Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
yakuza.ppc.elf

Overview

General Information

Sample name:yakuza.ppc.elf
Analysis ID:1561402
MD5:79634876f190036b8b502b18ec19091d
SHA1:ec5522c01efaede1145fe409c27446e900c48d70
SHA256:b6fa1de9fec1861ce91022f270fa05bada43174ea8b35aca238e330ead60c0b8
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Uses IRC for communication with a C&C
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample contains strings that are user agent strings indicative of HTTP manipulation
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1561402
Start date and time:2024-11-23 11:02:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:yakuza.ppc.elf
Detection:MAL
Classification:mal72.troj.linELF@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:/tmp/yakuza.ppc.elf
PID:5527
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
CAPSAICIN
Standard Error:

Process Tree

  • system is lnxubuntu20
  • yakuza.ppc.elf (PID: 5527, Parent: 5446, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/yakuza.ppc.elf
    • yakuza.ppc.elf New Fork (PID: 5529, Parent: 5527)
      • sh (PID: 5535, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
        • sh New Fork (PID: 5541, Parent: 5535)
        • pkill (PID: 5541, Parent: 5535, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 902i13
        • sh New Fork (PID: 5542, Parent: 5535)
        • busybox (PID: 5542, Parent: 5535, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 902i13
      • sh (PID: 5545, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
        • sh New Fork (PID: 5550, Parent: 5545)
        • pkill (PID: 5550, Parent: 5545, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 BzSxLxBxeY
        • sh New Fork (PID: 5551, Parent: 5545)
        • busybox (PID: 5551, Parent: 5545, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 BzSxLxBxeY
      • sh (PID: 5552, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
        • sh New Fork (PID: 5557, Parent: 5552)
        • pkill (PID: 5557, Parent: 5552, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-LUGO7
        • sh New Fork (PID: 5560, Parent: 5552)
        • busybox (PID: 5560, Parent: 5552, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-LUGO7
      • sh (PID: 5561, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
        • sh New Fork (PID: 5566, Parent: 5561)
        • pkill (PID: 5566, Parent: 5561, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-U79OL
        • sh New Fork (PID: 5567, Parent: 5561)
        • busybox (PID: 5567, Parent: 5561, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-U79OL
      • sh (PID: 5568, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
        • sh New Fork (PID: 5570, Parent: 5568)
        • pkill (PID: 5570, Parent: 5568, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 JuYfouyf87
        • sh New Fork (PID: 5573, Parent: 5568)
        • busybox (PID: 5573, Parent: 5568, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 JuYfouyf87
      • sh (PID: 5574, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        • sh New Fork (PID: 5576, Parent: 5574)
        • pkill (PID: 5576, Parent: 5574, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd
        • sh New Fork (PID: 5577, Parent: 5574)
        • busybox (PID: 5577, Parent: 5574, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd
      • sh (PID: 5578, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
        • sh New Fork (PID: 5584, Parent: 5578)
        • pkill (PID: 5584, Parent: 5578, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SO190Ij1X
        • sh New Fork (PID: 5587, Parent: 5578)
        • busybox (PID: 5587, Parent: 5578, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SO190Ij1X
      • sh (PID: 5588, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
        • sh New Fork (PID: 5590, Parent: 5588)
        • pkill (PID: 5590, Parent: 5588, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 LOLKIKEEEDDE
        • sh New Fork (PID: 5610, Parent: 5588)
        • busybox (PID: 5610, Parent: 5588, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 LOLKIKEEEDDE
      • sh (PID: 5611, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
        • sh New Fork (PID: 5616, Parent: 5611)
        • pkill (PID: 5616, Parent: 5611, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ekjheory98e
        • sh New Fork (PID: 5619, Parent: 5611)
        • busybox (PID: 5619, Parent: 5611, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ekjheory98e
      • sh (PID: 5620, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
        • sh New Fork (PID: 5622, Parent: 5620)
        • pkill (PID: 5622, Parent: 5620, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scansh4
        • sh New Fork (PID: 5623, Parent: 5620)
        • busybox (PID: 5623, Parent: 5620, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scansh4
      • sh (PID: 5624, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
        • sh New Fork (PID: 5626, Parent: 5624)
        • pkill (PID: 5626, Parent: 5624, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MDMA
        • sh New Fork (PID: 5630, Parent: 5624)
        • busybox (PID: 5630, Parent: 5624, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MDMA
      • sh (PID: 5631, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
        • sh New Fork (PID: 5637, Parent: 5631)
        • pkill (PID: 5637, Parent: 5631, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 fdevalvex
        • sh New Fork (PID: 5638, Parent: 5631)
        • busybox (PID: 5638, Parent: 5631, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 fdevalvex
      • sh (PID: 5639, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
        • sh New Fork (PID: 5644, Parent: 5639)
        • pkill (PID: 5644, Parent: 5639, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanspc
        • sh New Fork (PID: 5647, Parent: 5639)
        • busybox (PID: 5647, Parent: 5639, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanspc
      • sh (PID: 5648, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
        • sh New Fork (PID: 5653, Parent: 5648)
        • pkill (PID: 5653, Parent: 5648, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MELTEDNINJAREALZ
        • sh New Fork (PID: 5654, Parent: 5648)
        • busybox (PID: 5654, Parent: 5648, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MELTEDNINJAREALZ
      • sh (PID: 5655, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
        • sh New Fork (PID: 5659, Parent: 5655)
        • pkill (PID: 5659, Parent: 5655, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 flexsonskids
        • sh New Fork (PID: 5663, Parent: 5655)
        • busybox (PID: 5663, Parent: 5655, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 flexsonskids
      • sh (PID: 5664, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
        • sh New Fork (PID: 5669, Parent: 5664)
        • pkill (PID: 5669, Parent: 5664, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanx86
        • sh New Fork (PID: 5670, Parent: 5664)
        • busybox (PID: 5670, Parent: 5664, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanx86
      • sh (PID: 5671, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
        • sh New Fork (PID: 5673, Parent: 5671)
        • pkill (PID: 5673, Parent: 5671, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MISAKI-U79OL
        • sh New Fork (PID: 5676, Parent: 5671)
        • busybox (PID: 5676, Parent: 5671, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MISAKI-U79OL
      • sh (PID: 5677, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
        • sh New Fork (PID: 5679, Parent: 5677)
        • pkill (PID: 5679, Parent: 5677, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 foAxi102kxe
        • sh New Fork (PID: 5680, Parent: 5677)
        • busybox (PID: 5680, Parent: 5677, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 foAxi102kxe
      • sh (PID: 5681, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
        • sh New Fork (PID: 5689, Parent: 5681)
        • pkill (PID: 5689, Parent: 5681, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 swodjwodjwoj
        • sh New Fork (PID: 5690, Parent: 5681)
        • busybox (PID: 5690, Parent: 5681, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 swodjwodjwoj
      • sh (PID: 5691, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
        • sh New Fork (PID: 5696, Parent: 5691)
        • pkill (PID: 5696, Parent: 5691, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MmKiy7f87l
        • sh New Fork (PID: 5699, Parent: 5691)
        • busybox (PID: 5699, Parent: 5691, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MmKiy7f87l
      • sh (PID: 5700, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
        • sh New Fork (PID: 5707, Parent: 5700)
        • pkill (PID: 5707, Parent: 5700, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 freecookiex86
        • sh New Fork (PID: 5708, Parent: 5700)
        • busybox (PID: 5708, Parent: 5700, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 freecookiex86
      • sh (PID: 5709, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
        • sh New Fork (PID: 5714, Parent: 5709)
        • pkill (PID: 5714, Parent: 5709, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysgpu
        • sh New Fork (PID: 5715, Parent: 5709)
        • busybox (PID: 5715, Parent: 5709, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysgpu
      • sh (PID: 5716, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
        • sh New Fork (PID: 5718, Parent: 5716)
        • pkill (PID: 5718, Parent: 5716, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd
        • sh New Fork (PID: 5722, Parent: 5716)
        • busybox (PID: 5722, Parent: 5716, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd
      • sh (PID: 5723, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgege || busybox pkill -9 frgege"
        • sh New Fork (PID: 5729, Parent: 5723)
        • pkill (PID: 5729, Parent: 5723, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgege
        • sh New Fork (PID: 5730, Parent: 5723)
        • busybox (PID: 5730, Parent: 5723, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgege
      • sh (PID: 5731, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
        • sh New Fork (PID: 5733, Parent: 5731)
        • pkill (PID: 5733, Parent: 5731, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysupdater
        • sh New Fork (PID: 5736, Parent: 5731)
        • busybox (PID: 5736, Parent: 5731, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysupdater
      • sh (PID: 5737, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
        • sh New Fork (PID: 5739, Parent: 5737)
        • pkill (PID: 5739, Parent: 5737, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0DnAzepd
        • sh New Fork (PID: 5740, Parent: 5737)
        • busybox (PID: 5740, Parent: 5737, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0DnAzepd
      • sh (PID: 5741, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
        • sh New Fork (PID: 5746, Parent: 5741)
        • pkill (PID: 5746, Parent: 5741, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRD0nks69
        • sh New Fork (PID: 5749, Parent: 5741)
        • busybox (PID: 5749, Parent: 5741, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRD0nks69
      • sh (PID: 5750, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
        • sh New Fork (PID: 5752, Parent: 5750)
        • pkill (PID: 5752, Parent: 5750, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgreu
        • sh New Fork (PID: 5753, Parent: 5750)
        • busybox (PID: 5753, Parent: 5750, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgreu
      • sh (PID: 5754, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
        • sh New Fork (PID: 5756, Parent: 5754)
        • pkill (PID: 5756, Parent: 5754, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 telnetd
        • sh New Fork (PID: 5759, Parent: 5754)
        • busybox (PID: 5759, Parent: 5754, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 telnetd
      • sh (PID: 5760, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
        • sh New Fork (PID: 5762, Parent: 5760)
        • pkill (PID: 5762, Parent: 5760, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0x766f6964
        • sh New Fork (PID: 5763, Parent: 5760)
        • busybox (PID: 5763, Parent: 5760, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0x766f6964
      • sh (PID: 5764, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
        • sh New Fork (PID: 5766, Parent: 5764)
        • pkill (PID: 5766, Parent: 5764, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRd0nks1337
        • sh New Fork (PID: 5769, Parent: 5764)
        • busybox (PID: 5769, Parent: 5764, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRd0nks1337
      • sh (PID: 5770, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 gaft || busybox pkill -9 gaft"
        • sh New Fork (PID: 5772, Parent: 5770)
        • pkill (PID: 5772, Parent: 5770, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 gaft
        • sh New Fork (PID: 5773, Parent: 5770)
        • busybox (PID: 5773, Parent: 5770, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 gaft
      • sh (PID: 5774, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
        • sh New Fork (PID: 5780, Parent: 5774)
        • pkill (PID: 5780, Parent: 5774, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 urasgbsigboa
        • sh New Fork (PID: 5783, Parent: 5774)
        • busybox (PID: 5783, Parent: 5774, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 urasgbsigboa
      • sh (PID: 5784, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
        • sh New Fork (PID: 5786, Parent: 5784)
        • pkill (PID: 5786, Parent: 5784, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 120i3UI49
        • sh New Fork (PID: 5787, Parent: 5784)
        • busybox (PID: 5787, Parent: 5784, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 120i3UI49
      • sh (PID: 5788, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
        • sh New Fork (PID: 5794, Parent: 5788)
        • pkill (PID: 5794, Parent: 5788, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OaF3
        • sh New Fork (PID: 5798, Parent: 5788)
        • busybox (PID: 5798, Parent: 5788, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OaF3
      • sh (PID: 5799, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 geae || busybox pkill -9 geae"
        • sh New Fork (PID: 5803, Parent: 5799)
        • pkill (PID: 5803, Parent: 5799, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 geae
        • sh New Fork (PID: 5805, Parent: 5799)
        • busybox (PID: 5805, Parent: 5799, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 geae
      • sh (PID: 5806, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
        • sh New Fork (PID: 5808, Parent: 5806)
        • pkill (PID: 5808, Parent: 5806, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 vaiolmao
        • sh New Fork (PID: 5809, Parent: 5806)
        • busybox (PID: 5809, Parent: 5806, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 vaiolmao
      • sh (PID: 5812, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 123123a || busybox pkill -9 123123a"
        • sh New Fork (PID: 5814, Parent: 5812)
        • pkill (PID: 5814, Parent: 5812, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 123123a
        • sh New Fork (PID: 5815, Parent: 5812)
        • busybox (PID: 5815, Parent: 5812, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 123123a
      • sh (PID: 5816, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
        • sh New Fork (PID: 5821, Parent: 5816)
        • pkill (PID: 5821, Parent: 5816, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 Ofurain0n4H34D
        • sh New Fork (PID: 5822, Parent: 5816)
        • busybox (PID: 5822, Parent: 5816, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 Ofurain0n4H34D
      • sh (PID: 5825, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
        • sh New Fork (PID: 5827, Parent: 5825)
        • pkill (PID: 5827, Parent: 5825, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggTrex
        • sh New Fork (PID: 5828, Parent: 5825)
        • busybox (PID: 5828, Parent: 5825, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggTrex
      • sh (PID: 5829, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 wasads || busybox pkill -9 wasads"
        • sh New Fork (PID: 5831, Parent: 5829)
        • pkill (PID: 5831, Parent: 5829, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wasads
        • sh New Fork (PID: 5832, Parent: 5829)
        • busybox (PID: 5832, Parent: 5829, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wasads
      • sh (PID: 5835, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
        • sh New Fork (PID: 5841, Parent: 5835)
        • pkill (PID: 5841, Parent: 5835, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1293194hjXD
        • sh New Fork (PID: 5842, Parent: 5835)
        • busybox (PID: 5842, Parent: 5835, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1293194hjXD
      • sh (PID: 5843, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
        • sh New Fork (PID: 5845, Parent: 5843)
        • pkill (PID: 5845, Parent: 5843, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OthLaLosn
        • sh New Fork (PID: 5846, Parent: 5843)
        • busybox (PID: 5846, Parent: 5843, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OthLaLosn
      • sh (PID: 5847, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggt || busybox pkill -9 ggt"
        • sh New Fork (PID: 5849, Parent: 5847)
        • pkill (PID: 5849, Parent: 5847, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggt
        • sh New Fork (PID: 5852, Parent: 5847)
        • busybox (PID: 5852, Parent: 5847, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggt
      • sh (PID: 5853, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
        • sh New Fork (PID: 5858, Parent: 5853)
        • pkill (PID: 5858, Parent: 5853, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wget-log
        • sh New Fork (PID: 5861, Parent: 5853)
        • busybox (PID: 5861, Parent: 5853, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wget-log
      • sh (PID: 5862, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
        • sh New Fork (PID: 5864, Parent: 5862)
        • pkill (PID: 5864, Parent: 5862, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1337SoraLOADER
        • sh New Fork (PID: 5867, Parent: 5862)
        • busybox (PID: 5867, Parent: 5862, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1337SoraLOADER
      • sh (PID: 5868, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
        • sh New Fork (PID: 5873, Parent: 5868)
        • pkill (PID: 5873, Parent: 5868, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKINA
        • sh New Fork (PID: 5874, Parent: 5868)
        • busybox (PID: 5874, Parent: 5868, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKINA
      • sh (PID: 5875, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
        • sh New Fork (PID: 5881, Parent: 5875)
        • pkill (PID: 5881, Parent: 5875, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtq
        • sh New Fork (PID: 5885, Parent: 5875)
        • busybox (PID: 5885, Parent: 5875, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtq
      • sh (PID: 5886, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
        • sh New Fork (PID: 5888, Parent: 5886)
        • pkill (PID: 5888, Parent: 5886, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1378bfp919GRB1Q2
        • sh New Fork (PID: 5889, Parent: 5886)
        • busybox (PID: 5889, Parent: 5886, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1378bfp919GRB1Q2
      • sh (PID: 5890, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
        • sh New Fork (PID: 5895, Parent: 5890)
        • pkill (PID: 5895, Parent: 5890, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKUSO
        • sh New Fork (PID: 5898, Parent: 5890)
        • busybox (PID: 5898, Parent: 5890, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKUSO
      • sh (PID: 5899, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
        • sh New Fork (PID: 5901, Parent: 5899)
        • pkill (PID: 5901, Parent: 5899, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtr
        • sh New Fork (PID: 5902, Parent: 5899)
        • busybox (PID: 5902, Parent: 5899, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtr
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
yakuza.ppc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    yakuza.ppc.elfLinux_Trojan_Tsunami_8a11f9beunknownunknown
    • 0x17f99:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
    • 0x1864d:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmpLinux_Trojan_Tsunami_8a11f9beunknownunknown
      • 0x17f99:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
      • 0x1864d:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
      Process Memory Space: yakuza.ppc.elf PID: 5527Linux_Trojan_Tsunami_8a11f9beunknownunknown
      • 0x54f0:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
      • 0x5601:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
      • 0x5c3e:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: yakuza.ppc.elfReversingLabs: Detection: 57%
      Source: /usr/bin/pkill (PID: 5541)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5550)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5557)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5566)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5570)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5584)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5590)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5616)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5622)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5626)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5637)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5644)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5653)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5659)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5669)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5673)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5679)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5689)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5696)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5707)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5714)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5718)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5729)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5733)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5739)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5746)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5752)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5756)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5762)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5766)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5772)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5780)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5786)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5794)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5803)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5808)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5814)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5821)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5827)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5831)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5841)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5845)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5849)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5858)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5864)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5873)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5881)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5888)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5895)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5901)Reads CPU info from /sys: /sys/devices/system/cpu/online

