
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5726, Parent PID: 5724

General

Start time (UTC):	10:04:02
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysupdater
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5727, Parent PID: 5724

General

Start time (UTC):	10:04:03
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5727, Parent PID: 5724

General

Start time (UTC):	10:04:03
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysupdater
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5730, Parent PID: 5505

General

Start time (UTC):	10:04:04
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5730, Parent PID: 5505

General

Start time (UTC):	10:04:04
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5735, Parent PID: 5730

General

Start time (UTC):	10:04:05
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5735, Parent PID: 5730

General

Start time (UTC):	10:04:05
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0DnAzepd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5736, Parent PID: 5730

General

Start time (UTC):	10:04:06
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5736, Parent PID: 5730

General

Start time (UTC):	10:04:06
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0DnAzepd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5737, Parent PID: 5505

General

Start time (UTC):	10:04:07
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5737, Parent PID: 5505

General

Start time (UTC):	10:04:07
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5739, Parent PID: 5737

General

Start time (UTC):	10:04:07
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5739, Parent PID: 5737

General

Start time (UTC):	10:04:07
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRD0nks69
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5741, Parent PID: 5737

General

Start time (UTC):	10:04:09
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5741, Parent PID: 5737

General

Start time (UTC):	10:04:09
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRD0nks69
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5744, Parent PID: 5505

General

Start time (UTC):	10:04:10
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5744, Parent PID: 5505

General

Start time (UTC):	10:04:10
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5746, Parent PID: 5744

General

Start time (UTC):	10:04:10
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5746, Parent PID: 5744

General

Start time (UTC):	10:04:10
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgreu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5747, Parent PID: 5744

General

Start time (UTC):	10:04:12
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5747, Parent PID: 5744

General

Start time (UTC):	10:04:12
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgreu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5748, Parent PID: 5505

General

Start time (UTC):	10:04:13
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5748, Parent PID: 5505

General

Start time (UTC):	10:04:13
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5750, Parent PID: 5748

General

Start time (UTC):	10:04:13
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5750, Parent PID: 5748

General

Start time (UTC):	10:04:13
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 telnetd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5753, Parent PID: 5748

General

Start time (UTC):	10:04:14
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5753, Parent PID: 5748

General

Start time (UTC):	10:04:14
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 telnetd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5754, Parent PID: 5505

General

Start time (UTC):	10:04:15
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5754, Parent PID: 5505

General

Start time (UTC):	10:04:15
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5760, Parent PID: 5754

General

Start time (UTC):	10:04:15
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5760, Parent PID: 5754

General

Start time (UTC):	10:04:15
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0x766f6964
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5761, Parent PID: 5754

General

Start time (UTC):	10:04:17
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5761, Parent PID: 5754

General

Start time (UTC):	10:04:17
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0x766f6964
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5762, Parent PID: 5505

General

Start time (UTC):	10:04:18
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5762, Parent PID: 5505

General

Start time (UTC):	10:04:18
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5764, Parent PID: 5762

General

Start time (UTC):	10:04:18
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5764, Parent PID: 5762

General

Start time (UTC):	10:04:18
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRd0nks1337
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5765, Parent PID: 5762

General

Start time (UTC):	10:04:19
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5765, Parent PID: 5762

General

Start time (UTC):	10:04:19
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRd0nks1337
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5768, Parent PID: 5505

General

Start time (UTC):	10:04:20
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5768, Parent PID: 5505

General

Start time (UTC):	10:04:20
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5770, Parent PID: 5768

General

Start time (UTC):	10:04:20
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5770, Parent PID: 5768

General

Start time (UTC):	10:04:20
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 gaft
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5771, Parent PID: 5768

General

Start time (UTC):	10:04:21
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5771, Parent PID: 5768

General

Start time (UTC):	10:04:21
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 gaft
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5772, Parent PID: 5505

General

Start time (UTC):	10:04:23
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5772, Parent PID: 5505

General

Start time (UTC):	10:04:23
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5777, Parent PID: 5772

General

Start time (UTC):	10:04:23
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5777, Parent PID: 5772

General

Start time (UTC):	10:04:23
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 urasgbsigboa
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5779, Parent PID: 5772

General

Start time (UTC):	10:04:24
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5779, Parent PID: 5772

General

Start time (UTC):	10:04:24
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 urasgbsigboa
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5782, Parent PID: 5505

General

Start time (UTC):	10:04:25
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5782, Parent PID: 5505

General

Start time (UTC):	10:04:25
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5787, Parent PID: 5782

General

Start time (UTC):	10:04:25
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5787, Parent PID: 5782