      Networking

      barindex
      Uses IRC for communication with a C&C
      Source: unknownIRC traffic detected: 192.168.2.15:50306 -> 95.234.158.87:6780 NICK [OSX|POWERPC]LOwa USER LOwa localhost localhost :LOwa
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: IRC traffic on port 50306 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50308 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50310 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50312 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50314 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50316 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50318 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50320 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50322 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50324 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50326 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50328 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50330 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50332 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50334 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50336 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50340 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50342 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50344 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50346 -> 6780
      Source: global trafficTCP traffic: 192.168.2.15:50306 -> 95.234.158.87:6780
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: unknownTCP traffic detected without corresponding DNS query: 95.234.158.87
      Source: yakuza.ppc.elfString found in binary or memory: http://linux-it.abuser.eu/yak.sh;
      Source: yakuza.ppc.elfString found in binary or memory: https://youtu.be/dQw4w9WgXcQ
      Source: yakuza.ppc.elfString found in binary or memory: https://youtu.be/dQw4w9WgXcQNever

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: yakuza.ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
      Source: 5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
      Source: Process Memory Space: yakuza.ppc.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
      Source: yakuza.ppc.elfELF static info symbol of initial sample: passwords
      Source: yakuza.ppc.elfELF static info symbol of initial sample: usernames
      Source: Initial sampleString containing 'busybox' found: busybox
      Source: Initial sampleString containing 'busybox' found: pkill -9 %s || busybox pkill -9 %s
      Source: Initial sampleString containing 'busybox' found: pkill -9 %s || busybox pkill -9 %shistory -c;history -wcd /root;rm -f .bash_historycd /var/tmp; rm -f *NOTICE %s :MOVE <server>
      Source: Initial sampleString containing potential weak password found: guest
      Source: Initial sampleString containing potential weak password found: default
      Source: Initial sampleString containing potential weak password found: admin
      Source: Initial sampleString containing potential weak password found: supervisor
      Source: Initial sampleString containing potential weak password found: service
      Source: Initial sampleString containing potential weak password found: administrator
      Source: Initial sampleString containing potential weak password found: support
      Source: Initial sampleString containing potential weak password found: 123456
      Source: Initial sampleString containing potential weak password found: password
      Source: Initial sampleString containing potential weak password found: 12345
      Source: yakuza.ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
      Source: 5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
      Source: Process Memory Space: yakuza.ppc.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
      Source: classification engineClassification label: mal72.troj.linELF@0/0@0/0
      Source: yakuza.ppc.elfELF static info symbol of initial sample: libc/sysdeps/linux/powerpc/brk.S
      Source: yakuza.ppc.elfELF static info symbol of initial sample: libc/sysdeps/linux/powerpc/crt1.S
      Source: yakuza.ppc.elfELF static info symbol of initial sample: libc/sysdeps/linux/powerpc/crti.S
      Source: yakuza.ppc.elfELF static info symbol of initial sample: libc/sysdeps/linux/powerpc/crtn.S
      Source: yakuza.ppc.elfELF static info symbol of initial sample: libc/sysdeps/linux/powerpc/vfork.S
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/110/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/110/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/231/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/231/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/111/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/111/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/112/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/112/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/233/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/233/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/113/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/113/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/114/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/114/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/235/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/235/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/115/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/115/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1333/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1333/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/116/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/116/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1695/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1695/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/117/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/117/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/118/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/118/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/119/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/119/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/911/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/911/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/914/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/914/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/10/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/10/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/917/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/917/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/11/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/11/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/12/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/12/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/13/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/13/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/14/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/14/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/15/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/15/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/16/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/16/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/17/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/17/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/18/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/18/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/19/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/19/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1591/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1591/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/120/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/120/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/121/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/121/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/122/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/122/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/243/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/243/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/2/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/2/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/123/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/123/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/3/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/3/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/124/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/124/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1588/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1588/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/125/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/125/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/4/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/4/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/246/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/246/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/126/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/126/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/5/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/5/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/127/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/127/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/6/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/6/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1585/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/1585/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/128/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/128/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/7/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/7/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/129/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/129/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/8/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/8/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/800/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/800/cmdline
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/9/status
      Source: /usr/bin/pkill (PID: 5780)File opened: /proc/9/cmdline
      Source: /tmp/yakuza.ppc.elf (PID: 5535)Shell command executed: sh -c "pkill -9 902i13 || busybox pkill -9 902i13"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5545)Shell command executed: sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5552)Shell command executed: sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5561)Shell command executed: sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5568)Shell command executed: sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5574)Shell command executed: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5578)Shell command executed: sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5588)Shell command executed: sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5611)Shell command executed: sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5620)Shell command executed: sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5624)Shell command executed: sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5631)Shell command executed: sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5639)Shell command executed: sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5648)Shell command executed: sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5655)Shell command executed: sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"Jump to behavior
      Source: /tmp/yakuza.ppc.elf (PID: 5664)Shell command executed: sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
      Source: /tmp/yakuza.ppc.elf (PID: 5671)Shell command executed: sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
      Source: /tmp/yakuza.ppc.elf (PID: 5677)Shell command executed: sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
      Source: /tmp/yakuza.ppc.elf (PID: 5681)Shell command executed: sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
      Source: /tmp/yakuza.ppc.elf (PID: 5691)Shell command executed: sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
      Source: /tmp/yakuza.ppc.elf (PID: 5700)Shell command executed: sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
      Source: /tmp/yakuza.ppc.elf (PID: 5709)Shell command executed: sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
      Source: /tmp/yakuza.ppc.elf (PID: 5716)Shell command executed: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
      Source: /tmp/yakuza.ppc.elf (PID: 5723)Shell command executed: sh -c "pkill -9 frgege || busybox pkill -9 frgege"
      Source: /tmp/yakuza.ppc.elf (PID: 5731)Shell command executed: sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
      Source: /tmp/yakuza.ppc.elf (PID: 5737)Shell command executed: sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
      Source: /tmp/yakuza.ppc.elf (PID: 5741)Shell command executed: sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
      Source: /tmp/yakuza.ppc.elf (PID: 5750)Shell command executed: sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
      Source: /tmp/yakuza.ppc.elf (PID: 5754)Shell command executed: sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
      Source: /tmp/yakuza.ppc.elf (PID: 5760)Shell command executed: sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
      Source: /tmp/yakuza.ppc.elf (PID: 5764)Shell command executed: sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
      Source: /tmp/yakuza.ppc.elf (PID: 5770)Shell command executed: sh -c "pkill -9 gaft || busybox pkill -9 gaft"
      Source: /tmp/yakuza.ppc.elf (PID: 5774)Shell command executed: sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
      Source: /tmp/yakuza.ppc.elf (PID: 5784)Shell command executed: sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
      Source: /tmp/yakuza.ppc.elf (PID: 5788)Shell command executed: sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
      Source: /tmp/yakuza.ppc.elf (PID: 5799)Shell command executed: sh -c "pkill -9 geae || busybox pkill -9 geae"
      Source: /tmp/yakuza.ppc.elf (PID: 5806)Shell command executed: sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
      Source: /tmp/yakuza.ppc.elf (PID: 5812)Shell command executed: sh -c "pkill -9 123123a || busybox pkill -9 123123a"
      Source: /tmp/yakuza.ppc.elf (PID: 5816)Shell command executed: sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
      Source: /tmp/yakuza.ppc.elf (PID: 5825)Shell command executed: sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
      Source: /tmp/yakuza.ppc.elf (PID: 5829)Shell command executed: sh -c "pkill -9 wasads || busybox pkill -9 wasads"
      Source: /tmp/yakuza.ppc.elf (PID: 5835)Shell command executed: sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
      Source: /tmp/yakuza.ppc.elf (PID: 5843)Shell command executed: sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
      Source: /tmp/yakuza.ppc.elf (PID: 5847)Shell command executed: sh -c "pkill -9 ggt || busybox pkill -9 ggt"
      Source: /tmp/yakuza.ppc.elf (PID: 5853)Shell command executed: sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
      Source: /tmp/yakuza.ppc.elf (PID: 5862)Shell command executed: sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
      Source: /tmp/yakuza.ppc.elf (PID: 5868)Shell command executed: sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
      Source: /tmp/yakuza.ppc.elf (PID: 5875)Shell command executed: sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
      Source: /tmp/yakuza.ppc.elf (PID: 5886)Shell command executed: sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
      Source: /tmp/yakuza.ppc.elf (PID: 5890)Shell command executed: sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
      Source: /tmp/yakuza.ppc.elf (PID: 5899)Shell command executed: sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
      Source: /bin/sh (PID: 5541)Pkill executable: /usr/bin/pkill -> pkill -9 902i13Jump to behavior
      Source: /bin/sh (PID: 5550)Pkill executable: /usr/bin/pkill -> pkill -9 BzSxLxBxeYJump to behavior
      Source: /bin/sh (PID: 5557)Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-LUGO7Jump to behavior
      Source: /bin/sh (PID: 5566)Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-U79OLJump to behavior
      Source: /bin/sh (PID: 5570)Pkill executable: /usr/bin/pkill -> pkill -9 JuYfouyf87Jump to behavior
      Source: /bin/sh (PID: 5576)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xdJump to behavior
      Source: /bin/sh (PID: 5584)Pkill executable: /usr/bin/pkill -> pkill -9 SO190Ij1XJump to behavior
      Source: /bin/sh (PID: 5590)Pkill executable: /usr/bin/pkill -> pkill -9 LOLKIKEEEDDEJump to behavior
      Source: /bin/sh (PID: 5616)Pkill executable: /usr/bin/pkill -> pkill -9 ekjheory98eJump to behavior
      Source: /bin/sh (PID: 5622)Pkill executable: /usr/bin/pkill -> pkill -9 scansh4Jump to behavior
      Source: /bin/sh (PID: 5626)Pkill executable: /usr/bin/pkill -> pkill -9 MDMAJump to behavior
      Source: /bin/sh (PID: 5637)Pkill executable: /usr/bin/pkill -> pkill -9 fdevalvexJump to behavior
      Source: /bin/sh (PID: 5644)Pkill executable: /usr/bin/pkill -> pkill -9 scanspcJump to behavior
      Source: /bin/sh (PID: 5653)Pkill executable: /usr/bin/pkill -> pkill -9 MELTEDNINJAREALZJump to behavior
      Source: /bin/sh (PID: 5659)Pkill executable: /usr/bin/pkill -> pkill -9 flexsonskidsJump to behavior
      Source: /bin/sh (PID: 5669)Pkill executable: /usr/bin/pkill -> pkill -9 scanx86
      Source: /bin/sh (PID: 5673)Pkill executable: /usr/bin/pkill -> pkill -9 MISAKI-U79OL
      Source: /bin/sh (PID: 5679)Pkill executable: /usr/bin/pkill -> pkill -9 foAxi102kxe
      Source: /bin/sh (PID: 5689)Pkill executable: /usr/bin/pkill -> pkill -9 swodjwodjwoj
      Source: /bin/sh (PID: 5696)Pkill executable: /usr/bin/pkill -> pkill -9 MmKiy7f87l
      Source: /bin/sh (PID: 5707)Pkill executable: /usr/bin/pkill -> pkill -9 freecookiex86
      Source: /bin/sh (PID: 5714)Pkill executable: /usr/bin/pkill -> pkill -9 sysgpu
      Source: /bin/sh (PID: 5718)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
      Source: /bin/sh (PID: 5729)Pkill executable: /usr/bin/pkill -> pkill -9 frgege
      Source: /bin/sh (PID: 5733)Pkill executable: /usr/bin/pkill -> pkill -9 sysupdater
      Source: /bin/sh (PID: 5739)Pkill executable: /usr/bin/pkill -> pkill -9 0DnAzepd
      Source: /bin/sh (PID: 5746)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRD0nks69
      Source: /bin/sh (PID: 5752)Pkill executable: /usr/bin/pkill -> pkill -9 frgreu
      Source: /bin/sh (PID: 5756)Pkill executable: /usr/bin/pkill -> pkill -9 telnetd
      Source: /bin/sh (PID: 5762)Pkill executable: /usr/bin/pkill -> pkill -9 0x766f6964
      Source: /bin/sh (PID: 5766)Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRd0nks1337
      Source: /bin/sh (PID: 5772)Pkill executable: /usr/bin/pkill -> pkill -9 gaft
      Source: /bin/sh (PID: 5780)Pkill executable: /usr/bin/pkill -> pkill -9 urasgbsigboa
      Source: /bin/sh (PID: 5786)Pkill executable: /usr/bin/pkill -> pkill -9 120i3UI49
      Source: /bin/sh (PID: 5794)Pkill executable: /usr/bin/pkill -> pkill -9 OaF3
      Source: /bin/sh (PID: 5803)Pkill executable: /usr/bin/pkill -> pkill -9 geae
      Source: /bin/sh (PID: 5808)Pkill executable: /usr/bin/pkill -> pkill -9 vaiolmao
      Source: /bin/sh (PID: 5814)Pkill executable: /usr/bin/pkill -> pkill -9 123123a
      Source: /bin/sh (PID: 5821)Pkill executable: /usr/bin/pkill -> pkill -9 Ofurain0n4H34D
      Source: /bin/sh (PID: 5827)Pkill executable: /usr/bin/pkill -> pkill -9 ggTrex
      Source: /bin/sh (PID: 5831)Pkill executable: /usr/bin/pkill -> pkill -9 wasads
      Source: /bin/sh (PID: 5841)Pkill executable: /usr/bin/pkill -> pkill -9 1293194hjXD
      Source: /bin/sh (PID: 5845)Pkill executable: /usr/bin/pkill -> pkill -9 OthLaLosn
      Source: /bin/sh (PID: 5849)Pkill executable: /usr/bin/pkill -> pkill -9 ggt
      Source: /bin/sh (PID: 5858)Pkill executable: /usr/bin/pkill -> pkill -9 wget-log
      Source: /bin/sh (PID: 5864)Pkill executable: /usr/bin/pkill -> pkill -9 1337SoraLOADER
      Source: /bin/sh (PID: 5873)Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKINA
      Source: /bin/sh (PID: 5881)Pkill executable: /usr/bin/pkill -> pkill -9 ggtq
      Source: /bin/sh (PID: 5888)Pkill executable: /usr/bin/pkill -> pkill -9 1378bfp919GRB1Q2
      Source: /bin/sh (PID: 5895)Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKUSO
      Source: /bin/sh (PID: 5901)Pkill executable: /usr/bin/pkill -> pkill -9 ggtr

      Hooking and other Techniques for Hiding and Protection

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: IRC traffic on port 50306 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50308 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50310 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50312 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50314 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50316 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50318 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50320 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50322 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50324 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50326 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50328 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50330 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50332 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50334 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50336 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50338 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50340 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50342 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50344 -> 6780
      Source: unknownNetwork traffic detected: IRC traffic on port 50346 -> 6780
      Source: /usr/bin/pkill (PID: 5541)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5550)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5557)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5566)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5570)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5576)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5584)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5590)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5616)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5622)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5626)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5637)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5644)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5653)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 5659)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5669)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5673)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5679)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5689)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5696)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5707)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5714)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5718)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5729)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5733)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5739)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5746)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5752)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5756)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5762)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5766)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5772)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5780)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5786)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5794)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5803)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5808)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5814)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5821)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5827)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5831)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5841)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5845)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5849)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5858)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5864)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5873)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5881)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5888)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5895)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /usr/bin/pkill (PID: 5901)Reads CPU info from /sys: /sys/devices/system/cpu/online
      Source: /tmp/yakuza.ppc.elf (PID: 5527)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5542)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5551)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5560)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5567)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5573)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5577)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5587)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5610)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5619)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5623)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5630)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5638)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5647)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5654)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/busybox (PID: 5663)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5670)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5676)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5680)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5690)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5699)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5708)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5715)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5722)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5730)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5736)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5740)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5749)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5753)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5759)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5763)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5769)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5773)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5783)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5787)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5798)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5805)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5809)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5815)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5822)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5828)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5832)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5842)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5846)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5852)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5861)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5867)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5874)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5885)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5889)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5898)Queries kernel information via 'uname':
      Source: /usr/bin/busybox (PID: 5902)Queries kernel information via 'uname':
      Source: yakuza.ppc.elf, 5527.1.000056276488d000.000056276493d000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
      Source: yakuza.ppc.elf, 5527.1.000056276488d000.000056276493d000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
      Source: yakuza.ppc.elf, 5527.1.00007ffd37094000.00007ffd370b5000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc
      Source: yakuza.ppc.elf, 5527.1.00007ffd37094000.00007ffd370b5000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/yakuza.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yakuza.ppc.elf

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: yakuza.ppc.elf, type: SAMPLE
      Source: Yara matchFile source: 5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmp, type: MEMORY
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
      Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
      Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
      Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
      Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
      Source: Initial sampleUser agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
      Source: Initial sampleUser agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: yakuza.ppc.elf, type: SAMPLE
      Source: Yara matchFile source: 5527.1.00007f4f4c001000.00007f4f4c01c000.r-x.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting      		Valid AccountsWindows Management Instrumentation1
      Scripting      		Path Interception1
      Masquerading      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local System1
      Data Obfuscation      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools      		1
      Brute Force      		1
      System Information Discovery      		Remote Desktop ProtocolData from Removable Media11
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561402 Sample: yakuza.ppc.elf Startdate: 23/11/2024 Architecture: LINUX Score: 72 39 95.234.158.87, 50306, 50308, 50310 ASN-IBSNAZIT Italy 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 Yara detected Mirai 2->45 47 2 other signatures 2->47 9 yakuza.ppc.elf 2->9         started        signatures3 process4 process5 11 yakuza.ppc.elf 9->11         started        process6 13 yakuza.ppc.elf sh 11->13         started        15 yakuza.ppc.elf sh 11->15         started        17 yakuza.ppc.elf sh 11->17         started        19 50 other processes 11->19 process7 21 sh pkill 13->21         started        23 sh busybox 13->23         started        25 sh pkill 15->25         started        27 sh busybox 15->27         started        29 sh pkill 17->29         started        31 sh busybox 17->31         started        33 sh pkill 19->33         started        35 sh busybox 19->35         started        37 94 other processes 19->37

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      yakuza.ppc.elf58%ReversingLabsLinux.Trojan.Tsunami

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://youtu.be/dQw4w9WgXcQyakuza.ppc.elffalse
        		high
        http://linux-it.abuser.eu/yak.sh;yakuza.ppc.elffalse
          		unknown
          https://youtu.be/dQw4w9WgXcQNeveryakuza.ppc.elffalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            95.234.158.87
            		unknownItaly
            		3269ASN-IBSNAZITtrue

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ASN-IBSNAZITsparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
            • 131.1.112.117
            sh4.elfGet hashmaliciousMirai, MoobotBrowse
            • 79.16.25.108
            mpsl.elfGet hashmaliciousMirai, MoobotBrowse
            • 95.224.165.124
            powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
            • 79.58.184.246
            mips.elfGet hashmaliciousMirai, MoobotBrowse
            • 79.39.13.191
            arm.elfGet hashmaliciousMirai, MoobotBrowse
            • 2.114.140.56
            m68k.elfGet hashmaliciousMirai, MoobotBrowse
            • 87.16.92.237
            arm7.elfGet hashmaliciousMirai, MoobotBrowse
            • 95.235.74.87
            x86.elfGet hashmaliciousMirai, MoobotBrowse
            • 80.181.217.0
            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
            • 79.62.54.196

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
            Entropy (8bit):6.185572616656928
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:yakuza.ppc.elf
            File size:143'381 bytes
            MD5:79634876f190036b8b502b18ec19091d
            SHA1:ec5522c01efaede1145fe409c27446e900c48d70
            SHA256:b6fa1de9fec1861ce91022f270fa05bada43174ea8b35aca238e330ead60c0b8
            SHA512:de3fc62b800f0ac144da2c910ba592fd9a62f0186b8a194045fb21f08b5452cc6656c677de082fd2e03799c6073761a332884883cf03e311e42da40f053dea09
            SSDEEP:3072:U+ReIrBUY6pjjhLkmXoyYurYqtW19nvvWnDf4urTpzI:UGeIrWYofhA8rYqInvvWnDf4urTpzI
            TLSH:B2E35B9B6B0D1767C1BB1AF12DB727F087ADFA61016621C4A40DFFC01372A70661AF99
            File Content Preview:.ELF...........................4...h.....4. ...(.......................T...T........................................dt.Q.............................!..|......$H...H.U....$8!. |...N.. .!..|.......?..........P..../...@..\?........+../...A..$8...})......N..

            Static ELF Info

            ELF header

            Class:ELF32
            Data:2's complement, big endian
            Version:1 (current)
            Machine:PowerPC
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x100001f0
            Flags:0x0
            ELF Header Size:52
            Program Header Offset:52
            Program Header Size:32
            Number of Program Headers:3
            Section Header Offset:117608
            Section Header Size:40
            Number of Section Headers:17
            Header String Table Index:14

            Sections

            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x100000940x940x240x00x6AX004
            .textPROGBITS0x100000b80xb80x156540x00x6AX004
            .finiPROGBITS0x1001570c0x1570c0x200x00x6AX004
            .rodataPROGBITS0x100157300x157300x58200x00x2A008
            .eh_framePROGBITS0x1001af500x1af500x40x00x2A004
            .ctorsPROGBITS0x1002b0000x1b0000x80x00x3WA004
            .dtorsPROGBITS0x1002b0080x1b0080x80x00x3WA004
            .jcrPROGBITS0x1002b0100x1b0100x40x00x3WA004
            .dataPROGBITS0x1002b0180x1b0180xd180x00x3WA008
            .sdataPROGBITS0x1002bd300x1bd300x680x00x3WA004
            .sbssNOBITS0x1002bd980x1bd980xb80x00x3WA004
            .bssNOBITS0x1002be500x1bd980x77380x00x3WA004
            .commentPROGBITS0x00x1bd980xd5c0x00x0001
            .shstrtabSTRTAB0x00x1caf40x730x00x0001
            .symtabSYMTAB0x00x1ce100x38700x100x0163014
            .strtabSTRTAB0x00x206800x29950x00x0001

            Program Segments

            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x100000000x100000000x1af540x1af546.24060x5R E0x10000.init .text .fini .rodata .eh_frame
            LOAD0x1b0000x1002b0000x1002b0000xd980x85884.54340x6RW 0x10000.ctors .dtors .jcr .data .sdata .sbss .bss
            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