General

Start time (UTC):	10:04:25
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 120i3UI49
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5788, Parent PID: 5782

General

Start time (UTC):	10:04:26
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5788, Parent PID: 5782

General

Start time (UTC):	10:04:26
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 120i3UI49
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5789, Parent PID: 5505

General

Start time (UTC):	10:04:27
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5789, Parent PID: 5505

General

Start time (UTC):	10:04:27
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5791, Parent PID: 5789

General

Start time (UTC):	10:04:27
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5791, Parent PID: 5789

General

Start time (UTC):	10:04:27
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OaF3
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5792, Parent PID: 5789

General

Start time (UTC):	10:04:28
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5792, Parent PID: 5789

General

Start time (UTC):	10:04:28
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OaF3
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5795, Parent PID: 5505

General

Start time (UTC):	10:04:29
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5795, Parent PID: 5505

General

Start time (UTC):	10:04:29
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5800, Parent PID: 5795

General

Start time (UTC):	10:04:29
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5800, Parent PID: 5795

General

Start time (UTC):	10:04:29
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 geae
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5801, Parent PID: 5795

General

Start time (UTC):	10:04:31
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5801, Parent PID: 5795

General

Start time (UTC):	10:04:31
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 geae
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5802, Parent PID: 5505

General

Start time (UTC):	10:04:32
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5802, Parent PID: 5505

General

Start time (UTC):	10:04:32
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5804, Parent PID: 5802

General

Start time (UTC):	10:04:32
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5804, Parent PID: 5802

General

Start time (UTC):	10:04:32
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 vaiolmao
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5805, Parent PID: 5802

General

Start time (UTC):	10:04:33
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5805, Parent PID: 5802

General

Start time (UTC):	10:04:33
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 vaiolmao
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5808, Parent PID: 5505

General

Start time (UTC):	10:04:34
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5808, Parent PID: 5505

General

Start time (UTC):	10:04:34
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5813, Parent PID: 5808

General

Start time (UTC):	10:04:34
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5813, Parent PID: 5808

General

Start time (UTC):	10:04:34
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 123123a
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5814, Parent PID: 5808

General

Start time (UTC):	10:04:36
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5814, Parent PID: 5808

General

Start time (UTC):	10:04:36
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 123123a
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5815, Parent PID: 5505

General

Start time (UTC):	10:04:37
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5815, Parent PID: 5505

General

Start time (UTC):	10:04:37
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5817, Parent PID: 5815

General

Start time (UTC):	10:04:37
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5817, Parent PID: 5815

General

Start time (UTC):	10:04:37
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 Ofurain0n4H34D
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5818, Parent PID: 5815

General

Start time (UTC):	10:04:38
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5818, Parent PID: 5815

General

Start time (UTC):	10:04:38
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 Ofurain0n4H34D
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5822, Parent PID: 5505

General

Start time (UTC):	10:04:39
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5822, Parent PID: 5505

General

Start time (UTC):	10:04:39
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5826, Parent PID: 5822

General

Start time (UTC):	10:04:40
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5826, Parent PID: 5822

General

Start time (UTC):	10:04:40
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggTrex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5829, Parent PID: 5822

General

Start time (UTC):	10:04:41
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5829, Parent PID: 5822

General

Start time (UTC):	10:04:41
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggTrex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5830, Parent PID: 5505

General

Start time (UTC):	10:04:42
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5830, Parent PID: 5505

General

Start time (UTC):	10:04:42
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5832, Parent PID: 5830

General

Start time (UTC):	10:04:42
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5832, Parent PID: 5830

General

Start time (UTC):	10:04:42
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wasads
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5833, Parent PID: 5830

General

Start time (UTC):	10:04:44
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5833, Parent PID: 5830

General

Start time (UTC):	10:04:44
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wasads
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5836, Parent PID: 5505

General

Start time (UTC):	10:04:45
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5836, Parent PID: 5505

General

Start time (UTC):	10:04:45
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5841, Parent PID: 5836

General

Start time (UTC):	10:04:45
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5841, Parent PID: 5836

General

Start time (UTC):	10:04:45
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1293194hjXD
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5842, Parent PID: 5836

General

Start time (UTC):	10:04:46
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5842, Parent PID: 5836

General

Start time (UTC):	10:04:46
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1293194hjXD
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5843, Parent PID: 5505

General

Start time (UTC):	10:04:47
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5843, Parent PID: 5505

General

Start time (UTC):	10:04:47
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5845, Parent PID: 5843

General

Start time (UTC):	10:04:47
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5845, Parent PID: 5843

General

Start time (UTC):	10:04:47
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OthLaLosn
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5846, Parent PID: 5843