            Symbols

            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            .symtab0x100000940SECTION<unknown>DEFAULT1
            .symtab0x100000b80SECTION<unknown>DEFAULT2
            .symtab0x1001570c0SECTION<unknown>DEFAULT3
            .symtab0x100157300SECTION<unknown>DEFAULT4
            .symtab0x1001af500SECTION<unknown>DEFAULT5
            .symtab0x1002b0000SECTION<unknown>DEFAULT6
            .symtab0x1002b0080SECTION<unknown>DEFAULT7
            .symtab0x1002b0100SECTION<unknown>DEFAULT8
            .symtab0x1002b0180SECTION<unknown>DEFAULT9
            .symtab0x1002bd300SECTION<unknown>DEFAULT10
            .symtab0x1002bd980SECTION<unknown>DEFAULT11
            .symtab0x1002be500SECTION<unknown>DEFAULT12
            .symtab0x00SECTION<unknown>DEFAULT13
            .symtab0x00SECTION<unknown>DEFAULT14
            .symtab0x00SECTION<unknown>DEFAULT15
            .symtab0x00SECTION<unknown>DEFAULT16
            C.71.5596.symtab0x100175f836OBJECT<unknown>DEFAULT4
            C.89.5815.symtab0x10017c70312OBJECT<unknown>DEFAULT4
            C.96.5912.symtab0x10017e1c12OBJECT<unknown>DEFAULT4
            ClearHistory.symtab0x1000790c80FUNC<unknown>DEFAULT2
            HTTP.symtab0x10002dc4396FUNC<unknown>DEFAULT2
            Q.symtab0x1002c26c16384OBJECT<unknown>DEFAULT12
            Send.symtab0x10000530212FUNC<unknown>DEFAULT2
            UserAgents.symtab0x1002b338144OBJECT<unknown>DEFAULT9
            _352.symtab0x1000923840FUNC<unknown>DEFAULT2
            _376.symtab0x1000912c188FUNC<unknown>DEFAULT2
            _433.symtab0x10009260108FUNC<unknown>DEFAULT2
            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            _NICK.symtab0x100092cc300FUNC<unknown>DEFAULT2
            _PING.symtab0x100091e880FUNC<unknown>DEFAULT2
            _PRIVMSG.symtab0x100084e03148FUNC<unknown>DEFAULT2
            _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _SDA_BASE_.symtab0x10033d300NOTYPE<unknown>DEFAULT10
            _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __CTOR_END__.symtab0x1002b0040OBJECT<unknown>DEFAULT6
            __CTOR_LIST__.symtab0x1002b0000OBJECT<unknown>DEFAULT6
            __C_ctype_b.symtab0x1002bd884OBJECT<unknown>DEFAULT10
            __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_b_data.symtab0x1001a836768OBJECT<unknown>DEFAULT4
            __C_ctype_tolower.symtab0x1002bd904OBJECT<unknown>DEFAULT10
            __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_tolower_data.symtab0x1001ab36768OBJECT<unknown>DEFAULT4
            __C_ctype_toupper.symtab0x1002bd5c4OBJECT<unknown>DEFAULT10
            __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_toupper_data.symtab0x100195a8768OBJECT<unknown>DEFAULT4
            __DTOR_END__.symtab0x1002b00c0OBJECT<unknown>DEFAULT7
            __DTOR_LIST__.symtab0x1002b0080OBJECT<unknown>DEFAULT7
            __EH_FRAME_BEGIN__.symtab0x1001af500OBJECT<unknown>DEFAULT5
            __FRAME_END__.symtab0x1001af500OBJECT<unknown>DEFAULT5
            __GI___C_ctype_b.symtab0x1002bd884OBJECT<unknown>HIDDEN10
            __GI___C_ctype_b_data.symtab0x1001a836768OBJECT<unknown>HIDDEN4
            __GI___C_ctype_tolower.symtab0x1002bd904OBJECT<unknown>HIDDEN10
            __GI___C_ctype_tolower_data.symtab0x1001ab36768OBJECT<unknown>HIDDEN4
            __GI___C_ctype_toupper.symtab0x1002bd5c4OBJECT<unknown>HIDDEN10
            __GI___C_ctype_toupper_data.symtab0x100195a8768OBJECT<unknown>HIDDEN4
            __GI___ctype_b.symtab0x1002bd8c4OBJECT<unknown>HIDDEN10
            __GI___ctype_tolower.symtab0x1002bd944OBJECT<unknown>HIDDEN10
            __GI___ctype_toupper.symtab0x1002bd604OBJECT<unknown>HIDDEN10
            __GI___errno_location.symtab0x1000aa1012FUNC<unknown>HIDDEN2
            __GI___fgetc_unlocked.symtab0x1001235c312FUNC<unknown>HIDDEN2
            __GI___fputc_unlocked.symtab0x1000cde4292FUNC<unknown>HIDDEN2
            __GI___glibc_strerror_r.symtab0x1000d4d848FUNC<unknown>HIDDEN2
            __GI___h_errno_location.symtab0x100115f812FUNC<unknown>HIDDEN2
            __GI___libc_fcntl.symtab0x1000a404132FUNC<unknown>HIDDEN2
            __GI___libc_fcntl64.symtab0x1000a488100FUNC<unknown>HIDDEN2
            __GI___libc_open.symtab0x100113d8120FUNC<unknown>HIDDEN2
            __GI___uClibc_fini.symtab0x10010d18148FUNC<unknown>HIDDEN2
            __GI___uClibc_init.symtab0x10010e18128FUNC<unknown>HIDDEN2
            __GI___xpg_strerror_r.symtab0x1000d508268FUNC<unknown>HIDDEN2
            __GI__exit.symtab0x1001115c60FUNC<unknown>HIDDEN2
            __GI_abort.symtab0x1001454c336FUNC<unknown>HIDDEN2
            __GI_accept.symtab0x1000f6f452FUNC<unknown>HIDDEN2
            __GI_asprintf.symtab0x1000acf0128FUNC<unknown>HIDDEN2
            __GI_atoi.symtab0x100105e012FUNC<unknown>HIDDEN2
            __GI_atol.symtab0x100105e012FUNC<unknown>HIDDEN2
            __GI_bind.symtab0x1000f72852FUNC<unknown>HIDDEN2
            __GI_brk.symtab0x100146ec52FUNC<unknown>HIDDEN2
            __GI_chdir.symtab0x1000a4ec72FUNC<unknown>HIDDEN2
            __GI_clock_getres.symtab0x1001119872FUNC<unknown>HIDDEN2
            __GI_close.symtab0x1000a53472FUNC<unknown>HIDDEN2
            __GI_connect.symtab0x1000f75c52FUNC<unknown>HIDDEN2
            __GI_dup2.symtab0x100111e072FUNC<unknown>HIDDEN2
            __GI_endservent.symtab0x10012c10128FUNC<unknown>HIDDEN2
            __GI_errno.symtab0x1002be204OBJECT<unknown>HIDDEN11
            __GI_execl.symtab0x10010834308FUNC<unknown>HIDDEN2
            __GI_execve.symtab0x1001122872FUNC<unknown>HIDDEN2
            __GI_exit.symtab0x100107b0132FUNC<unknown>HIDDEN2
            __GI_fclose.symtab0x1000aa1c332FUNC<unknown>HIDDEN2
            __GI_fcntl.symtab0x1000a404132FUNC<unknown>HIDDEN2
            __GI_fcntl64.symtab0x1000a488100FUNC<unknown>HIDDEN2
            __GI_fdopen.symtab0x1001173c100FUNC<unknown>HIDDEN2
            __GI_fflush_unlocked.symtab0x1000cb70432FUNC<unknown>HIDDEN2
            __GI_fgetc_unlocked.symtab0x1001235c312FUNC<unknown>HIDDEN2
            __GI_fgets.symtab0x1000c864148FUNC<unknown>HIDDEN2
            __GI_fgets_unlocked.symtab0x1000cd20196FUNC<unknown>HIDDEN2
            __GI_fopen.symtab0x1000ab6812FUNC<unknown>HIDDEN2
            __GI_fork.symtab0x1000a57c72FUNC<unknown>HIDDEN2
            __GI_fprintf.symtab0x1000ac70128FUNC<unknown>HIDDEN2
            __GI_fputc.symtab0x1000c8f8204FUNC<unknown>HIDDEN2
            __GI_fputs.symtab0x1000c9c4140FUNC<unknown>HIDDEN2
            __GI_fputs_unlocked.symtab0x1000cf0892FUNC<unknown>HIDDEN2
            __GI_freeaddrinfo.symtab0x1000e5dc64FUNC<unknown>HIDDEN2
            __GI_fseek.symtab0x1001476816FUNC<unknown>HIDDEN2
            __GI_fseeko64.symtab0x10014808284FUNC<unknown>HIDDEN2
            __GI_fwrite_unlocked.symtab0x1000cf64184FUNC<unknown>HIDDEN2
            __GI_getaddrinfo.symtab0x1000e61c756FUNC<unknown>HIDDEN2
            __GI_getc_unlocked.symtab0x1001235c312FUNC<unknown>HIDDEN2
            __GI_getcwd.symtab0x1000a5c4256FUNC<unknown>HIDDEN2
            __GI_getdtablesize.symtab0x1000a6c456FUNC<unknown>HIDDEN2
            __GI_getegid.symtab0x1001127072FUNC<unknown>HIDDEN2
            __GI_geteuid.symtab0x100112b872FUNC<unknown>HIDDEN2
            __GI_getgid.symtab0x1001130072FUNC<unknown>HIDDEN2
            __GI_gethostbyaddr_r.symtab0x1000f3bc824FUNC<unknown>HIDDEN2
            __GI_gethostbyname2_r.symtab0x1000f0e4728FUNC<unknown>HIDDEN2
            __GI_gethostbyname_r.symtab0x10013f90836FUNC<unknown>HIDDEN2
            __GI_getpagesize.symtab0x1000a6fc28FUNC<unknown>HIDDEN2
            __GI_getpid.symtab0x1000a71872FUNC<unknown>HIDDEN2
            __GI_getrlimit.symtab0x1000a7a872FUNC<unknown>HIDDEN2
            __GI_getservbyname_r.symtab0x10012e6c284FUNC<unknown>HIDDEN2
            __GI_getservbyport.symtab0x10012e1488FUNC<unknown>HIDDEN2
            __GI_getservbyport_r.symtab0x10012d30228FUNC<unknown>HIDDEN2
            __GI_getservent_r.symtab0x10012990576FUNC<unknown>HIDDEN2
            __GI_getuid.symtab0x1001134872FUNC<unknown>HIDDEN2
            __GI_h_errno.symtab0x1002be244OBJECT<unknown>HIDDEN11
            __GI_if_freenameindex.symtab0x1001331088FUNC<unknown>HIDDEN2
            __GI_if_nameindex.symtab0x10013134476FUNC<unknown>HIDDEN2
            __GI_if_nametoindex.symtab0x1001308c168FUNC<unknown>HIDDEN2
            __GI_in6addr_loopback.symtab0x1001a56c16OBJECT<unknown>HIDDEN4
            __GI_inet_addr.symtab0x1000f0b052FUNC<unknown>HIDDEN2
            __GI_inet_aton.symtab0x10013368192FUNC<unknown>HIDDEN2
            __GI_inet_ntoa.symtab0x1000f07c52FUNC<unknown>HIDDEN2
            __GI_inet_ntoa_r.symtab0x1000f000124FUNC<unknown>HIDDEN2
            __GI_inet_ntop.symtab0x1000ed5c676FUNC<unknown>HIDDEN2
            __GI_inet_pton.symtab0x1000e9f0524FUNC<unknown>HIDDEN2
            __GI_initstate_r.symtab0x100103a4232FUNC<unknown>HIDDEN2
            __GI_ioctl.symtab0x1000a31c232FUNC<unknown>HIDDEN2
            __GI_isatty.symtab0x1000d73444FUNC<unknown>HIDDEN2
            __GI_kill.symtab0x1000a7f072FUNC<unknown>HIDDEN2
            __GI_listen.symtab0x1000f7cc48FUNC<unknown>HIDDEN2
            __GI_lseek64.symtab0x100154c4128FUNC<unknown>HIDDEN2
            __GI_memchr.symtab0x10012538264FUNC<unknown>HIDDEN2
            __GI_memcpy.symtab0x1000d01c156FUNC<unknown>HIDDEN2
            __GI_memmove.symtab0x10012494164FUNC<unknown>HIDDEN2
            __GI_mempcpy.symtab0x1001264052FUNC<unknown>HIDDEN2
            __GI_memrchr.symtab0x10012674244FUNC<unknown>HIDDEN2
            __GI_memset.symtab0x1000d0b8144FUNC<unknown>HIDDEN2
            __GI_nanosleep.symtab0x1001139072FUNC<unknown>HIDDEN2
            __GI_open.symtab0x100113d8120FUNC<unknown>HIDDEN2
            __GI_perror.symtab0x1000ab7468FUNC<unknown>HIDDEN2
            __GI_pipe.symtab0x1001146072FUNC<unknown>HIDDEN2
            __GI_poll.symtab0x1000a83872FUNC<unknown>HIDDEN2
            __GI_putc.symtab0x1000c8f8204FUNC<unknown>HIDDEN2
            __GI_putc_unlocked.symtab0x1000cde4292FUNC<unknown>HIDDEN2
            __GI_raise.symtab0x1001549448FUNC<unknown>HIDDEN2
            __GI_random.symtab0x1000ff58108FUNC<unknown>HIDDEN2
            __GI_random_r.symtab0x10010230144FUNC<unknown>HIDDEN2
            __GI_rawmemchr.symtab0x10014bd8184FUNC<unknown>HIDDEN2
            __GI_read.symtab0x1001554472FUNC<unknown>HIDDEN2
            __GI_recv.symtab0x1000f7fc56FUNC<unknown>HIDDEN2
            __GI_rewind.symtab0x10014778144FUNC<unknown>HIDDEN2
            __GI_sbrk.symtab0x100114a8112FUNC<unknown>HIDDEN2
            __GI_select.symtab0x1000a88072FUNC<unknown>HIDDEN2
            __GI_send.symtab0x1000f83456FUNC<unknown>HIDDEN2
            __GI_sendto.symtab0x1000f86c64FUNC<unknown>HIDDEN2
            __GI_setservent.symtab0x10012c90160FUNC<unknown>HIDDEN2
            __GI_setsid.symtab0x1000a8c872FUNC<unknown>HIDDEN2
            __GI_setsockopt.symtab0x1000f8ac60FUNC<unknown>HIDDEN2
            __GI_setstate_r.symtab0x1001013c244FUNC<unknown>HIDDEN2
            __GI_sigaction.symtab0x10014330196FUNC<unknown>HIDDEN2
            __GI_signal.symtab0x100143f4224FUNC<unknown>HIDDEN2
            __GI_sigprocmask.symtab0x10011518120FUNC<unknown>HIDDEN2
            __GI_sleep.symtab0x10010968468FUNC<unknown>HIDDEN2
            __GI_socket.symtab0x1000f8e852FUNC<unknown>HIDDEN2
            __GI_sprintf.symtab0x1000ad70140FUNC<unknown>HIDDEN2
            __GI_srandom_r.symtab0x100102c0228FUNC<unknown>HIDDEN2
            __GI_strcasecmp.symtab0x1000d62480FUNC<unknown>HIDDEN2
            __GI_strcasestr.symtab0x1000d674100FUNC<unknown>HIDDEN2
            __GI_strchr.symtab0x10012768256FUNC<unknown>HIDDEN2
            __GI_strcmp.symtab0x1000d14852FUNC<unknown>HIDDEN2
            __GI_strcoll.symtab0x1000d14852FUNC<unknown>HIDDEN2
            __GI_strcpy.symtab0x1000d17c32FUNC<unknown>HIDDEN2
            __GI_strdup.symtab0x1000d6d880FUNC<unknown>HIDDEN2
            __GI_strlen.symtab0x1000d19c164FUNC<unknown>HIDDEN2
            __GI_strncat.symtab0x10014c90208FUNC<unknown>HIDDEN2
            __GI_strncmp.symtab0x1000d240236FUNC<unknown>HIDDEN2
            __GI_strncpy.symtab0x1000d32c188FUNC<unknown>HIDDEN2
            __GI_strnlen.symtab0x1000d3e8240FUNC<unknown>HIDDEN2
            __GI_strpbrk.symtab0x1001290860FUNC<unknown>HIDDEN2
            __GI_strspn.symtab0x10014d6076FUNC<unknown>HIDDEN2
            __GI_strtok.symtab0x1000d72812FUNC<unknown>HIDDEN2
            __GI_strtok_r.symtab0x10012868160FUNC<unknown>HIDDEN2
            __GI_strtol.symtab0x100105ec8FUNC<unknown>HIDDEN2
            __GI_strtoul.symtab0x100105f48FUNC<unknown>HIDDEN2
            __GI_sysconf.symtab0x10010b3c400FUNC<unknown>HIDDEN2
            __GI_tcgetattr.symtab0x1000d760156FUNC<unknown>HIDDEN2
            __GI_tcsetattr.symtab0x1000d7fc356FUNC<unknown>HIDDEN2
            __GI_time.symtab0x1000a91072FUNC<unknown>HIDDEN2
            __GI_tolower.symtab0x100115d832FUNC<unknown>HIDDEN2
            __GI_toupper.symtab0x1000a9f032FUNC<unknown>HIDDEN2
            __GI_vasprintf.symtab0x1000adfc160FUNC<unknown>HIDDEN2
            __GI_vfork.symtab0x1001110416FUNC<unknown>HIDDEN2
            __GI_vfprintf.symtab0x1000b6e8176FUNC<unknown>HIDDEN2
            __GI_vsnprintf.symtab0x1000ae9c204FUNC<unknown>HIDDEN2
            __GI_wait4.symtab0x1001159072FUNC<unknown>HIDDEN2
            __GI_waitpid.symtab0x1000a9a08FUNC<unknown>HIDDEN2
            __GI_wcrtomb.symtab0x1001160492FUNC<unknown>HIDDEN2
            __GI_wcsnrtombs.symtab0x10011670204FUNC<unknown>HIDDEN2
            __GI_wcsrtombs.symtab0x1001166016FUNC<unknown>HIDDEN2
            __GI_write.symtab0x1000a9a872FUNC<unknown>HIDDEN2
            __JCR_END__.symtab0x1002b0100OBJECT<unknown>DEFAULT8
            __JCR_LIST__.symtab0x1002b0100OBJECT<unknown>DEFAULT8
            __app_fini.symtab0x1002be144OBJECT<unknown>HIDDEN11
            __atexit_lock.symtab0x1002bccc24OBJECT<unknown>DEFAULT9
            __bsd_signal.symtab0x100143f4224FUNC<unknown>HIDDEN2
            __bss_start.symtab0x1002bd980NOTYPE<unknown>DEFAULTSHN_ABS
            __check_one_fd.symtab0x10010db896FUNC<unknown>DEFAULT2
            __ctype_b.symtab0x1002bd8c4OBJECT<unknown>DEFAULT10
            __ctype_tolower.symtab0x1002bd944OBJECT<unknown>DEFAULT10
            __ctype_toupper.symtab0x1002bd604OBJECT<unknown>DEFAULT10
            __curbrk.symtab0x1002be4c4OBJECT<unknown>DEFAULT11
            __data_start.symtab0x1002b0200NOTYPE<unknown>DEFAULT9
            __decode_answer.symtab0x10015004272FUNC<unknown>HIDDEN2
            __decode_dotted.symtab0x10013428244FUNC<unknown>HIDDEN2
            __decode_header.symtab0x10014e98196FUNC<unknown>HIDDEN2
            __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __dns_lookup.symtab0x1001351c1692FUNC<unknown>HIDDEN2
            __do_global_ctors_aux.symtab0x100156a00FUNC<unknown>DEFAULT2
            __do_global_dtors_aux.symtab0x100000b80FUNC<unknown>DEFAULT2
            __dso_handle.symtab0x1002b0180OBJECT<unknown>HIDDEN9
            __encode_dotted.symtab0x1001558c204FUNC<unknown>HIDDEN2
            __encode_header.symtab0x10014dac236FUNC<unknown>HIDDEN2
            __encode_question.symtab0x10014f5c124FUNC<unknown>HIDDEN2
            __environ.symtab0x1002be0c4OBJECT<unknown>DEFAULT11
            __errno_location.symtab0x1000aa1012FUNC<unknown>DEFAULT2
            __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __exit_cleanup.symtab0x1002be044OBJECT<unknown>HIDDEN11
            __fgetc_unlocked.symtab0x1001235c312FUNC<unknown>DEFAULT2
            __fini_array_end.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __fini_array_start.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __fputc_unlocked.symtab0x1000cde4292FUNC<unknown>DEFAULT2
            __get_hosts_byaddr_r.symtab0x10013ee4172FUNC<unknown>HIDDEN2
            __get_hosts_byname_r.symtab0x10013e8c88FUNC<unknown>HIDDEN2
            __getpagesize.symtab0x1000a6fc28FUNC<unknown>DEFAULT2
            __glibc_strerror_r.symtab0x1000d4d848FUNC<unknown>DEFAULT2
            __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __h_errno_location.symtab0x100115f812FUNC<unknown>DEFAULT2
            __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __heap_alloc.symtab0x1000fca4160FUNC<unknown>DEFAULT2
            __heap_alloc_at.symtab0x1000fd44156FUNC<unknown>DEFAULT2
            __heap_free.symtab0x1000fe28300FUNC<unknown>DEFAULT2
            __heap_link_free_area.symtab0x1000fde044FUNC<unknown>DEFAULT2
            __heap_link_free_area_after.symtab0x1000fe0c28FUNC<unknown>DEFAULT2
            __init_array_end.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __init_array_start.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __initbuf.symtab0x1001294476FUNC<unknown>DEFAULT2
            __length_dotted.symtab0x1001565872FUNC<unknown>HIDDEN2
            __length_question.symtab0x10014fd844FUNC<unknown>HIDDEN2
            __libc_accept.symtab0x1000f6f452FUNC<unknown>DEFAULT2
            __libc_close.symtab0x1000a53472FUNC<unknown>DEFAULT2
            __libc_connect.symtab0x1000f75c52FUNC<unknown>DEFAULT2
            __libc_creat.symtab0x1001145016FUNC<unknown>DEFAULT2
            __libc_fcntl.symtab0x1000a404132FUNC<unknown>DEFAULT2
            __libc_fcntl64.symtab0x1000a488100FUNC<unknown>DEFAULT2
            __libc_fork.symtab0x1000a57c72FUNC<unknown>DEFAULT2
            __libc_getpid.symtab0x1000a71872FUNC<unknown>DEFAULT2
            __libc_lseek64.symtab0x100154c4128FUNC<unknown>DEFAULT2
            __libc_nanosleep.symtab0x1001139072FUNC<unknown>DEFAULT2
            __libc_open.symtab0x100113d8120FUNC<unknown>DEFAULT2
            __libc_poll.symtab0x1000a83872FUNC<unknown>DEFAULT2
            __libc_read.symtab0x1001554472FUNC<unknown>DEFAULT2
            __libc_recv.symtab0x1000f7fc56FUNC<unknown>DEFAULT2
            __libc_select.symtab0x1000a88072FUNC<unknown>DEFAULT2
            __libc_send.symtab0x1000f83456FUNC<unknown>DEFAULT2
            __libc_sendto.symtab0x1000f86c64FUNC<unknown>DEFAULT2
            __libc_sigaction.symtab0x10014330196FUNC<unknown>DEFAULT2
            __libc_stack_end.symtab0x1002be084OBJECT<unknown>DEFAULT11
            __libc_system.symtab0x1001048c340FUNC<unknown>DEFAULT2
            __libc_waitpid.symtab0x1000a9a08FUNC<unknown>DEFAULT2
            __libc_write.symtab0x1000a9a872FUNC<unknown>DEFAULT2
            __malloc_heap.symtab0x1002bd804OBJECT<unknown>DEFAULT10
            __malloc_heap_lock.symtab0x1003229424OBJECT<unknown>DEFAULT12
            __malloc_sbrk_lock.symtab0x100334d424OBJECT<unknown>DEFAULT12
            __nameserver.symtab0x100334fc12OBJECT<unknown>HIDDEN12
            __nameservers.symtab0x1002be384OBJECT<unknown>HIDDEN11
            __open_etc_hosts.symtab0x10015114100FUNC<unknown>HIDDEN2
            __open_nameservers.symtab0x10013bb8724FUNC<unknown>HIDDEN2
            __opensock.symtab0x100142d492FUNC<unknown>HIDDEN2
            __pagesize.symtab0x1002be104OBJECT<unknown>DEFAULT11
            __preinit_array_end.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __preinit_array_start.symtab0x1002b0000NOTYPE<unknown>HIDDENSHN_ABS
            __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __pthread_mutex_init.symtab0x10010dac8FUNC<unknown>DEFAULT2
            __pthread_mutex_lock.symtab0x10010dac8FUNC<unknown>DEFAULT2
            __pthread_mutex_trylock.symtab0x10010dac8FUNC<unknown>DEFAULT2
            __pthread_mutex_unlock.symtab0x10010dac8FUNC<unknown>DEFAULT2
            __pthread_return_0.symtab0x10010dac8FUNC<unknown>DEFAULT2
            __pthread_return_void.symtab0x10010db44FUNC<unknown>DEFAULT2
            __raise.symtab0x1001549448FUNC<unknown>HIDDEN2
            __read_etc_hosts_r.symtab0x10015178796FUNC<unknown>HIDDEN2
            __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __resolv_lock.symtab0x1002bd0024OBJECT<unknown>DEFAULT9
            __rtld_fini.symtab0x1002be184OBJECT<unknown>HIDDEN11
            __searchdomain.symtab0x100334ec16OBJECT<unknown>HIDDEN12
            __searchdomains.symtab0x1002be3c4OBJECT<unknown>HIDDEN11
            __sigaddset.symtab0x100144fc40FUNC<unknown>DEFAULT2
            __sigdelset.symtab0x1001452440FUNC<unknown>DEFAULT2
            __sigismember.symtab0x100144d440FUNC<unknown>DEFAULT2
            __socketcall.symtab0x1001111472FUNC<unknown>HIDDEN2
            __socketcall.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __stdin.symtab0x1002bd704OBJECT<unknown>DEFAULT10
            __stdio_READ.symtab0x10014924116FUNC<unknown>HIDDEN2
            __stdio_WRITE.symtab0x100117a0224FUNC<unknown>HIDDEN2
            __stdio_adjust_position.symtab0x10014998252FUNC<unknown>HIDDEN2
            __stdio_fwrite.symtab0x10011880364FUNC<unknown>HIDDEN2
            __stdio_init_mutex.symtab0x1000b5c816FUNC<unknown>HIDDEN2
            __stdio_mutex_initializer.3862.symtab0x100198c824OBJECT<unknown>DEFAULT4
            __stdio_rfill.symtab0x10014a9472FUNC<unknown>HIDDEN2
            __stdio_seek.symtab0x10014b8088FUNC<unknown>HIDDEN2
            __stdio_trans2r_o.symtab0x10014adc164FUNC<unknown>HIDDEN2
            __stdio_trans2w_o.symtab0x100119ec248FUNC<unknown>HIDDEN2
            __stdio_wcommit.symtab0x1000b69880FUNC<unknown>HIDDEN2
            __stdout.symtab0x1002bd744OBJECT<unknown>DEFAULT10
            __syscall_error.symtab0x100146b852FUNC<unknown>HIDDEN2
            __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_fcntl64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_rt_sigaction.symtab0x1001472072FUNC<unknown>HIDDEN2
            __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __uClibc_fini.symtab0x10010d18148FUNC<unknown>DEFAULT2
            __uClibc_init.symtab0x10010e18128FUNC<unknown>DEFAULT2
            __uClibc_main.symtab0x10010e98620FUNC<unknown>DEFAULT2
            __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __uclibc_progname.symtab0x1002bd844OBJECT<unknown>HIDDEN10
            __vfork.symtab0x1001110416FUNC<unknown>HIDDEN2
            __xpg_strerror_r.symtab0x1000d508268FUNC<unknown>DEFAULT2
            __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _charpad.symtab0x1000b79896FUNC<unknown>DEFAULT2
            _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _dl_aux_init.symtab0x1001469c28FUNC<unknown>DEFAULT2
            _dl_phdr.symtab0x1002be444OBJECT<unknown>DEFAULT11
            _dl_phnum.symtab0x1002be484OBJECT<unknown>DEFAULT11
            _edata.symtab0x1002bd980NOTYPE<unknown>DEFAULTSHN_ABS
            _end.symtab0x100335880NOTYPE<unknown>DEFAULTSHN_ABS
            _errno.symtab0x1002be204OBJECT<unknown>DEFAULT11
            _exit.symtab0x1001115c60FUNC<unknown>DEFAULT2
            _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fini.symtab0x1001570c16FUNC<unknown>DEFAULT3
            _fixed_buffers.symtab0x100302848192OBJECT<unknown>DEFAULT12
            _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fp_out_narrow.symtab0x1000b7f8160FUNC<unknown>DEFAULT2
            _fpmaxtostr.symtab0x10011c981732FUNC<unknown>HIDDEN2
            _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _h_errno.symtab0x1002be244OBJECT<unknown>DEFAULT11
            _init.symtab0x1000009416FUNC<unknown>DEFAULT1
            _load_inttype.symtab0x10011ae4128FUNC<unknown>HIDDEN2
            _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_init.symtab0x1000bf08188FUNC<unknown>HIDDEN2
            _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_parsespec.symtab0x1000c2d01304FUNC<unknown>HIDDEN2
            _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_prepargs.symtab0x1000bfc492FUNC<unknown>HIDDEN2
            _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_setargs.symtab0x1000c020624FUNC<unknown>HIDDEN2
            _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _promoted_size.symtab0x1000c29064FUNC<unknown>DEFAULT2
            _pthread_cleanup_pop_restore.symtab0x10010db44FUNC<unknown>DEFAULT2
            _pthread_cleanup_push_defer.symtab0x10010db44FUNC<unknown>DEFAULT2
            _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _sigintr.symtab0x10033508128OBJECT<unknown>HIDDEN12
            _start.symtab0x100001f072FUNC<unknown>DEFAULT2
            _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _stdio_fopen.symtab0x1000b298700FUNC<unknown>HIDDEN2
            _stdio_init.symtab0x1000b554116FUNC<unknown>HIDDEN2
            _stdio_openlist.symtab0x1002bd784OBJECT<unknown>DEFAULT10
            _stdio_openlist_add_lock.symtab0x1002b9ec24OBJECT<unknown>DEFAULT9
            _stdio_openlist_dec_use.symtab0x1000ca50288FUNC<unknown>DEFAULT2
            _stdio_openlist_del_count.symtab0x1002bdfc4OBJECT<unknown>DEFAULT11
            _stdio_openlist_del_lock.symtab0x1002ba0424OBJECT<unknown>DEFAULT9
            _stdio_openlist_use_count.symtab0x1002bdf84OBJECT<unknown>DEFAULT11
            _stdio_streams.symtab0x1002ba1c240OBJECT<unknown>DEFAULT9
            _stdio_term.symtab0x1000b5d8192FUNC<unknown>HIDDEN2
            _stdio_user_locking.symtab0x1002bd7c4OBJECT<unknown>DEFAULT10
            _stdlib_strto_l.symtab0x100105fc436FUNC<unknown>HIDDEN2
            _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _store_inttype.symtab0x10011b6460FUNC<unknown>HIDDEN2
            _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _string_syserrmsgs.symtab0x100199982906OBJECT<unknown>HIDDEN4
            _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _uintmaxtostr.symtab0x10011ba0248FUNC<unknown>HIDDEN2
            _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _vfprintf_internal.symtab0x1000b8981648FUNC<unknown>HIDDEN2
            _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            abort.symtab0x1001454c336FUNC<unknown>DEFAULT2
            abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            accept.symtab0x1000f6f452FUNC<unknown>DEFAULT2
            accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            actualparent.symtab0x1002bdc84OBJECT<unknown>DEFAULT11
            advance_telstate.symtab0x10005ef8136FUNC<unknown>DEFAULT2
            advances.symtab0x1002b86828OBJECT<unknown>DEFAULT9
            advances2.symtab0x1002b8c844OBJECT<unknown>DEFAULT9
            ak47scan.symtab0x10007540276FUNC<unknown>DEFAULT2
            ak47scantoggle.symtab0x10007654496FUNC<unknown>DEFAULT2
            ak47telscan.symtab0x100060285400FUNC<unknown>DEFAULT2
            append.symtab0x10008004100FUNC<unknown>DEFAULT2
            asprintf.symtab0x1000acf0128FUNC<unknown>DEFAULT2
            asprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            atoi.symtab0x100105e012FUNC<unknown>DEFAULT2
            atol.symtab0x100105e012FUNC<unknown>DEFAULT2
            atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            bcopy.symtab0x1000d61416FUNC<unknown>DEFAULT2
            bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            been_there_done_that.symtab0x1002be404OBJECT<unknown>DEFAULT11
            been_there_done_that.2829.symtab0x1002be1c4OBJECT<unknown>DEFAULT11
            bind.symtab0x1000f72852FUNC<unknown>DEFAULT2
            bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            blacknurse.symtab0x10001e1c804FUNC<unknown>DEFAULT2
            botkill.symtab0x10007844200FUNC<unknown>DEFAULT2
            brk.symtab0x100146ec52FUNC<unknown>DEFAULT2
            bsd_signal.symtab0x100143f4224FUNC<unknown>DEFAULT2
            buf.2641.symtab0x1003228416OBJECT<unknown>DEFAULT12
            c.symtab0x1002b8f44OBJECT<unknown>DEFAULT9
            call___do_global_ctors_aux.symtab0x100156f00FUNC<unknown>DEFAULT2
            call___do_global_dtors_aux.symtab0x1000014c0FUNC<unknown>DEFAULT2
            call_frame_dummy.symtab0x100001d40FUNC<unknown>DEFAULT2
            capsaicin2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            chan.symtab0x1002bdec4OBJECT<unknown>DEFAULT11
            changeservers.symtab0x1002bd9c4OBJECT<unknown>DEFAULT11
            chdir.symtab0x1000a4ec72FUNC<unknown>DEFAULT2
            chdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            clock_getres.symtab0x1001119872FUNC<unknown>DEFAULT2
            clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            close.symtab0x1000a53472FUNC<unknown>DEFAULT2
            close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            completed.3069.symtab0x1002be501OBJECT<unknown>DEFAULT12
            con.symtab0x100093f8852FUNC<unknown>DEFAULT2
            connect.symtab0x1000f75c52FUNC<unknown>DEFAULT2
            connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            contains_fail.symtab0x10005bd472FUNC<unknown>DEFAULT2
            contains_response.symtab0x10005c1c116FUNC<unknown>DEFAULT2
            contains_string.symtab0x10005a9c240FUNC<unknown>DEFAULT2
            contains_success.symtab0x10005b8c72FUNC<unknown>DEFAULT2
            creat.symtab0x1001145016FUNC<unknown>DEFAULT2
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            csum.symtab0x10000260236FUNC<unknown>DEFAULT2
            data_start.symtab0x1002b0200NOTYPE<unknown>DEFAULT9
            decodea.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            disable.symtab0x10001844372FUNC<unknown>DEFAULT2
            disabled.symtab0x1002bda01OBJECT<unknown>DEFAULT11
            dispass.symtab0x100322d4256OBJECT<unknown>DEFAULT12
            dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            dns.symtab0x10004548768FUNC<unknown>DEFAULT2
            dns_format.symtab0x10003d40340FUNC<unknown>DEFAULT2
            dns_hdr_create.symtab0x10003e94156FUNC<unknown>DEFAULT2
            dns_send.symtab0x10003f301040FUNC<unknown>DEFAULT2
            dnsflood.symtab0x10004340520FUNC<unknown>DEFAULT2
            dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            download.symtab0x10000f8c1288FUNC<unknown>DEFAULT2
            dup2.symtab0x100111e072FUNC<unknown>DEFAULT2
            dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            enable.symtab0x100019b8328FUNC<unknown>DEFAULT2
            encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            endservent.symtab0x10012c10128FUNC<unknown>DEFAULT2
            environ.symtab0x1002be0c4OBJECT<unknown>DEFAULT11
            errno.symtab0x1002be204OBJECT<unknown>DEFAULT11
            errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            execfile.symtab0x100323d4256OBJECT<unknown>DEFAULT12
            execl.symtab0x10010834308FUNC<unknown>DEFAULT2
            execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            execve.symtab0x1001122872FUNC<unknown>DEFAULT2
            execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exit.symtab0x100107b0132FUNC<unknown>DEFAULT2
            exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exp10_table.symtab0x1001ae7872OBJECT<unknown>DEFAULT4
            fails.symtab0x1002b88436OBJECT<unknown>DEFAULT9
            fastflux.symtab0x100082e4508FUNC<unknown>DEFAULT2
            fclose.symtab0x1000aa1c332FUNC<unknown>DEFAULT2
            fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fcntl.symtab0x1000a404132FUNC<unknown>DEFAULT2
            fcntl64.symtab0x1000a488100FUNC<unknown>DEFAULT2
            fdopen.symtab0x1001173c100FUNC<unknown>DEFAULT2
            fdopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            feof.symtab0x1000c7e8124FUNC<unknown>DEFAULT2
            feof.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fflush_unlocked.symtab0x1000cb70432FUNC<unknown>DEFAULT2
            fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgetc_unlocked.symtab0x1001235c312FUNC<unknown>DEFAULT2
            fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets.symtab0x1000c864148FUNC<unknown>DEFAULT2
            fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets_unlocked.symtab0x1000cd20196FUNC<unknown>DEFAULT2
            fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            filter.symtab0x10000780176FUNC<unknown>DEFAULT2
            flooders.symtab0x1002b8fc176OBJECT<unknown>DEFAULT9
            fmt.symtab0x1001ae6020OBJECT<unknown>DEFAULT4
            fopen.symtab0x1000ab6812FUNC<unknown>DEFAULT2
            fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fork.symtab0x1000a57c72FUNC<unknown>DEFAULT2
            fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fprintf.symtab0x1000ac70128FUNC<unknown>DEFAULT2
            fprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fputc.symtab0x1000c8f8204FUNC<unknown>DEFAULT2
            fputc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fputc_unlocked.symtab0x1000cde4292FUNC<unknown>DEFAULT2
            fputc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fputs.symtab0x1000c9c4140FUNC<unknown>DEFAULT2
            fputs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fputs_unlocked.symtab0x1000cf0892FUNC<unknown>DEFAULT2
            fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            frame_dummy.symtab0x100001680FUNC<unknown>DEFAULT2
            free.symtab0x1000fa74256FUNC<unknown>DEFAULT2
            free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            freeaddrinfo.symtab0x1000e5dc64FUNC<unknown>DEFAULT2
            fseek.symtab0x1001476816FUNC<unknown>DEFAULT2
            fseeko.symtab0x1001476816FUNC<unknown>DEFAULT2
            fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fseeko64.symtab0x10014808284FUNC<unknown>DEFAULT2
            fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fwrite_unlocked.symtab0x1000cf64184FUNC<unknown>DEFAULT2
            fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gaih.symtab0x1001a4f424OBJECT<unknown>DEFAULT4
            gaih_inet.symtab0x1000da582948FUNC<unknown>DEFAULT2
            gaih_inet_serv.symtab0x1000d970232FUNC<unknown>DEFAULT2
            gaih_inet_typeproto.symtab0x1001a50c35OBJECT<unknown>DEFAULT4
            get.symtab0x10001494356FUNC<unknown>DEFAULT2
            getBuild.symtab0x1000023840FUNC<unknown>DEFAULT2
            getDatIP.symtab0x100053381460FUNC<unknown>DEFAULT2
            getHost.symtab0x10002a4c124FUNC<unknown>DEFAULT2
            getPublicIP.symtab0x10008194184FUNC<unknown>DEFAULT2
            get_hosts_byaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            get_telstate_host.symtab0x10005ea088FUNC<unknown>DEFAULT2
            getaddrinfo.symtab0x1000e61c756FUNC<unknown>DEFAULT2
            getaddrinfo.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getc_unlocked.symtab0x1001235c312FUNC<unknown>DEFAULT2
            getcwd.symtab0x1000a5c4256FUNC<unknown>DEFAULT2
            getcwd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getdtablesize.symtab0x1000a6c456FUNC<unknown>DEFAULT2
            getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getegid.symtab0x1001127072FUNC<unknown>DEFAULT2
            getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            geteuid.symtab0x100112b872FUNC<unknown>DEFAULT2
            geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getgid.symtab0x1001130072FUNC<unknown>DEFAULT2
            getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyaddr_r.symtab0x1000f3bc824FUNC<unknown>DEFAULT2
            gethostbyaddr_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname2_r.symtab0x1000f0e4728FUNC<unknown>DEFAULT2
            gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname_r.symtab0x10013f90836FUNC<unknown>DEFAULT2
            gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getmyip.symtab0x1000824c152FUNC<unknown>DEFAULT2
            getpagesize.symtab0x1000a6fc28FUNC<unknown>DEFAULT2
            getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getpid.symtab0x1000a71872FUNC<unknown>DEFAULT2
            getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getppid.symtab0x1000a76072FUNC<unknown>DEFAULT2
            getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getrlimit.symtab0x1000a7a872FUNC<unknown>DEFAULT2
            getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getservbyname.symtab0x10012f8888FUNC<unknown>DEFAULT2
            getservbyname_r.symtab0x10012e6c284FUNC<unknown>DEFAULT2
            getservbyport.symtab0x10012e1488FUNC<unknown>DEFAULT2
            getservbyport_r.symtab0x10012d30228FUNC<unknown>DEFAULT2
            getservent.symtab0x10012bd064FUNC<unknown>DEFAULT2
            getservent_r.symtab0x10012990576FUNC<unknown>DEFAULT2
            getservice.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getsockopt.symtab0x1000f79060FUNC<unknown>DEFAULT2
            getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getuid.symtab0x1001134872FUNC<unknown>DEFAULT2
            getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            h_errno.symtab0x1002be244OBJECT<unknown>DEFAULT11
            head.symtab0x1002bddc4OBJECT<unknown>DEFAULT11
            heap_alloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            heap_alloc_at.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            heap_free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            help.symtab0x100079f81048FUNC<unknown>DEFAULT2
            histClear.symtab0x1000813c88FUNC<unknown>DEFAULT2
            hold.symtab0x10003c10304FUNC<unknown>DEFAULT2
            host2ip.symtab0x10001b00220FUNC<unknown>DEFAULT2
            htonl.symtab0x1000d9684FUNC<unknown>DEFAULT2
            htons.symtab0x1000d96c4FUNC<unknown>DEFAULT2
            i.5503.symtab0x1002bdb04OBJECT<unknown>DEFAULT11
            i.5545.symtab0x1002b8f84OBJECT<unknown>DEFAULT9
            ident.symtab0x1002bdb84OBJECT<unknown>DEFAULT11
            identd.symtab0x1000095c884FUNC<unknown>DEFAULT2