General

Start time (UTC):	10:04:48
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5846, Parent PID: 5843

General

Start time (UTC):	10:04:48
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OthLaLosn
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5849, Parent PID: 5505

General

Start time (UTC):	10:04:49
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5849, Parent PID: 5505

General

Start time (UTC):	10:04:49
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5854, Parent PID: 5849

General

Start time (UTC):	10:04:49
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5854, Parent PID: 5849

General

Start time (UTC):	10:04:49
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggt
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5857, Parent PID: 5849

General

Start time (UTC):	10:04:50
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5857, Parent PID: 5849

General

Start time (UTC):	10:04:50
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggt
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5858, Parent PID: 5505

General

Start time (UTC):	10:04:51
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5858, Parent PID: 5505

General

Start time (UTC):	10:04:51
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5860, Parent PID: 5858

General

Start time (UTC):	10:04:51
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5860, Parent PID: 5858

General

Start time (UTC):	10:04:51
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wget-log
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5861, Parent PID: 5858

General

Start time (UTC):	10:04:52
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5861, Parent PID: 5858

General

Start time (UTC):	10:04:52
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wget-log
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5862, Parent PID: 5505

General

Start time (UTC):	10:04:53
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5862, Parent PID: 5505

General

Start time (UTC):	10:04:53
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5868, Parent PID: 5862

General

Start time (UTC):	10:04:53
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5868, Parent PID: 5862

General

Start time (UTC):	10:04:53
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1337SoraLOADER
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5871, Parent PID: 5862

General

Start time (UTC):	10:04:55
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5871, Parent PID: 5862

General

Start time (UTC):	10:04:55
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1337SoraLOADER
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5872, Parent PID: 5505

General

Start time (UTC):	10:04:56
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5872, Parent PID: 5505

General

Start time (UTC):	10:04:56
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5877, Parent PID: 5872

General

Start time (UTC):	10:04:56
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5877, Parent PID: 5872

General

Start time (UTC):	10:04:56
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SAIAKINA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5878, Parent PID: 5872

General

Start time (UTC):	10:04:57
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5878, Parent PID: 5872

General

Start time (UTC):	10:04:57
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SAIAKINA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5879, Parent PID: 5505

General

Start time (UTC):	10:04:58
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5879, Parent PID: 5505

General

Start time (UTC):	10:04:58
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5881, Parent PID: 5879

General

Start time (UTC):	10:04:58
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5881, Parent PID: 5879

General

Start time (UTC):	10:04:58
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggtq
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5884, Parent PID: 5879

General

Start time (UTC):	10:05:00
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5884, Parent PID: 5879

General

Start time (UTC):	10:05:00
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggtq
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5885, Parent PID: 5505

General

Start time (UTC):	10:05:01
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5885, Parent PID: 5505

General

Start time (UTC):	10:05:01
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5889, Parent PID: 5885

General

Start time (UTC):	10:05:01
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5889, Parent PID: 5885

General

Start time (UTC):	10:05:01
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1378bfp919GRB1Q2
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5891, Parent PID: 5885

General

Start time (UTC):	10:05:02
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5891, Parent PID: 5885

General

Start time (UTC):	10:05:02
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1378bfp919GRB1Q2
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5892, Parent PID: 5505

General

Start time (UTC):	10:05:03
Start date (UTC):	23/11/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5892, Parent PID: 5505

General

Start time (UTC):	10:05:03
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SAIAKUSO \|\| busybox pkill -9 SAIAKUSO"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5894, Parent PID: 5892

General

Start time (UTC):	10:05:03
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5894, Parent PID: 5892

General

Start time (UTC):	10:05:03
Start date (UTC):	23/11/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SAIAKUSO
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5897, Parent PID: 5892

General

Start time (UTC):	10:05:04
Start date (UTC):	23/11/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5897, Parent PID: 5892

General

Start time (UTC):	10:05:04
Start date (UTC):	23/11/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SAIAKUSO
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained. Without knowledge of the password for an account or set of accounts, an adversary may systematically guess the password using a repetitive or iterative mechanism. Brute forcing passwords can take place via interaction with a service that will check the validity of those credentials or offline against previously acquired credential data, such as password hashes.
Tactics:	Credential Access
Data Sources:	Application Log: Application Log Content, Command: Command Execution, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report yakuza.arm7.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

IRC Packets

System Behavior

Analysis Process: yakuza.arm7.elf PID: 5503, Parent PID: 5428

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5505, Parent PID: 5503

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5507, Parent PID: 5505

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5508, Parent PID: 5505

General

Linux Analysis Report
yakuza.arm7.elf