            if_freenameindex.symtab0x1001331088FUNC<unknown>DEFAULT2
            if_index.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            if_indextoname.symtab0x10012fe0172FUNC<unknown>DEFAULT2
            if_nameindex.symtab0x10013134476FUNC<unknown>DEFAULT2
            if_nametoindex.symtab0x1001308c168FUNC<unknown>DEFAULT2
            in6_addr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            in6addr_any.symtab0x1001a55c16OBJECT<unknown>DEFAULT4
            in6addr_loopback.symtab0x1001a56c16OBJECT<unknown>DEFAULT4
            in_cksum.symtab0x10000d60264FUNC<unknown>DEFAULT2
            index.symtab0x10012768256FUNC<unknown>DEFAULT2
            inet_addr.symtab0x1000f0b052FUNC<unknown>DEFAULT2
            inet_aton.symtab0x10013368192FUNC<unknown>DEFAULT2
            inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            inet_ntoa.symtab0x1000f07c52FUNC<unknown>DEFAULT2
            inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            inet_ntoa_r.symtab0x1000f000124FUNC<unknown>DEFAULT2
            inet_ntop.symtab0x1000ed5c676FUNC<unknown>DEFAULT2
            inet_ntop4.symtab0x1000ebfc352FUNC<unknown>DEFAULT2
            inet_pton.symtab0x1000e9f0524FUNC<unknown>DEFAULT2
            inet_pton4.symtab0x1000e910224FUNC<unknown>DEFAULT2
            infected.symtab0x1002bd4c8OBJECT<unknown>DEFAULT10
            init_rand.symtab0x10001bdc232FUNC<unknown>DEFAULT2
            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            initial_fa.symtab0x1002bb10264OBJECT<unknown>DEFAULT9
            initstate.symtab0x10010048136FUNC<unknown>DEFAULT2
            initstate_r.symtab0x100103a4232FUNC<unknown>DEFAULT2
            ioctl.symtab0x1000a31c232FUNC<unknown>DEFAULT2
            ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            isatty.symtab0x1000d73444FUNC<unknown>DEFAULT2
            isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            ismaster.symtab0x10008068212FUNC<unknown>DEFAULT2
            junk.symtab0x100034e4304FUNC<unknown>DEFAULT2
            key.symtab0x1002bde44OBJECT<unknown>DEFAULT11
            kill.symtab0x1000a7f072FUNC<unknown>DEFAULT2
            kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            killall.symtab0x10007e10340FUNC<unknown>DEFAULT2
            killd.symtab0x10007f64160FUNC<unknown>DEFAULT2
            knownBots.symtab0x1002b030776OBJECT<unknown>DEFAULT9
            legit.symtab0x1002bd448OBJECT<unknown>DEFAULT10
            lengthd.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            lengthq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/powerpc/brk.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/powerpc/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/powerpc/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/powerpc/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/powerpc/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            limiter.symtab0x1002bdbc4OBJECT<unknown>DEFAULT11
            listFork.symtab0x10002598312FUNC<unknown>DEFAULT2
            listen.symtab0x1000f7cc48FUNC<unknown>DEFAULT2
            listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            lseek64.symtab0x100154c4128FUNC<unknown>DEFAULT2
            main.symtab0x100098ac2672FUNC<unknown>DEFAULT2
            makeFukdString.symtab0x1000974c220FUNC<unknown>DEFAULT2
            makeRandomShit.symtab0x10002140220FUNC<unknown>DEFAULT2
            malloc.symtab0x1000f91c344FUNC<unknown>DEFAULT2
            malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            masters.symtab0x1002b02412OBJECT<unknown>DEFAULT9
            memchr.symtab0x10012538264FUNC<unknown>DEFAULT2
            memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memcpy.symtab0x1000d01c156FUNC<unknown>DEFAULT2
            memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memmove.symtab0x10012494164FUNC<unknown>DEFAULT2
            memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            mempcpy.symtab0x1001264052FUNC<unknown>DEFAULT2
            mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memrchr.symtab0x10012674244FUNC<unknown>DEFAULT2
            memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memset.symtab0x1000d0b8144FUNC<unknown>DEFAULT2
            memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            mfork.symtab0x10000604380FUNC<unknown>DEFAULT2
            move.symtab0x1000795c156FUNC<unknown>DEFAULT2
            msgs.symtab0x1002b9ac64OBJECT<unknown>DEFAULT9
            mygethostbyname.symtab0x10000e68292FUNC<unknown>DEFAULT2
            mylock.symtab0x1003026c24OBJECT<unknown>DEFAULT12
            mylock.symtab0x1002bc1824OBJECT<unknown>DEFAULT9
            mylock.symtab0x1002bce424OBJECT<unknown>DEFAULT9
            mylock.symtab0x100322bc24OBJECT<unknown>DEFAULT12
            mylock.symtab0x1002bd1824OBJECT<unknown>DEFAULT9
            nanosleep.symtab0x1001139072FUNC<unknown>DEFAULT2
            nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            negotiate.symtab0x100058ec432FUNC<unknown>DEFAULT2
            next_start.1106.symtab0x1002be004OBJECT<unknown>DEFAULT11
            nick.symtab0x1002bdc04OBJECT<unknown>DEFAULT11
            nickc.symtab0x1000164c216FUNC<unknown>DEFAULT2
            ntohl.symtab0x1000d9604FUNC<unknown>DEFAULT2
            ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            ntohs.symtab0x1000d9644FUNC<unknown>DEFAULT2
            ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            nummasters.symtab0x1002bd3c4OBJECT<unknown>DEFAULT10
            numpids.symtab0x1002bdac4OBJECT<unknown>DEFAULT11
            numservers.symtab0x1002bd304OBJECT<unknown>DEFAULT10
            object.3150.symtab0x1002be5424OBJECT<unknown>DEFAULT12
            open.symtab0x100113d8120FUNC<unknown>DEFAULT2
            open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            opensock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            p.3067.symtab0x1002b01c0OBJECT<unknown>DEFAULT9
            passwords.symtab0x1002b618592OBJECT<unknown>DEFAULT9
            pclose.symtab0x1000af68260FUNC<unknown>DEFAULT2
            perror.symtab0x1000ab7468FUNC<unknown>DEFAULT2
            perror.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            pid.symtab0x1002bdb44OBJECT<unknown>DEFAULT11
            pids.symtab0x1002bdf04OBJECT<unknown>DEFAULT11
            pipe.symtab0x1001146072FUNC<unknown>DEFAULT2
            pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            poll.symtab0x1000a83872FUNC<unknown>DEFAULT2
            poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            popen.symtab0x1000b06c556FUNC<unknown>DEFAULT2
            popen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            popen_list.symtab0x1002bdf44OBJECT<unknown>DEFAULT11
            poww.symtab0x10000cd0144FUNC<unknown>DEFAULT2
            pps.symtab0x1002bdd44OBJECT<unknown>DEFAULT11
            prefix.4074.symtab0x100198f012OBJECT<unknown>DEFAULT4
            print.symtab0x10004c6c1564FUNC<unknown>DEFAULT2
            printchar.symtab0x10004848128FUNC<unknown>DEFAULT2
            printi.symtab0x10004a6c512FUNC<unknown>DEFAULT2
            prints.symtab0x100048c8420FUNC<unknown>DEFAULT2
            putc.symtab0x1000c8f8204FUNC<unknown>DEFAULT2
            putc_unlocked.symtab0x1000cde4292FUNC<unknown>DEFAULT2
            puts.symtab0x1000abb8168FUNC<unknown>DEFAULT2
            puts.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            qual_chars.4079.symtab0x1001990420OBJECT<unknown>DEFAULT4
            raise.symtab0x1001549448FUNC<unknown>DEFAULT2
            raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rand.symtab0x1000ff544FUNC<unknown>DEFAULT2
            rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rand_cmwc.symtab0x10001cc4344FUNC<unknown>DEFAULT2
            random.symtab0x1000ff58108FUNC<unknown>DEFAULT2
            random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            random_poly_info.symtab0x1001a5ac40OBJECT<unknown>DEFAULT4
            random_r.symtab0x10010230144FUNC<unknown>DEFAULT2
            random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            randstring.symtab0x10000830300FUNC<unknown>DEFAULT2
            randtbl.symtab0x1002bc4c128OBJECT<unknown>DEFAULT9
            rawmemchr.symtab0x10014bd8184FUNC<unknown>DEFAULT2
            rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            read.symtab0x1001554472FUNC<unknown>DEFAULT2
            read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            read_until_response.symtab0x10005dd0208FUNC<unknown>DEFAULT2
            read_with_timeout.symtab0x10005c90320FUNC<unknown>DEFAULT2
            realloc.symtab0x1000fb74304FUNC<unknown>DEFAULT2
            realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            realrand.symtab0x10001724140FUNC<unknown>DEFAULT2
            recv.symtab0x1000f7fc56FUNC<unknown>DEFAULT2
            recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rekdevice.symtab0x1002bd404OBJECT<unknown>DEFAULT10
            reset_telstate.symtab0x10005f8072FUNC<unknown>DEFAULT2
            rewind.symtab0x10014778144FUNC<unknown>DEFAULT2
            rewind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rnd.symtab0x1002bde84OBJECT<unknown>DEFAULT11
            rndnick.symtab0x100017b0148FUNC<unknown>DEFAULT2
            rseed.symtab0x100324d44096OBJECT<unknown>DEFAULT12
            rsi.symtab0x1002bdcc4OBJECT<unknown>DEFAULT11
            sbrk.symtab0x100114a8112FUNC<unknown>DEFAULT2
            sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            scanPid.symtab0x1002bd984OBJECT<unknown>DEFAULT11
            sclose.symtab0x10005fc896FUNC<unknown>DEFAULT2
            select.symtab0x1000a88072FUNC<unknown>DEFAULT2
            select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            send.symtab0x1000f83456FUNC<unknown>DEFAULT2
            send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sendHOLD.symtab0x100036141532FUNC<unknown>DEFAULT2
            sendHTTP.symtab0x10002bd4496FUNC<unknown>DEFAULT2
            sendJUNK.symtab0x10002f501428FUNC<unknown>DEFAULT2
            sendSTD.symtab0x100026d0892FUNC<unknown>DEFAULT2
            sendto.symtab0x1000f86c64FUNC<unknown>DEFAULT2
            sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            serv.symtab0x100322ac16OBJECT<unknown>DEFAULT12
            serv_stayopen.symtab0x1002be304OBJECT<unknown>DEFAULT11
            servbuf.symtab0x1002be284OBJECT<unknown>DEFAULT11
            server.symtab0x1002bdd84OBJECT<unknown>DEFAULT11
            servers.symtab0x1002bd348OBJECT<unknown>DEFAULT10
            servf.symtab0x1002be2c4OBJECT<unknown>DEFAULT11
            setservent.symtab0x10012c90160FUNC<unknown>DEFAULT2
            setsid.symtab0x1000a8c872FUNC<unknown>DEFAULT2
            setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            setsockopt.symtab0x1000f8ac60FUNC<unknown>DEFAULT2
            setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            setstate.symtab0x1000ffc4132FUNC<unknown>DEFAULT2
            setstate_r.symtab0x1001013c244FUNC<unknown>DEFAULT2
            sigaction.symtab0x10014330196FUNC<unknown>DEFAULT2
            sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            signal.symtab0x100143f4224FUNC<unknown>DEFAULT2
            signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigprocmask.symtab0x10011518120FUNC<unknown>DEFAULT2
            sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sleep.symtab0x10010968468FUNC<unknown>DEFAULT2
            sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sleeptime.symtab0x1002bd544OBJECT<unknown>DEFAULT10
            sock.symtab0x1002bdc44OBJECT<unknown>DEFAULT11
            socket.symtab0x1000f8e852FUNC<unknown>DEFAULT2
            socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            socket_connect.symtab0x10002ac8268FUNC<unknown>DEFAULT2
            spec_and_mask.4078.symtab0x1001991816OBJECT<unknown>DEFAULT4
            spec_base.4073.symtab0x100198fc7OBJECT<unknown>DEFAULT4
            spec_chars.4075.symtab0x1001994421OBJECT<unknown>DEFAULT4
            spec_flags.4074.symtab0x1001995c8OBJECT<unknown>DEFAULT4
            spec_or_mask.4077.symtab0x1001992816OBJECT<unknown>DEFAULT4
            spec_ranges.4076.symtab0x100199389OBJECT<unknown>DEFAULT4
            spoofs.symtab0x1002bda44OBJECT<unknown>DEFAULT11
            spoofsm.symtab0x1002bda84OBJECT<unknown>DEFAULT11
            sprintf.symtab0x1000ad70140FUNC<unknown>DEFAULT2
            sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            srand.symtab0x100100d0108FUNC<unknown>DEFAULT2
            srandom.symtab0x100100d0108FUNC<unknown>DEFAULT2
            srandom_r.symtab0x100102c0228FUNC<unknown>DEFAULT2
            static_id.symtab0x1002bcfc2OBJECT<unknown>DEFAULT9
            static_ns.symtab0x1002be344OBJECT<unknown>DEFAULT11
            stderr.symtab0x1002bd6c4OBJECT<unknown>DEFAULT10
            stdin.symtab0x1002bd644OBJECT<unknown>DEFAULT10
            stdout.symtab0x1002bd684OBJECT<unknown>DEFAULT10
            strcasecmp.symtab0x1000d62480FUNC<unknown>DEFAULT2
            strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strcasestr.symtab0x1000d674100FUNC<unknown>DEFAULT2
            strcasestr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strchr.symtab0x10012768256FUNC<unknown>DEFAULT2
            strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strcmp.symtab0x1000d14852FUNC<unknown>DEFAULT2
            strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strcoll.symtab0x1000d14852FUNC<unknown>DEFAULT2
            strcpy.symtab0x1000d17c32FUNC<unknown>DEFAULT2
            strcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strdup.symtab0x1000d6d880FUNC<unknown>DEFAULT2
            strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strerror_r.symtab0x1000d508268FUNC<unknown>DEFAULT2
            strlen.symtab0x1000d19c164FUNC<unknown>DEFAULT2
            strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strncat.symtab0x10014c90208FUNC<unknown>DEFAULT2
            strncat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strncmp.symtab0x1000d240236FUNC<unknown>DEFAULT2
            strncmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strncpy.symtab0x1000d32c188FUNC<unknown>DEFAULT2
            strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strnlen.symtab0x1000d3e8240FUNC<unknown>DEFAULT2
            strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strpbrk.symtab0x1001290860FUNC<unknown>DEFAULT2
            strpbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strspn.symtab0x10014d6076FUNC<unknown>DEFAULT2
            strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtok.symtab0x1000d72812FUNC<unknown>DEFAULT2
            strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtok_r.symtab0x10012868160FUNC<unknown>DEFAULT2
            strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtol.symtab0x100105ec8FUNC<unknown>DEFAULT2
            strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtoul.symtab0x100105f48FUNC<unknown>DEFAULT2
            strtoul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strwildmatch.symtab0x1000034c484FUNC<unknown>DEFAULT2
            successes.symtab0x1002b8a832OBJECT<unknown>DEFAULT9
            sysconf.symtab0x10010b3c400FUNC<unknown>DEFAULT2
            sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            system.symtab0x1001048c340FUNC<unknown>DEFAULT2
            system.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            szprintf.symtab0x10005288176FUNC<unknown>DEFAULT2
            tcgetattr.symtab0x1000d760156FUNC<unknown>DEFAULT2
            tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            tcsetattr.symtab0x1000d7fc356FUNC<unknown>DEFAULT2
            tcsetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            tehport.symtab0x1002bde04OBJECT<unknown>DEFAULT11
            textBuffer.4986.symtab0x1002be6c1024OBJECT<unknown>DEFAULT12
            thanks.symtab0x1002bd584OBJECT<unknown>DEFAULT10
            time.symtab0x1000a91072FUNC<unknown>DEFAULT2
            time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            tolower.symtab0x100115d832FUNC<unknown>DEFAULT2
            tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            touchMyself.symtab0x10009828132FUNC<unknown>DEFAULT2
            toupper.symtab0x1000a9f032FUNC<unknown>DEFAULT2
            toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            type_codes.symtab0x1001996424OBJECT<unknown>DEFAULT4
            type_sizes.symtab0x1001997c12OBJECT<unknown>DEFAULT4
            umask.symtab0x1000a95872FUNC<unknown>DEFAULT2
            umask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            unknown.symtab0x1000221c892FUNC<unknown>DEFAULT2
            unknown.1128.symtab0x1001998814OBJECT<unknown>DEFAULT4
            unsafe_state.symtab0x1002bc3028OBJECT<unknown>DEFAULT9
            user.symtab0x1002bdd04OBJECT<unknown>DEFAULT11
            usernames.symtab0x1002b3c8592OBJECT<unknown>DEFAULT9
            usleep.symtab0x10010ccc76FUNC<unknown>DEFAULT2
            usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            vasprintf.symtab0x1000adfc160FUNC<unknown>DEFAULT2
            vasprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            version.symtab0x100015f884FUNC<unknown>DEFAULT2
            vfork.symtab0x1001110416FUNC<unknown>DEFAULT2
            vfprintf.symtab0x1000b6e8176FUNC<unknown>DEFAULT2
            vfprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            vsnprintf.symtab0x1000ae9c204FUNC<unknown>DEFAULT2
            vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            vsprintf.symtab0x1000ac6016FUNC<unknown>DEFAULT2
            vsprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wait4.symtab0x1001159072FUNC<unknown>DEFAULT2
            wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            waitpid.symtab0x1000a9a08FUNC<unknown>DEFAULT2
            waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wcrtomb.symtab0x1001160492FUNC<unknown>DEFAULT2
            wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wcsnrtombs.symtab0x10011670204FUNC<unknown>DEFAULT2
            wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wcsrtombs.symtab0x1001166016FUNC<unknown>DEFAULT2
            wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            write.symtab0x1000a9a872FUNC<unknown>DEFAULT2
            write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            xdigits.3080.symtab0x1001a54417OBJECT<unknown>DEFAULT4

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Nov 23, 2024 11:03:02.439182997 CET503066780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:02.558932066 CET67805030695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:02.559010029 CET503066780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:03.467048883 CET503066780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:03.586721897 CET67805030695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:03.690001965 CET67805030695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:03.690015078 CET67805030695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:03.690045118 CET503066780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:03.690466881 CET503066780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:03.810148954 CET67805030695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:08.693134069 CET503086780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:08.812633991 CET67805030895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:08.812711000 CET503086780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:09.697951078 CET503086780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:09.817502022 CET67805030895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:09.961023092 CET67805030895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:09.961034060 CET67805030895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:09.961167097 CET503086780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:09.961167097 CET503086780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:10.081000090 CET67805030895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:14.963187933 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:15.178694010 CET67805031095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:15.178889990 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:15.967644930 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:16.087215900 CET67805031095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:16.349282026 CET67805031095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:16.349435091 CET67805031095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:16.349453926 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:16.349453926 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:16.349478006 CET503106780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:16.468923092 CET67805031095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:21.352610111 CET503126780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:21.472223997 CET67805031295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:21.472304106 CET503126780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:22.356915951 CET503126780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:22.476435900 CET67805031295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:22.657764912 CET67805031295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:22.657890081 CET67805031295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:22.658157110 CET503126780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:22.658157110 CET503126780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:22.778326988 CET67805031295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:27.659558058 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:27.779335976 CET67805031495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:27.779417992 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:28.663443089 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:28.783473015 CET67805031495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:28.958204031 CET67805031495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:28.958265066 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:28.958332062 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:28.958379030 CET67805031495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:28.958425999 CET503146780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:29.078708887 CET67805031495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:33.961396933 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:34.085525990 CET67805031695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:34.085654974 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:34.966449976 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:35.087225914 CET67805031695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:35.237971067 CET67805031695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:35.238023043 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:35.238086939 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:35.238091946 CET67805031695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:35.238122940 CET503166780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:35.359069109 CET67805031695.234.158.87192.168.2.15
            Nov 23, 2024 11:03:40.239836931 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:40.359451056 CET67805031895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:40.359586954 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:41.246330976 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:41.414496899 CET67805031895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:41.538172960 CET67805031895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:41.538224936 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:41.538265944 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:41.540066957 CET67805031895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:41.540117025 CET503186780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:41.661067963 CET67805031895.234.158.87192.168.2.15
            Nov 23, 2024 11:03:46.540020943 CET503206780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:46.659734011 CET67805032095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:46.659787893 CET503206780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:47.544411898 CET503206780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:47.664072990 CET67805032095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:47.770298004 CET67805032095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:47.770314932 CET67805032095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:47.770351887 CET503206780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:47.770406008 CET503206780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:47.889908075 CET67805032095.234.158.87192.168.2.15
            Nov 23, 2024 11:03:52.772053957 CET503226780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:52.892072916 CET67805032295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:52.892124891 CET503226780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:53.776344061 CET503226780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:53.896296024 CET67805032295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:54.026949883 CET67805032295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:54.026983976 CET67805032295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:54.027172089 CET503226780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:54.027226925 CET503226780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:54.146763086 CET67805032295.234.158.87192.168.2.15
            Nov 23, 2024 11:03:59.061573029 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:03:59.182934046 CET67805032495.234.158.87192.168.2.15
            Nov 23, 2024 11:03:59.182996035 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:00.066346884 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:00.234211922 CET67805032495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:00.330672979 CET67805032495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:00.330729008 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:00.330760956 CET67805032495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:00.330782890 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:00.330852985 CET503246780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:00.454561949 CET67805032495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:05.332756996 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:05.452342987 CET67805032695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:05.452420950 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:06.339140892 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:06.509434938 CET67805032695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:06.553872108 CET67805032695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:06.553925991 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:06.553982019 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:06.554017067 CET67805032695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:06.554056883 CET503266780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:06.751214027 CET67805032695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:11.557096004 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:11.676780939 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:11.676853895 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:12.562036991 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:12.682255030 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:12.920135975 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:12.920296907 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:13.040626049 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:13.040664911 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:13.040688992 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:13.041074038 CET503286780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:13.160660028 CET67805032895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:18.043258905 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:18.162873983 CET67805033095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:18.162935972 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:19.050350904 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:19.171041965 CET67805033095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:19.314368010 CET67805033095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:19.314419985 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:19.314456940 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:19.314486027 CET67805033095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:19.314534903 CET503306780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:19.437211990 CET67805033095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:24.316924095 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:24.437205076 CET67805033295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:24.437262058 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:25.320878983 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:25.440366030 CET67805033295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:25.597491980 CET67805033295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:25.597543001 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:25.597598076 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:25.597635031 CET67805033295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:25.597666025 CET503326780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:25.718151093 CET67805033295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:30.598947048 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:30.718738079 CET67805033495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:30.718801022 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:31.602386951 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:31.722088099 CET67805033495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:31.832799911 CET67805033495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:31.833030939 CET67805033495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:31.833091021 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:31.833091021 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:31.833091021 CET503346780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:31.952790022 CET67805033495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:36.834845066 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:36.954565048 CET67805033695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:36.954653025 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:37.839603901 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:37.959235907 CET67805033695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:38.122915030 CET67805033695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:38.122965097 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:38.123023033 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:38.123094082 CET67805033695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:38.123131037 CET503366780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:38.249574900 CET67805033695.234.158.87192.168.2.15
            Nov 23, 2024 11:04:43.124722004 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:43.244254112 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:43.244318008 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:43.488812923 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:43.492213964 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.128695011 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.160820007 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.186784983 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.212898970 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.239877939 CET503386780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.248200893 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.249433994 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:44.280354977 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.306253910 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.333143950 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.359349966 CET67805033895.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.368942022 CET67805034095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:44.369091034 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:45.252651930 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:45.372401953 CET67805034095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:45.573570013 CET67805034095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:45.573676109 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:45.573676109 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:45.573889971 CET67805034095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:45.573934078 CET503406780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:45.696446896 CET67805034095.234.158.87192.168.2.15
            Nov 23, 2024 11:04:50.575620890 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:50.696399927 CET67805034295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:50.696475983 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:51.579185009 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:51.765516996 CET67805034295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:51.846946955 CET67805034295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:51.846991062 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:51.847033024 CET67805034295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:51.847052097 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:51.847073078 CET503426780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:51.966487885 CET67805034295.234.158.87192.168.2.15
            Nov 23, 2024 11:04:56.848779917 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:56.968966961 CET67805034495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:56.969037056 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:57.852067947 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:57.974117041 CET67805034495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:58.121601105 CET67805034495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:58.121866941 CET67805034495.234.158.87192.168.2.15
            Nov 23, 2024 11:04:58.121903896 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:58.121903896 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:58.122039080 CET503446780192.168.2.1595.234.158.87
            Nov 23, 2024 11:04:58.243174076 CET67805034495.234.158.87192.168.2.15
            Nov 23, 2024 11:05:03.123966932 CET503466780192.168.2.1595.234.158.87
            Nov 23, 2024 11:05:03.244098902 CET67805034695.234.158.87192.168.2.15
            Nov 23, 2024 11:05:03.248718977 CET503466780192.168.2.1595.234.158.87
            Nov 23, 2024 11:05:04.130016088 CET503466780192.168.2.1595.234.158.87
            Nov 23, 2024 11:05:04.249856949 CET67805034695.234.158.87192.168.2.15
            Nov 23, 2024 11:05:04.376662016 CET67805034695.234.158.87192.168.2.15
            Nov 23, 2024 11:05:04.376720905 CET503466780192.168.2.1595.234.158.87
            Nov 23, 2024 11:05:04.376729012 CET67805034695.234.158.87192.168.2.15
            Nov 23, 2024 11:05:04.376785994 CET503466780192.168.2.1595.234.158.87
            Nov 23, 2024 11:05:04.496246099 CET67805034695.234.158.87192.168.2.15

            IRC Packets

            TimestampSource PortDest PortSource IPDest IPCommands
            Nov 23, 2024 11:03:03.467048883 CET503066780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:09.697951078 CET503086780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:15.967644930 CET503106780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:22.356915951 CET503126780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:28.663443089 CET503146780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:34.966449976 CET503166780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:41.246330976 CET503186780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:47.544411898 CET503206780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:03:53.776344061 CET503226780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:00.066346884 CET503246780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:06.339140892 CET503266780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:12.562036991 CET503286780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:19.050350904 CET503306780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:25.320878983 CET503326780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:31.602386951 CET503346780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:37.839603901 CET503366780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:44.128695011 CET503386780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:44.160820007 CET503386780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:44.186784983 CET503386780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:44.212898970 CET503386780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:44.239877939 CET503386780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:45.252651930 CET503406780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:51.579185009 CET503426780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:04:57.852067947 CET503446780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa
            Nov 23, 2024 11:05:04.130016088 CET503466780192.168.2.1595.234.158.87NICK [OSX|POWERPC]LOwa
            USER LOwa localhost localhost :LOwa

            System Behavior

            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:/tmp/yakuza.ppc.elf
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:01
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 902i13
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:03
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:03
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 902i13
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:04
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:04
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 BzSxLxBxeY
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:05
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:05
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 BzSxLxBxeY
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:06
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:06
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:06
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:06
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 HOHO-LUGO7
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:08
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:08
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 HOHO-LUGO7
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:09
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:09
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:09
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:09
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 HOHO-U79OL
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:10
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:10
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 HOHO-U79OL
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:11
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:11
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:11
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:11
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 JuYfouyf87
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:13
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:13
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 JuYfouyf87
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:14
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:14
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:14
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:14
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 NiGGeR69xd
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:15
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:15
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 NiGGeR69xd
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:16
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:16
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:16
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:16
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 SO190Ij1X
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:18
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:18
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 SO190Ij1X
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:19
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:19
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:19
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:19
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 LOLKIKEEEDDE
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:21
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:21
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 LOLKIKEEEDDE
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:22
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:22
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:22
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:22
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 ekjheory98e
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:24
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:24
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 ekjheory98e
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:25
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:25
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:25
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:25
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 scansh4
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:26
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:26
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 scansh4
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:27
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:27
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:27
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:27
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 MDMA
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:29
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:29
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 MDMA
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:30
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:30
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:30
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:30
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 fdevalvex
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:31
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:31
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 fdevalvex
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:32
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:32
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:32
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:32
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 scanspc
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:34
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:34
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 scanspc
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:35
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:35
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:35
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:35
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 MELTEDNINJAREALZ
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:36
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:36
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 MELTEDNINJAREALZ
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            Chronological Activities


            General

            Start time (UTC):10:03:37
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            Chronological Activities


            General

            Start time (UTC):10:03:37
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:37
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):10:03:37
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 flexsonskids
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            Chronological Activities


            General

            Start time (UTC):10:03:39
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:39
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 flexsonskids
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:40
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:40
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:40
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:40
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 scanx86
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:41
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:41
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 scanx86
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:42
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:42
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:42
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:42
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 MISAKI-U79OL
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:44
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:44
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 MISAKI-U79OL
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:45
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:45
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:45
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:45
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 foAxi102kxe
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:47
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:47
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 foAxi102kxe
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:48
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:48
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:48
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:48
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 swodjwodjwoj
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:49
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:49
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 swodjwodjwoj
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:50
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:50
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:50
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:50
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 MmKiy7f87l
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:52
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:52
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 MmKiy7f87l
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:53
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:53
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:53
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:53
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 freecookiex86
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:54
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:54
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 freecookiex86
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:55
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:55
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:55
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:55
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 sysgpu
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:56
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:56
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 sysgpu
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:03:57
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:03:57
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:57
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:57
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 NiGGeR69xd
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:03:59
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:03:59
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 NiGGeR69xd
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:00
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:00
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 frgege || busybox pkill -9 frgege"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:00
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:00
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 frgege
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:01
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:01
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 frgege
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:02
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:02
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:02
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:02
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 sysupdater
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:03
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:03
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 sysupdater
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:04
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:04
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 0DnAzepd
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:06
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:06
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 0DnAzepd
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:07
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:07
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:07
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:07
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 NiGGeRD0nks69
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:08
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:08
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 NiGGeRD0nks69
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:09
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:09
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:09
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:09
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 frgreu
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:10
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:10
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 frgreu
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:11
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:11
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:11
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:11
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 telnetd
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:13
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:13
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 telnetd
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:14
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:14
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:14
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:14
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 0x766f6964
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:15
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:15
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 0x766f6964
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:16
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:16
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:17
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:17
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 NiGGeRd0nks1337
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:18
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:18
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 NiGGeRd0nks1337
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:19
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:19
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 gaft || busybox pkill -9 gaft"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:19
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:19
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 gaft
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:21
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:21
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 gaft
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:22
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:22
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:22
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:22
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 urasgbsigboa
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:23
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:23
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 urasgbsigboa
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:24
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:24
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:24
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:24
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 120i3UI49
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:26
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:26
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 120i3UI49
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:27
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:27
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:27
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:27
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 OaF3
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:28
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:28
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 OaF3
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:29
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:29
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 geae || busybox pkill -9 geae"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:29
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:29
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 geae
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:30
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:30
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 geae
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:31
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:31
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:31
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:31
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 vaiolmao
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:32
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:32
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 vaiolmao
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:33
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:33
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 123123a || busybox pkill -9 123123a"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:33
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:33
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 123123a
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:35
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:35
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 123123a
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:36
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:36
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:36
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:36
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 Ofurain0n4H34D
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:37
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:37
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 Ofurain0n4H34D
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:38
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:38
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:38
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:38
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 ggTrex
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:40
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:40
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 ggTrex
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:41
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:41
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 wasads || busybox pkill -9 wasads"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:41
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:41
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 wasads
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:42
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:42
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 wasads
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:43
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:43
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:43
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:43
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 1293194hjXD
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:44
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:44
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 1293194hjXD
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:45
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:45
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:45
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:45
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 OthLaLosn
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:46
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:46
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 OthLaLosn
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:47
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:47
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 ggt || busybox pkill -9 ggt"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:47
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:47
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 ggt
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:49
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:49
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 ggt
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:50
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:50
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:50
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:50
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 wget-log
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:51
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:51
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 wget-log
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:52
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:52
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:52
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:52
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 1337SoraLOADER
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:54
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:54
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 1337SoraLOADER
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:55
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:55
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:55
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:55
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 SAIAKINA
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:56
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:56
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 SAIAKINA
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:57
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:57
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:57
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:57
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 ggtq
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:04:58
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:58
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 ggtq
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:04:59
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:04:59
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:59
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:04:59
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 1378bfp919GRB1Q2
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:05:01
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:01
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 1378bfp919GRB1Q2
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:05:02
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:05:02
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:02
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:02
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 SAIAKUSO
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:05:03
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:03
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 SAIAKUSO
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

            General

            Start time (UTC):10:05:04
            Start date (UTC):23/11/2024
            Path:/tmp/yakuza.ppc.elf
            Arguments:-
            File size:5388968 bytes
            MD5 hash:ae65271c943d3451b7f026d1fadccea6

            General

            Start time (UTC):10:05:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:04
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:04
            Start date (UTC):23/11/2024
            Path:/usr/bin/pkill
            Arguments:pkill -9 ggtr
            File size:30968 bytes
            MD5 hash:fa96a75a08109d8842e4865b2907d51f

            General

            Start time (UTC):10:05:06
            Start date (UTC):23/11/2024
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            General

            Start time (UTC):10:05:06
            Start date (UTC):23/11/2024
            Path:/usr/bin/busybox
            Arguments:busybox pkill -9 ggtr
            File size:2172376 bytes
            MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc