Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm7.elf

Overview

General Information

Sample name:arm7.elf
Analysis ID:1580049
MD5:0339b8bb2885aca57e37c1ddad2fa85f
SHA1:77121dca75a03ff36375875d1d52c4e0e9d1f0d2
SHA256:0fe97fa532739fcedcee2daf9067c3f59bf9a6f7c6c135e7852db32723574bf5
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Mirai
Contains symbols with names commonly found in malware
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580049
Start date and time:2024-12-23 19:51:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 0s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm7.elf
Detection:MAL
Classification:mal92.spre.troj.linELF@0/0@3/0
  • VT rate limit hit for: arm7.elf
Command:/tmp/arm7.elf
PID:5449
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
listening to tun0
Standard Error:
  • system is lnxubuntu20
  • arm7.elf (PID: 5449, Parent: 5376, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7.elf
    • arm7.elf New Fork (PID: 5451, Parent: 5449)
    • arm7.elf New Fork (PID: 5453, Parent: 5449)
  • udisksd New Fork (PID: 5483, Parent: 802)
  • dumpe2fs (PID: 5483, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 5507, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5507, Parent: 1588, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • systemd New Fork (PID: 5525, Parent: 1)
  • upowerd (PID: 5525, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • fusermount (PID: 5530, Parent: 2935, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • sh (PID: 5538, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5538, Parent: 1588, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 5570, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • gsd-print-notifications (PID: 5570, Parent: 1588, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications
  • wrapper-2.0 (PID: 5583, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • sh (PID: 5588, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5588, Parent: 1588, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • wrapper-2.0 (PID: 5589, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • sh (PID: 5592, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 5592, Parent: 1588, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • wrapper-2.0 (PID: 5593, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • sh (PID: 5601, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 5601, Parent: 1588, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • wrapper-2.0 (PID: 5602, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • sh (PID: 5603, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • systemd New Fork (PID: 5604, Parent: 1)
  • upowerd (PID: 5604, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • wrapper-2.0 (PID: 5607, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • sh (PID: 5643, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 5643, Parent: 1588, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • wrapper-2.0 (PID: 5644, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • udisksd New Fork (PID: 5645, Parent: 802)
  • dumpe2fs (PID: 5645, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • sh (PID: 5646, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 5646, Parent: 1588, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • sh (PID: 5647, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 5647, Parent: 1588, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • systemd New Fork (PID: 5650, Parent: 1)
  • upowerd (PID: 5650, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • sh (PID: 5688, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 5688, Parent: 1588, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 5689, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 5689, Parent: 1588, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • sh (PID: 5690, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 5690, Parent: 1588, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 5693, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 5693, Parent: 1588, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • udisksd New Fork (PID: 5695, Parent: 802)
  • dumpe2fs (PID: 5695, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 5696, Parent: 1)
  • upowerd (PID: 5696, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • systemd New Fork (PID: 5736, Parent: 1)
  • upowerd (PID: 5736, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
arm7.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-23T19:52:00.040143+010020304901Malware Command and Control Activity Detected192.168.2.135978487.120.114.3241277TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-23T19:52:01.196291+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:52:21.263214+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:52:40.980440+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:53:01.023827+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:53:21.686053+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:53:41.488855+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:54:01.106720+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:54:23.632545+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:54:41.214151+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:55:01.257306+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP
    2024-12-23T19:55:21.282768+010020304891Malware Command and Control Activity Detected87.120.114.3241277192.168.2.1359784TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: arm7.elfAvira: detected
    Source: arm7.elfReversingLabs: Detection: 55%

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.13:59784 -> 87.120.114.32:41277
    Source: Network trafficSuricata IDS: 2030489 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response : 87.120.114.32:41277 -> 192.168.2.13:59784
    Source: global trafficTCP traffic: 192.168.2.13:59784 -> 87.120.114.32:41277
    Source: /tmp/arm7.elf (PID: 5449)Socket: 127.0.0.1:6628Jump to behavior
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: fdh32fsdfhs.shop
    Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

    System Summary

    barindex
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_gre_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: ELF static info symbol of initial sampleName: attack_start
    Source: ELF static info symbol of initial sampleName: attack_tcp_ack
    Source: ELF static info symbol of initial sampleName: attack_tcp_bypass
    Source: ELF static info symbol of initial sampleName: attack_tcp_syn
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 797, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 802, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1444, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1475, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1480, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1482, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1588, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1604, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1748, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1751, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1755, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1765, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1804, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1832, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1866, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1875, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1879, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1881, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1884, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1891, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1906, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1921, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1922, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1925, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1930, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1940, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1944, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1946, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1969, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1982, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2926, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2972, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2974, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3095, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3104, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3117, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3122, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3161, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3162, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3163, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3164, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3165, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3170, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3182, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3208, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3209, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3212, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3225, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3246, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3300, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3310, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3327, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3336, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3342, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3375, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3413, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3420, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3424, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3429, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3434, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3448, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3642, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5507, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5525, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5538, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5583, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5589, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5570, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5588, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5592, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5593, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5601, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5602, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5603, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5604, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5607, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5644, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5643, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5646, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5647, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5650, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5688, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5689, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5690, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5693, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5696, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5736, result: successfulJump to behavior
    Source: arm7.elfELF static info symbol of initial sample: __gnu_unwind_execute
    Source: Initial sampleString containing 'busybox' found: /bin/busybox
    Source: Initial sampleString containing 'busybox' found: //proc/self/exe/bin/busybox/proc/%d/etc/systmp.d/proc//exe%s/lib/systemd/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-server/usr/lib/openssh/sftp-server/sys/system/dvr/main/usr/mnt/mtd/org/userfs/home/process/net_process/var/tmp/sonia/usr/sbin/usr/bin/mnt/gm/bin/var/Sofia/usr/sbin/sshd/usr/sbin/ntpd/usr/sbin/cupsd/usr/lib/apt/methods/http/usr/sbin/crond/usr/sbin/rsyslogd/usr/sbin/inetd/usr/sbin/dnsmasq/usr/bin/DVRServer/usr/bin/DVRShell/usr/bin/DVRControl/usr/bin/DVRRemoteAgent/usr/bin/DVRNetService
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 793, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 797, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 802, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1444, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1475, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1480, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1482, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1588, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1604, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1748, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1751, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1755, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1765, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1804, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1832, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1866, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1875, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1879, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1881, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1884, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1891, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1906, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1921, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1922, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1925, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1930, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1940, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1944, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1946, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1969, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 1982, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2926, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2972, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 2974, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3095, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3104, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3117, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3122, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3161, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3162, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3163, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3164, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3165, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3170, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3182, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3208, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3209, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3212, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3225, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3246, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3300, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3310, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3327, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3336, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3342, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3375, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3413, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3420, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3424, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3429, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3434, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3448, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 3642, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5507, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5525, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5538, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5583, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5589, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5570, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5588, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5592, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5593, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5601, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5602, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5603, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5604, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5607, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5644, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5643, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5646, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5647, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5650, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5688, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5689, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5690, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5693, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5696, result: successfulJump to behavior
    Source: /tmp/arm7.elf (PID: 5451)SIGKILL sent: pid: 5736, result: successfulJump to behavior
    Source: classification engineClassification label: mal92.spre.troj.linELF@0/0@3/0

    Persistence and Installation Behavior

    barindex
    Source: /bin/fusermount (PID: 5530)File: /proc/5530/mountsJump to behavior
    Source: /tmp/arm7.elf (PID: 5449)Queries kernel information via 'uname': Jump to behavior
    Source: /tmp/arm7.elf (PID: 5453)Queries kernel information via 'uname': Jump to behavior
    Source: arm7.elf, 5449.1.0000556ec0b77000.0000556ec0cc9000.rw-.sdmpBinary or memory string: nU!/etc/qemu-binfmt/arm
    Source: arm7.elf, 5449.1.0000556ec0b77000.0000556ec0cc9000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
    Source: arm7.elf, 5449.1.00007ffd63dda000.00007ffd63dfb000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
    Source: arm7.elf, 5449.1.00007ffd63dda000.00007ffd63dfb000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: arm7.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: TrafficSuricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response
    Source: Yara matchFile source: arm7.elf, type: SAMPLE
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading
    OS Credential Dumping11
    Security Software Discovery
    Remote ServicesData from Local System1
    Non-Standard Port
    Exfiltration Over Other Network Medium1
    Service Stop
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
    File and Directory Discovery
    Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580049 Sample: arm7.elf Startdate: 23/12/2024 Architecture: LINUX Score: 92 21 fdh32fsdfhs.shop 87.120.114.32, 41277, 59784 UNACS-AS-BG8000BurgasBG Bulgaria 2->21 23 daisy.ubuntu.com 2->23 27 Suricata IDS alerts for network traffic 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 Detected Mirai 2->31 33 3 other signatures 2->33 7 arm7.elf 2->7         started        9 gvfsd-fuse fusermount 2->9         started        12 gnome-session-binary sh gsd-sharing 2->12         started        14 27 other processes 2->14 signatures3 process4 signatures5 16 arm7.elf 7->16         started        19 arm7.elf 7->19         started        35 Sample reads /proc/mounts (often used for finding a writable filesystem) 9->35 process6 signatures7 25 Sample tries to kill multiple processes (SIGKILL) 16->25

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    arm7.elf55%ReversingLabsLinux.Backdoor.Mirai
    arm7.elf100%AviraLINUX/Mirai.bonb
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    162.213.35.25
    truefalse
      high
      fdh32fsdfhs.shop
      87.120.114.32
      truetrue
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        87.120.114.32
        fdh32fsdfhs.shopBulgaria
        25206UNACS-AS-BG8000BurgasBGtrue
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        87.120.114.32x86_64.elfGet hashmaliciousMiraiBrowse
          mips.elfGet hashmaliciousMiraiBrowse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            daisy.ubuntu.comarm6.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.25
            jackmyi686.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            jackmyarmv5.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.24
            jackmysparc.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            jackmyarmv6.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            jackmymips64.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.24
            jackmymipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            jackmyi586.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 162.213.35.25
            arm5.nn.elfGet hashmaliciousOkiruBrowse
            • 162.213.35.25
            arm.nn-20241223-1416.elfGet hashmaliciousOkiruBrowse
            • 162.213.35.24
            fdh32fsdfhs.shopx86_64.elfGet hashmaliciousMiraiBrowse
            • 87.120.114.32
            mips.elfGet hashmaliciousMiraiBrowse
            • 87.120.114.32
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            na.elfGet hashmaliciousMiraiBrowse
            • 93.123.39.116
            i586.elfGet hashmaliciousMiraiBrowse
            • 185.196.9.5
            i686.elfGet hashmaliciousMiraiBrowse
            • 185.196.9.5
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            UNACS-AS-BG8000BurgasBGx86_64.elfGet hashmaliciousMiraiBrowse
            • 87.120.114.32
            bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
            • 87.120.112.234
            bot.m68k.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
            • 87.120.112.234
            bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
            • 87.120.112.234
            bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
            • 87.120.112.234
            bot.arm5.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
            • 87.120.112.234
            bot.x86_64.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
            • 87.120.112.234
            t5lpvahkgypd7wy.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
            • 87.120.125.77
            List of required items and services.pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
            • 87.120.127.215
            g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
            • 87.120.127.215
            No context
            No context
            No created / dropped files found
            File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
            Entropy (8bit):5.9481550475974565
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:arm7.elf
            File size:135'037 bytes
            MD5:0339b8bb2885aca57e37c1ddad2fa85f
            SHA1:77121dca75a03ff36375875d1d52c4e0e9d1f0d2
            SHA256:0fe97fa532739fcedcee2daf9067c3f59bf9a6f7c6c135e7852db32723574bf5
            SHA512:d0f590fb1c5bce818c943262404a2c1d8bc7044cadb980d587fd7f44e60eac5d20da3a5b93e711f84e5c4566e5951be675310079ed4c53dbfd8c4c7f45b7ba35
            SSDEEP:3072:LN9sTZtmaqWH6AnE+96ntKOyXHKIPKM/9RRtn:LzsNtmaqWH6An79TdHKIiM/9hn
            TLSH:25D33B46E7418B13C4D61B79BAEB42063323AB5493DB73065928BFF43F867AE0E27505
            File Content Preview:.ELF..............(.........4...........4. ...(........p0%..0...0...................................H&..H&..............H&..H&..H&......`4..............L&..L&..L&..................Q.td..................................-...L..................@-.,@...0....S

            ELF header

            Class:ELF32
            Data:2's complement, little endian
            Version:1 (current)
            Machine:ARM
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x8194
            Flags:0x4000002
            ELF Header Size:52
            Program Header Offset:52
            Program Header Size:32
            Number of Program Headers:5
            Section Header Offset:102816
            Section Header Size:40
            Number of Section Headers:29
            Header String Table Index:26
            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x80d40xd40x100x00x6AX004
            .textPROGBITS0x80f00xf00x109bc0x00x6AX0016
            .finiPROGBITS0x18aac0x10aac0x100x00x6AX004
            .rodataPROGBITS0x18ac00x10ac00x1a580x00x2A008
            .ARM.extabPROGBITS0x1a5180x125180x180x00x2A004
            .ARM.exidxARM_EXIDX0x1a5300x125300x1180x00x82AL204
            .eh_framePROGBITS0x226480x126480x40x00x3WA004
            .tbssNOBITS0x2264c0x1264c0x80x00x403WAT004
            .init_arrayINIT_ARRAY0x2264c0x1264c0x40x00x3WA004
            .fini_arrayFINI_ARRAY0x226500x126500x40x00x3WA004
            .jcrPROGBITS0x226540x126540x40x00x3WA004
            .gotPROGBITS0x226580x126580xa80x40x3WA004
            .dataPROGBITS0x227000x127000x2500x00x3WA004
            .bssNOBITS0x229500x129500x31580x00x3WA008
            .commentPROGBITS0x00x129500xbc20x00x0001
            .debug_arangesPROGBITS0x00x135180x1400x00x0008
            .debug_pubnamesPROGBITS0x00x136580x2130x00x0001
            .debug_infoPROGBITS0x00x1386b0x20430x00x0001
            .debug_abbrevPROGBITS0x00x158ae0x6e20x00x0001
            .debug_linePROGBITS0x00x15f900xe760x00x0001
            .debug_framePROGBITS0x00x16e080x2b80x00x0004
            .debug_strPROGBITS0x00x170c00x8ca0x10x30MS001
            .debug_locPROGBITS0x00x1798a0x118f0x00x0001
            .debug_rangesPROGBITS0x00x18b190x5580x00x0001
            .ARM.attributesARM_ATTRIBUTES0x00x190710x160x00x0001
            .shstrtabSTRTAB0x00x190870x1170x00x0001
            .symtabSYMTAB0x00x196280x50c00x100x0287394
            .strtabSTRTAB0x00x1e6e80x28950x00x0001
            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            EXIDX0x125300x1a5300x1a5300x1180x1184.44960x4R 0x4.ARM.exidx
            LOAD0x00x80000x80000x126480x126486.15390x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
            LOAD0x126480x226480x226480x3080x34604.08960x6RW 0x8000.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
            TLS0x1264c0x2264c0x2264c0x00x80.00000x4R 0x4.tbss
            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            .symtab0x80d40SECTION<unknown>DEFAULT1
            .symtab0x80f00SECTION<unknown>DEFAULT2
            .symtab0x18aac0SECTION<unknown>DEFAULT3
            .symtab0x18ac00SECTION<unknown>DEFAULT4
            .symtab0x1a5180SECTION<unknown>DEFAULT5
            .symtab0x1a5300SECTION<unknown>DEFAULT6
            .symtab0x226480SECTION<unknown>DEFAULT7
            .symtab0x2264c0SECTION<unknown>DEFAULT8
            .symtab0x2264c0SECTION<unknown>DEFAULT9
            .symtab0x226500SECTION<unknown>DEFAULT10
            .symtab0x226540SECTION<unknown>DEFAULT11
            .symtab0x226580SECTION<unknown>DEFAULT12
            .symtab0x227000SECTION<unknown>DEFAULT13
            .symtab0x229500SECTION<unknown>DEFAULT14
            .symtab0x00SECTION<unknown>DEFAULT15
            .symtab0x00SECTION<unknown>DEFAULT16
            .symtab0x00SECTION<unknown>DEFAULT17
            .symtab0x00SECTION<unknown>DEFAULT18
            .symtab0x00SECTION<unknown>DEFAULT19
            .symtab0x00SECTION<unknown>DEFAULT20
            .symtab0x00SECTION<unknown>DEFAULT21
            .symtab0x00SECTION<unknown>DEFAULT22
            .symtab0x00SECTION<unknown>DEFAULT23
            .symtab0x00SECTION<unknown>DEFAULT24
            .symtab0x00SECTION<unknown>DEFAULT25
            $a.symtab0x80d40NOTYPE<unknown>DEFAULT1
            $a.symtab0x18aac0NOTYPE<unknown>DEFAULT3
            $a.symtab0x80e00NOTYPE<unknown>DEFAULT1
            $a.symtab0x18ab80NOTYPE<unknown>DEFAULT3
            $a.symtab0x80f00NOTYPE<unknown>DEFAULT2
            $a.symtab0x81340NOTYPE<unknown>DEFAULT2
            $a.symtab0x81940NOTYPE<unknown>DEFAULT2
            $a.symtab0x81d00NOTYPE<unknown>DEFAULT2
            $a.symtab0x82cc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x84e80NOTYPE<unknown>DEFAULT2
            $a.symtab0x85540NOTYPE<unknown>DEFAULT2
            $a.symtab0x85c40NOTYPE<unknown>DEFAULT2
            $a.symtab0x87700NOTYPE<unknown>DEFAULT2
            $a.symtab0x8da00NOTYPE<unknown>DEFAULT2
            $a.symtab0x905c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x97580NOTYPE<unknown>DEFAULT2
            $a.symtab0x9eb80NOTYPE<unknown>DEFAULT2
            $a.symtab0xa20c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xa25c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xa3000NOTYPE<unknown>DEFAULT2
            $a.symtab0xa34c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xa3a40NOTYPE<unknown>DEFAULT2
            $a.symtab0xa3c80NOTYPE<unknown>DEFAULT2
            $a.symtab0xa4d80NOTYPE<unknown>DEFAULT2
            $a.symtab0xa6e40NOTYPE<unknown>DEFAULT2
            $a.symtab0xa7740NOTYPE<unknown>DEFAULT2
            $a.symtab0xa78c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xa8e40NOTYPE<unknown>DEFAULT2
            $a.symtab0xa9680NOTYPE<unknown>DEFAULT2
            $a.symtab0xb1800NOTYPE<unknown>DEFAULT2
            $a.symtab0xb2380NOTYPE<unknown>DEFAULT2
            $a.symtab0xb2940NOTYPE<unknown>DEFAULT2
            $a.symtab0xb2fc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xb3d80NOTYPE<unknown>DEFAULT2
            $a.symtab0xb4000NOTYPE<unknown>DEFAULT2
            $a.symtab0xb9080NOTYPE<unknown>DEFAULT2
            $a.symtab0xb92c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xb9cc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xba6c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc3540NOTYPE<unknown>DEFAULT2
            $a.symtab0xc37c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc3c40NOTYPE<unknown>DEFAULT2
            $a.symtab0xc3e80NOTYPE<unknown>DEFAULT2
            $a.symtab0xc40c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc5480NOTYPE<unknown>DEFAULT2
            $a.symtab0xc5dc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc6f00NOTYPE<unknown>DEFAULT2
            $a.symtab0xc7040NOTYPE<unknown>DEFAULT2
            $a.symtab0xc79c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc8900NOTYPE<unknown>DEFAULT2
            $a.symtab0xc8a40NOTYPE<unknown>DEFAULT2
            $a.symtab0xc9840NOTYPE<unknown>DEFAULT2
            $a.symtab0xc9bc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xc9fc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xca400NOTYPE<unknown>DEFAULT2
            $a.symtab0xca840NOTYPE<unknown>DEFAULT2
            $a.symtab0xcac40NOTYPE<unknown>DEFAULT2
            $a.symtab0xcb300NOTYPE<unknown>DEFAULT2
            $a.symtab0xcb740NOTYPE<unknown>DEFAULT2
            $a.symtab0xcbf80NOTYPE<unknown>DEFAULT2
            $a.symtab0xcc380NOTYPE<unknown>DEFAULT2
            $a.symtab0xccc40NOTYPE<unknown>DEFAULT2
            $a.symtab0xcd280NOTYPE<unknown>DEFAULT2
            $a.symtab0xcd580NOTYPE<unknown>DEFAULT2
            $a.symtab0xcd940NOTYPE<unknown>DEFAULT2
            $a.symtab0xcdd40NOTYPE<unknown>DEFAULT2
            $a.symtab0xcf4c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xd05c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xd12c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xd1f00NOTYPE<unknown>DEFAULT2
            $a.symtab0xd2a00NOTYPE<unknown>DEFAULT2
            $a.symtab0xd3880NOTYPE<unknown>DEFAULT2
            $a.symtab0xd4300NOTYPE<unknown>DEFAULT2
            $a.symtab0xd4500NOTYPE<unknown>DEFAULT2
            $a.symtab0xd4840NOTYPE<unknown>DEFAULT2
            $a.symtab0xd7b40NOTYPE<unknown>DEFAULT2
            $a.symtab0xd7d40NOTYPE<unknown>DEFAULT2
            $a.symtab0xd8040NOTYPE<unknown>DEFAULT2
            $a.symtab0xd8d40NOTYPE<unknown>DEFAULT2
            $a.symtab0xdd340NOTYPE<unknown>DEFAULT2
            $a.symtab0xddb40NOTYPE<unknown>DEFAULT2
            $a.symtab0xdf180NOTYPE<unknown>DEFAULT2
            $a.symtab0xdf480NOTYPE<unknown>DEFAULT2
            $a.symtab0xe7140NOTYPE<unknown>DEFAULT2
            $a.symtab0xe7b40NOTYPE<unknown>DEFAULT2
            $a.symtab0xe7f80NOTYPE<unknown>DEFAULT2
            $a.symtab0xe9a80NOTYPE<unknown>DEFAULT2
            $a.symtab0xe9fc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xef6c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xf21c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xf5c80NOTYPE<unknown>DEFAULT2
            $a.symtab0xf6000NOTYPE<unknown>DEFAULT2
            $a.symtab0xf6c00NOTYPE<unknown>DEFAULT2
            $a.symtab0xf6d00NOTYPE<unknown>DEFAULT2
            $a.symtab0xf6e00NOTYPE<unknown>DEFAULT2
            $a.symtab0xf7800NOTYPE<unknown>DEFAULT2
            $a.symtab0xf7a00NOTYPE<unknown>DEFAULT2
            $a.symtab0xf8000NOTYPE<unknown>DEFAULT2
            $a.symtab0xf8280NOTYPE<unknown>DEFAULT2
            $a.symtab0xf8f40NOTYPE<unknown>DEFAULT2
            $a.symtab0xf9f00NOTYPE<unknown>DEFAULT2
            $a.symtab0xfa080NOTYPE<unknown>DEFAULT2
            $a.symtab0xfb140NOTYPE<unknown>DEFAULT2
            $a.symtab0xfb380NOTYPE<unknown>DEFAULT2
            $a.symtab0xfbb40NOTYPE<unknown>DEFAULT2
            $a.symtab0xfbdc0NOTYPE<unknown>DEFAULT2
            $a.symtab0xfc200NOTYPE<unknown>DEFAULT2
            $a.symtab0xfc940NOTYPE<unknown>DEFAULT2
            $a.symtab0xfcd80NOTYPE<unknown>DEFAULT2
            $a.symtab0xfd1c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xfd900NOTYPE<unknown>DEFAULT2
            $a.symtab0xfdd40NOTYPE<unknown>DEFAULT2
            $a.symtab0xfe1c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xfe5c0NOTYPE<unknown>DEFAULT2
            $a.symtab0xfea00NOTYPE<unknown>DEFAULT2
            $a.symtab0xff100NOTYPE<unknown>DEFAULT2
            $a.symtab0xff580NOTYPE<unknown>DEFAULT2
            $a.symtab0xffe00NOTYPE<unknown>DEFAULT2
            $a.symtab0x100240NOTYPE<unknown>DEFAULT2
            $a.symtab0x100940NOTYPE<unknown>DEFAULT2
            $a.symtab0x100e00NOTYPE<unknown>DEFAULT2
            $a.symtab0x101680NOTYPE<unknown>DEFAULT2
            $a.symtab0x101b00NOTYPE<unknown>DEFAULT2
            $a.symtab0x101f40NOTYPE<unknown>DEFAULT2
            $a.symtab0x102440NOTYPE<unknown>DEFAULT2
            $a.symtab0x102580NOTYPE<unknown>DEFAULT2
            $a.symtab0x1031c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x103880NOTYPE<unknown>DEFAULT2
            $a.symtab0x10d380NOTYPE<unknown>DEFAULT2
            $a.symtab0x10e780NOTYPE<unknown>DEFAULT2
            $a.symtab0x112380NOTYPE<unknown>DEFAULT2
            $a.symtab0x116d80NOTYPE<unknown>DEFAULT2
            $a.symtab0x117180NOTYPE<unknown>DEFAULT2
            $a.symtab0x118400NOTYPE<unknown>DEFAULT2
            $a.symtab0x118580NOTYPE<unknown>DEFAULT2
            $a.symtab0x118fc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x119b40NOTYPE<unknown>DEFAULT2
            $a.symtab0x11a740NOTYPE<unknown>DEFAULT2
            $a.symtab0x11b180NOTYPE<unknown>DEFAULT2
            $a.symtab0x11ba80NOTYPE<unknown>DEFAULT2
            $a.symtab0x11c800NOTYPE<unknown>DEFAULT2
            $a.symtab0x11d780NOTYPE<unknown>DEFAULT2
            $a.symtab0x11e640NOTYPE<unknown>DEFAULT2
            $a.symtab0x11e840NOTYPE<unknown>DEFAULT2
            $a.symtab0x11ea00NOTYPE<unknown>DEFAULT2
            $a.symtab0x120780NOTYPE<unknown>DEFAULT2
            $a.symtab0x1213c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x122880NOTYPE<unknown>DEFAULT2
            $a.symtab0x128ac0NOTYPE<unknown>DEFAULT2
            $a.symtab0x128fc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x12cc80NOTYPE<unknown>DEFAULT2
            $a.symtab0x12d600NOTYPE<unknown>DEFAULT2
            $a.symtab0x12da80NOTYPE<unknown>DEFAULT2
            $a.symtab0x12e980NOTYPE<unknown>DEFAULT2
            $a.symtab0x12fd40NOTYPE<unknown>DEFAULT2
            $a.symtab0x1302c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x130340NOTYPE<unknown>DEFAULT2
            $a.symtab0x130640NOTYPE<unknown>DEFAULT2
            $a.symtab0x130bc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x130c40NOTYPE<unknown>DEFAULT2
            $a.symtab0x130f40NOTYPE<unknown>DEFAULT2
            $a.symtab0x1314c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x131540NOTYPE<unknown>DEFAULT2
            $a.symtab0x131840NOTYPE<unknown>DEFAULT2
            $a.symtab0x131dc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x131e40NOTYPE<unknown>DEFAULT2
            $a.symtab0x132100NOTYPE<unknown>DEFAULT2
            $a.symtab0x132980NOTYPE<unknown>DEFAULT2
            $a.symtab0x133740NOTYPE<unknown>DEFAULT2
            $a.symtab0x134340NOTYPE<unknown>DEFAULT2
            $a.symtab0x134880NOTYPE<unknown>DEFAULT2
            $a.symtab0x134e00NOTYPE<unknown>DEFAULT2
            $a.symtab0x138cc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x139240NOTYPE<unknown>DEFAULT2
            $a.symtab0x139a00NOTYPE<unknown>DEFAULT2
            $a.symtab0x139cc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13a540NOTYPE<unknown>DEFAULT2
            $a.symtab0x13a5c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13a680NOTYPE<unknown>DEFAULT2
            $a.symtab0x13a800NOTYPE<unknown>DEFAULT2
            $a.symtab0x13a900NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ad00NOTYPE<unknown>DEFAULT2
            $a.symtab0x13b380NOTYPE<unknown>DEFAULT2
            $a.symtab0x13b9c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13c3c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13c680NOTYPE<unknown>DEFAULT2
            $a.symtab0x13c7c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13c900NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ca40NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ccc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13d040NOTYPE<unknown>DEFAULT2
            $a.symtab0x13d440NOTYPE<unknown>DEFAULT2
            $a.symtab0x13d580NOTYPE<unknown>DEFAULT2
            $a.symtab0x13d980NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ddc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13e1c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13e5c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ebc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x13ed00NOTYPE<unknown>DEFAULT2
            $a.symtab0x13fbc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x143600NOTYPE<unknown>DEFAULT2
            $a.symtab0x143b40NOTYPE<unknown>DEFAULT2
            $a.symtab0x143d80NOTYPE<unknown>DEFAULT2
            $a.symtab0x144940NOTYPE<unknown>DEFAULT2
            $a.symtab0x145700NOTYPE<unknown>DEFAULT2
            $a.symtab0x146b00NOTYPE<unknown>DEFAULT2
            $a.symtab0x1478c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x148000NOTYPE<unknown>DEFAULT2
            $a.symtab0x1482c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x149880NOTYPE<unknown>DEFAULT2
            $a.symtab0x1517c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x152c00NOTYPE<unknown>DEFAULT2
            $a.symtab0x153dc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x155080NOTYPE<unknown>DEFAULT2
            $a.symtab0x155b00NOTYPE<unknown>DEFAULT2
            $a.symtab0x15a400NOTYPE<unknown>DEFAULT2
            $a.symtab0x15b300NOTYPE<unknown>DEFAULT2
            $a.symtab0x15b540NOTYPE<unknown>DEFAULT2
            $a.symtab0x15c340NOTYPE<unknown>DEFAULT2
            $a.symtab0x15d240NOTYPE<unknown>DEFAULT2
            $a.symtab0x15e100NOTYPE<unknown>DEFAULT2
            $a.symtab0x15e540NOTYPE<unknown>DEFAULT2
            $a.symtab0x15ea40NOTYPE<unknown>DEFAULT2
            $a.symtab0x15ef00NOTYPE<unknown>DEFAULT2
            $a.symtab0x15fe80NOTYPE<unknown>DEFAULT2
            $a.symtab0x160600NOTYPE<unknown>DEFAULT2
            $a.symtab0x160c80NOTYPE<unknown>DEFAULT2
            $a.symtab0x1631c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x163280NOTYPE<unknown>DEFAULT2
            $a.symtab0x163600NOTYPE<unknown>DEFAULT2
            $a.symtab0x163b80NOTYPE<unknown>DEFAULT2
            $a.symtab0x163c40NOTYPE<unknown>DEFAULT2
            $a.symtab0x1650c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x165300NOTYPE<unknown>DEFAULT2
            $a.symtab0x166f00NOTYPE<unknown>DEFAULT2
            $a.symtab0x167480NOTYPE<unknown>DEFAULT2
            $a.symtab0x168100NOTYPE<unknown>DEFAULT2
            $a.symtab0x168400NOTYPE<unknown>DEFAULT2
            $a.symtab0x168e40NOTYPE<unknown>DEFAULT2
            $a.symtab0x169200NOTYPE<unknown>DEFAULT2
            $a.symtab0x169600NOTYPE<unknown>DEFAULT2
            $a.symtab0x169d00NOTYPE<unknown>DEFAULT2
            $a.symtab0x16b140NOTYPE<unknown>DEFAULT2
            $a.symtab0x16f300NOTYPE<unknown>DEFAULT2
            $a.symtab0x173cc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x1750c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x175600NOTYPE<unknown>DEFAULT2
            $a.symtab0x175ac0NOTYPE<unknown>DEFAULT2
            $a.symtab0x175f80NOTYPE<unknown>DEFAULT2
            $a.symtab0x176000NOTYPE<unknown>DEFAULT2
            $a.symtab0x176040NOTYPE<unknown>DEFAULT2
            $a.symtab0x176300NOTYPE<unknown>DEFAULT2
            $a.symtab0x1763c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x176480NOTYPE<unknown>DEFAULT2
            $a.symtab0x178680NOTYPE<unknown>DEFAULT2
            $a.symtab0x179b80NOTYPE<unknown>DEFAULT2
            $a.symtab0x179d40NOTYPE<unknown>DEFAULT2
            $a.symtab0x17a340NOTYPE<unknown>DEFAULT2
            $a.symtab0x17aa00NOTYPE<unknown>DEFAULT2
            $a.symtab0x17b580NOTYPE<unknown>DEFAULT2
            $a.symtab0x17b780NOTYPE<unknown>DEFAULT2
            $a.symtab0x17cbc0NOTYPE<unknown>DEFAULT2
            $a.symtab0x182040NOTYPE<unknown>DEFAULT2
            $a.symtab0x1820c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x182140NOTYPE<unknown>DEFAULT2
            $a.symtab0x1821c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x182d80NOTYPE<unknown>DEFAULT2
            $a.symtab0x1831c0NOTYPE<unknown>DEFAULT2
            $a.symtab0x18a300NOTYPE<unknown>DEFAULT2
            $a.symtab0x18a780NOTYPE<unknown>DEFAULT2
            $d.symtab0x81280NOTYPE<unknown>DEFAULT2
            $d.symtab0x226500NOTYPE<unknown>DEFAULT10
            $d.symtab0x81800NOTYPE<unknown>DEFAULT2
            $d.symtab0x2264c0NOTYPE<unknown>DEFAULT9
            $d.symtab0x81c40NOTYPE<unknown>DEFAULT2
            $d.symtab0x82c40NOTYPE<unknown>DEFAULT2
            $d.symtab0x87540NOTYPE<unknown>DEFAULT2
            $d.symtab0x8d9c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x97540NOTYPE<unknown>DEFAULT2
            $d.symtab0x9eb40NOTYPE<unknown>DEFAULT2
            $d.symtab0xa2080NOTYPE<unknown>DEFAULT2
            $d.symtab0xa3480NOTYPE<unknown>DEFAULT2
            $d.symtab0xa3980NOTYPE<unknown>DEFAULT2
            $d.symtab0xa3c40NOTYPE<unknown>DEFAULT2
            $d.symtab0xa4c80NOTYPE<unknown>DEFAULT2
            $d.symtab0xa6c80NOTYPE<unknown>DEFAULT2
            $d.symtab0xa76c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x18d240NOTYPE<unknown>DEFAULT4
            $d.symtab0xa7840NOTYPE<unknown>DEFAULT2
            $d.symtab0xa8d80NOTYPE<unknown>DEFAULT2
            $d.symtab0xa9600NOTYPE<unknown>DEFAULT2
            $d.symtab0xb1300NOTYPE<unknown>DEFAULT2
            $d.symtab0x227000NOTYPE<unknown>DEFAULT13
            $d.symtab0x227040NOTYPE<unknown>DEFAULT13
            $d.symtab0x227080NOTYPE<unknown>DEFAULT13
            $d.symtab0x2270c0NOTYPE<unknown>DEFAULT13
            $d.symtab0x227540NOTYPE<unknown>DEFAULT13
            $d.symtab0xb2340NOTYPE<unknown>DEFAULT2
            $d.symtab0xb2840NOTYPE<unknown>DEFAULT2
            $d.symtab0xb2ec0NOTYPE<unknown>DEFAULT2
            $d.symtab0xb3c80NOTYPE<unknown>DEFAULT2
            $d.symtab0xb9280NOTYPE<unknown>DEFAULT2
            $d.symtab0xb9c40NOTYPE<unknown>DEFAULT2
            $d.symtab0xba640NOTYPE<unknown>DEFAULT2
            $d.symtab0xc2700NOTYPE<unknown>DEFAULT2
            $d.symtab0x227580NOTYPE<unknown>DEFAULT13
            $d.symtab0x00NOTYPE<unknown>DEFAULT21
            $d.symtab0x200NOTYPE<unknown>DEFAULT21
            $d.symtab0x260NOTYPE<unknown>DEFAULT21
            $d.symtab0xc7940NOTYPE<unknown>DEFAULT2
            $d.symtab0xc8800NOTYPE<unknown>DEFAULT2
            $d.symtab0xc9740NOTYPE<unknown>DEFAULT2
            $d.symtab0xc9b80NOTYPE<unknown>DEFAULT2
            $d.symtab0xc9f80NOTYPE<unknown>DEFAULT2
            $d.symtab0xca3c0NOTYPE<unknown>DEFAULT2
            $d.symtab0xca800NOTYPE<unknown>DEFAULT2
            $d.symtab0xcac00NOTYPE<unknown>DEFAULT2
            $d.symtab0xcb280NOTYPE<unknown>DEFAULT2
            $d.symtab0xcb700NOTYPE<unknown>DEFAULT2
            $d.symtab0xcbf00NOTYPE<unknown>DEFAULT2
            $d.symtab0xcc340NOTYPE<unknown>DEFAULT2
            $d.symtab0xccc00NOTYPE<unknown>DEFAULT2
            $d.symtab0xcd240NOTYPE<unknown>DEFAULT2
            $d.symtab0xcd900NOTYPE<unknown>DEFAULT2
            $d.symtab0xcdd00NOTYPE<unknown>DEFAULT2
            $d.symtab0xd0400NOTYPE<unknown>DEFAULT2
            $d.symtab0xd1240NOTYPE<unknown>DEFAULT2
            $d.symtab0xd1e40NOTYPE<unknown>DEFAULT2
            $d.symtab0xd2980NOTYPE<unknown>DEFAULT2
            $d.symtab0x194bc0NOTYPE<unknown>DEFAULT4
            $d.symtab0xd3740NOTYPE<unknown>DEFAULT2
            $d.symtab0xd41c0NOTYPE<unknown>DEFAULT2
            $d.symtab0xd44c0NOTYPE<unknown>DEFAULT2
            $d.symtab0xd4800NOTYPE<unknown>DEFAULT2
            $d.symtab0xd7a40NOTYPE<unknown>DEFAULT2
            $d.symtab0xd8cc0NOTYPE<unknown>DEFAULT2
            $d.symtab0xdd000NOTYPE<unknown>DEFAULT2
            $d.symtab0xdda40NOTYPE<unknown>DEFAULT2
            $d.symtab0xdefc0NOTYPE<unknown>DEFAULT2
            $d.symtab0x227600NOTYPE<unknown>DEFAULT13
            $d.symtab0x2275c0NOTYPE<unknown>DEFAULT13
            $d.symtab0xe6f00NOTYPE<unknown>DEFAULT2
            $d.symtab0x1952c0NOTYPE<unknown>DEFAULT4
            $d.symtab0xe9a40NOTYPE<unknown>DEFAULT2
            $d.symtab0xe9f00NOTYPE<unknown>DEFAULT2
            $d.symtab0xef3c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x228440NOTYPE<unknown>DEFAULT13
            $d.symtab0x195340NOTYPE<unknown>DEFAULT4
            $d.symtab0xf2000NOTYPE<unknown>DEFAULT2
            $d.symtab0xf5b00NOTYPE<unknown>DEFAULT2
            $d.symtab0xf6b80NOTYPE<unknown>DEFAULT2
            $d.symtab0xf8ec0NOTYPE<unknown>DEFAULT2
            $d.symtab0xfb040NOTYPE<unknown>DEFAULT2
            $d.symtab0x195b80NOTYPE<unknown>DEFAULT4
            $d.symtab0xfbb00NOTYPE<unknown>DEFAULT2
            $d.symtab0xfc180NOTYPE<unknown>DEFAULT2
            $d.symtab0xfc8c0NOTYPE<unknown>DEFAULT2
            $d.symtab0xfcd00NOTYPE<unknown>DEFAULT2
            $d.symtab0xfd140NOTYPE<unknown>DEFAULT2
            $d.symtab0xfd880NOTYPE<unknown>DEFAULT2
            $d.symtab0xfdcc0NOTYPE<unknown>DEFAULT2
            $d.symtab0xfe140NOTYPE<unknown>DEFAULT2
            $d.symtab0xfe580NOTYPE<unknown>DEFAULT2
            $d.symtab0xfe980NOTYPE<unknown>DEFAULT2
            $d.symtab0xff080NOTYPE<unknown>DEFAULT2
            $d.symtab0xff540NOTYPE<unknown>DEFAULT2
            $d.symtab0xffd80NOTYPE<unknown>DEFAULT2
            $d.symtab0x1001c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x1008c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x100d80NOTYPE<unknown>DEFAULT2
            $d.symtab0x101600NOTYPE<unknown>DEFAULT2
            $d.symtab0x101a80NOTYPE<unknown>DEFAULT2
            $d.symtab0x101ec0NOTYPE<unknown>DEFAULT2
            $d.symtab0x102400NOTYPE<unknown>DEFAULT2
            $d.symtab0x103100NOTYPE<unknown>DEFAULT2
            $d.symtab0x10d140NOTYPE<unknown>DEFAULT2
            $d.symtab0x228480NOTYPE<unknown>DEFAULT13
            $d.symtab0x10e5c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x112180NOTYPE<unknown>DEFAULT2
            $d.symtab0x116bc0NOTYPE<unknown>DEFAULT2
            $d.symtab0x117100NOTYPE<unknown>DEFAULT2
            $d.symtab0x1182c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x228600NOTYPE<unknown>DEFAULT13
            $d.symtab0x118e00NOTYPE<unknown>DEFAULT2
            $d.symtab0x119980NOTYPE<unknown>DEFAULT2
            $d.symtab0x11a580NOTYPE<unknown>DEFAULT2
            $d.symtab0x11afc0NOTYPE<unknown>DEFAULT2
            $d.symtab0x228780NOTYPE<unknown>DEFAULT13
            $d.symtab0x229100NOTYPE<unknown>DEFAULT13
            $d.symtab0x11ba40NOTYPE<unknown>DEFAULT2
            $d.symtab0x11c740NOTYPE<unknown>DEFAULT2
            $d.symtab0x11d680NOTYPE<unknown>DEFAULT2
            $d.symtab0x11e580NOTYPE<unknown>DEFAULT2
            $d.symtab0x1a1240NOTYPE<unknown>DEFAULT4
            $d.symtab0x120680NOTYPE<unknown>DEFAULT2
            $d.symtab0x1211c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x229240NOTYPE<unknown>DEFAULT13
            $d.symtab0x122640NOTYPE<unknown>DEFAULT2
            $d.symtab0x128800NOTYPE<unknown>DEFAULT2
            $d.symtab0x128f80NOTYPE<unknown>DEFAULT2
            $d.symtab0x12ca00NOTYPE<unknown>DEFAULT2
            $d.symtab0x12e8c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x12fb80NOTYPE<unknown>DEFAULT2
            $d.symtab0x12fd00NOTYPE<unknown>DEFAULT2
            $d.symtab0x130600NOTYPE<unknown>DEFAULT2
            $d.symtab0x130f00NOTYPE<unknown>DEFAULT2
            $d.symtab0x131800NOTYPE<unknown>DEFAULT2
            $d.symtab0x1336c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x134200NOTYPE<unknown>DEFAULT2
            $d.symtab0x134800NOTYPE<unknown>DEFAULT2
            $d.symtab0x134d40NOTYPE<unknown>DEFAULT2
            $d.symtab0x138800NOTYPE<unknown>DEFAULT2
            $d.symtab0x2293c0NOTYPE<unknown>DEFAULT13
            $d.symtab0x139180NOTYPE<unknown>DEFAULT2
            $d.symtab0x139980NOTYPE<unknown>DEFAULT2
            $d.symtab0x139c80NOTYPE<unknown>DEFAULT2
            $d.symtab0x13a480NOTYPE<unknown>DEFAULT2
            $d.symtab0x13acc0NOTYPE<unknown>DEFAULT2
            $d.symtab0x13b300NOTYPE<unknown>DEFAULT2
            $d.symtab0x13b980NOTYPE<unknown>DEFAULT2
            $d.symtab0x13c380NOTYPE<unknown>DEFAULT2
            $d.symtab0x13cc40NOTYPE<unknown>DEFAULT2
            $d.symtab0x13d000NOTYPE<unknown>DEFAULT2
            $d.symtab0x13d400NOTYPE<unknown>DEFAULT2
            $d.symtab0x13d940NOTYPE<unknown>DEFAULT2
            $d.symtab0x13dd80NOTYPE<unknown>DEFAULT2
            $d.symtab0x13e180NOTYPE<unknown>DEFAULT2
            $d.symtab0x13e580NOTYPE<unknown>DEFAULT2
            $d.symtab0x13eb40NOTYPE<unknown>DEFAULT2
            $d.symtab0x13fa80NOTYPE<unknown>DEFAULT2
            $d.symtab0x143580NOTYPE<unknown>DEFAULT2
            $d.symtab0x144900NOTYPE<unknown>DEFAULT2
            $d.symtab0x1456c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x147880NOTYPE<unknown>DEFAULT2
            $d.symtab0x1515c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x1a4d00NOTYPE<unknown>DEFAULT4
            $d.symtab0x155000NOTYPE<unknown>DEFAULT2
            $d.symtab0x15b280NOTYPE<unknown>DEFAULT2
            $d.symtab0x15c2c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x15d1c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x15e080NOTYPE<unknown>DEFAULT2
            $d.symtab0x15fe00NOTYPE<unknown>DEFAULT2
            $d.symtab0x160480NOTYPE<unknown>DEFAULT2
            $d.symtab0x160b80NOTYPE<unknown>DEFAULT2
            $d.symtab0x162f40NOTYPE<unknown>DEFAULT2
            $d.symtab0x163540NOTYPE<unknown>DEFAULT2
            $d.symtab0x165040NOTYPE<unknown>DEFAULT2
            $d.symtab0x166ec0NOTYPE<unknown>DEFAULT2
            $d.symtab0x1680c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x168e00NOTYPE<unknown>DEFAULT2
            $d.symtab0x169cc0NOTYPE<unknown>DEFAULT2
            $d.symtab0x2c0NOTYPE<unknown>DEFAULT21
            $d.symtab0x4c0NOTYPE<unknown>DEFAULT21
            $d.symtab0x530NOTYPE<unknown>DEFAULT21
            $d.symtab0x1784c0NOTYPE<unknown>DEFAULT2
            $d.symtab0x181f40NOTYPE<unknown>DEFAULT2
            $d.symtab0x580NOTYPE<unknown>DEFAULT21
            $d.symtab0x00NOTYPE<unknown>DEFAULT23
            $d.symtab0x23c0NOTYPE<unknown>DEFAULT21
            $d.symtab0xe390NOTYPE<unknown>DEFAULT23
            $d.symtab0x229480NOTYPE<unknown>DEFAULT13
            $d.symtab0x1a1b60NOTYPE<unknown>DEFAULT4
            C.11.5548.symtab0x1a19412OBJECT<unknown>DEFAULT4
            C.2.4963.symtab0x18d24132OBJECT<unknown>DEFAULT4
            C.5.5083.symtab0x194bc24OBJECT<unknown>DEFAULT4
            C.7.5370.symtab0x1a1a012OBJECT<unknown>DEFAULT4
            C.7.6078.symtab0x194d412OBJECT<unknown>DEFAULT4
            C.7.6109.symtab0x1950412OBJECT<unknown>DEFAULT4
            C.7.6182.symtab0x194e012OBJECT<unknown>DEFAULT4
            C.8.6110.symtab0x194f812OBJECT<unknown>DEFAULT4
            C.9.6119.symtab0x194ec12OBJECT<unknown>DEFAULT4
            LOCAL_ADDR.symtab0x254b84OBJECT<unknown>DEFAULT14
            Laligned.symtab0xf7c80NOTYPE<unknown>DEFAULT2
            Llastword.symtab0xf7e40NOTYPE<unknown>DEFAULT2
            _Exit.symtab0x13ad0104FUNC<unknown>DEFAULT2
            _GLOBAL_OFFSET_TABLE_.symtab0x226580OBJECT<unknown>HIDDEN12
            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _Unwind_Complete.symtab0x176004FUNC<unknown>HIDDEN2
            _Unwind_DeleteException.symtab0x1760444FUNC<unknown>HIDDEN2
            _Unwind_ForcedUnwind.symtab0x182b436FUNC<unknown>HIDDEN2
            _Unwind_GetCFA.symtab0x175f88FUNC<unknown>HIDDEN2
            _Unwind_GetDataRelBase.symtab0x1763c12FUNC<unknown>HIDDEN2
            _Unwind_GetLanguageSpecificData.symtab0x182d868FUNC<unknown>HIDDEN2
            _Unwind_GetRegionStart.symtab0x18a7852FUNC<unknown>HIDDEN2
            _Unwind_GetTextRelBase.symtab0x1763012FUNC<unknown>HIDDEN2
            _Unwind_RaiseException.symtab0x1824836FUNC<unknown>HIDDEN2
            _Unwind_Resume.symtab0x1826c36FUNC<unknown>HIDDEN2
            _Unwind_Resume_or_Rethrow.symtab0x1829036FUNC<unknown>HIDDEN2
            _Unwind_VRS_Get.symtab0x1756076FUNC<unknown>HIDDEN2
            _Unwind_VRS_Pop.symtab0x17b78324FUNC<unknown>HIDDEN2
            _Unwind_VRS_Set.symtab0x175ac76FUNC<unknown>HIDDEN2
            _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_b.symtab0x229484OBJECT<unknown>DEFAULT13
            __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_b_data.symtab0x1a1b6768OBJECT<unknown>DEFAULT4
            __EH_FRAME_BEGIN__.symtab0x226480OBJECT<unknown>DEFAULT7
            __FRAME_END__.symtab0x226480OBJECT<unknown>DEFAULT7
            __GI___C_ctype_b.symtab0x229484OBJECT<unknown>HIDDEN13
            __GI___close.symtab0x12ff0100FUNC<unknown>HIDDEN2
            __GI___close_nocancel.symtab0x12fd424FUNC<unknown>HIDDEN2
            __GI___ctype_b.symtab0x2294c4OBJECT<unknown>HIDDEN13
            __GI___errno_location.symtab0xd43032FUNC<unknown>HIDDEN2
            __GI___fcntl_nocancel.symtab0xc704152FUNC<unknown>HIDDEN2
            __GI___fgetc_unlocked.symtab0x153dc300FUNC<unknown>HIDDEN2
            __GI___glibc_strerror_r.symtab0xf9f024FUNC<unknown>HIDDEN2
            __GI___libc_close.symtab0x12ff0100FUNC<unknown>HIDDEN2
            __GI___libc_fcntl.symtab0xc79c244FUNC<unknown>HIDDEN2
            __GI___libc_open.symtab0x13080100FUNC<unknown>HIDDEN2
            __GI___libc_read.symtab0x131a0100FUNC<unknown>HIDDEN2
            __GI___libc_write.symtab0x13110100FUNC<unknown>HIDDEN2
            __GI___open.symtab0x13080100FUNC<unknown>HIDDEN2
            __GI___open_nocancel.symtab0x1306424FUNC<unknown>HIDDEN2
            __GI___read.symtab0x131a0100FUNC<unknown>HIDDEN2
            __GI___read_nocancel.symtab0x1318424FUNC<unknown>HIDDEN2
            __GI___sigaddset.symtab0x1034036FUNC<unknown>HIDDEN2
            __GI___sigdelset.symtab0x1036436FUNC<unknown>HIDDEN2
            __GI___sigismember.symtab0x1031c36FUNC<unknown>HIDDEN2
            __GI___uClibc_fini.symtab0x133b8124FUNC<unknown>HIDDEN2
            __GI___uClibc_init.symtab0x1348888FUNC<unknown>HIDDEN2
            __GI___write.symtab0x13110100FUNC<unknown>HIDDEN2
            __GI___write_nocancel.symtab0x130f424FUNC<unknown>HIDDEN2
            __GI___xpg_strerror_r.symtab0xfa08268FUNC<unknown>HIDDEN2
            __GI__exit.symtab0x13ad0104FUNC<unknown>HIDDEN2
            __GI_abort.symtab0x11718296FUNC<unknown>HIDDEN2
            __GI_accept.symtab0xfc20116FUNC<unknown>HIDDEN2
            __GI_atoi.symtab0x11e6432FUNC<unknown>HIDDEN2
            __GI_bind.symtab0xfc9468FUNC<unknown>HIDDEN2
            __GI_brk.symtab0x138cc88FUNC<unknown>HIDDEN2
            __GI_close.symtab0x12ff0100FUNC<unknown>HIDDEN2
            __GI_closedir.symtab0xcf4c272FUNC<unknown>HIDDEN2
            __GI_config_close.symtab0x142e452FUNC<unknown>HIDDEN2
            __GI_config_open.symtab0x1431872FUNC<unknown>HIDDEN2
            __GI_config_read.symtab0x13fbc808FUNC<unknown>HIDDEN2
            __GI_connect.symtab0xfd1c116FUNC<unknown>HIDDEN2
            __GI_exit.symtab0x12078196FUNC<unknown>HIDDEN2
            __GI_fclose.symtab0xd484816FUNC<unknown>HIDDEN2
            __GI_fcntl.symtab0xc79c244FUNC<unknown>HIDDEN2
            __GI_fflush_unlocked.symtab0xf21c940FUNC<unknown>HIDDEN2
            __GI_fgetc.symtab0x1517c324FUNC<unknown>HIDDEN2
            __GI_fgetc_unlocked.symtab0x153dc300FUNC<unknown>HIDDEN2
            __GI_fgets.symtab0x152c0284FUNC<unknown>HIDDEN2
            __GI_fgets_unlocked.symtab0x15508160FUNC<unknown>HIDDEN2
            __GI_fopen.symtab0xd7b432FUNC<unknown>HIDDEN2
            __GI_fork.symtab0x128fc972FUNC<unknown>HIDDEN2
            __GI_fputs_unlocked.symtab0xf5c856FUNC<unknown>HIDDEN2
            __GI_fseek.symtab0x1650c36FUNC<unknown>HIDDEN2
            __GI_fseeko64.symtab0x16530448FUNC<unknown>HIDDEN2
            __GI_fstat.symtab0x13b38100FUNC<unknown>HIDDEN2
            __GI_fwrite_unlocked.symtab0xf600188FUNC<unknown>HIDDEN2
            __GI_getc_unlocked.symtab0x153dc300FUNC<unknown>HIDDEN2
            __GI_getdtablesize.symtab0x13c3c44FUNC<unknown>HIDDEN2
            __GI_getegid.symtab0x13c6820FUNC<unknown>HIDDEN2
            __GI_geteuid.symtab0x13c7c20FUNC<unknown>HIDDEN2
            __GI_getgid.symtab0x13c9020FUNC<unknown>HIDDEN2
            __GI_getpagesize.symtab0x13ca440FUNC<unknown>HIDDEN2
            __GI_getpid.symtab0x12d6072FUNC<unknown>HIDDEN2
            __GI_getrlimit.symtab0x13ccc56FUNC<unknown>HIDDEN2
            __GI_getsockname.symtab0xfd9068FUNC<unknown>HIDDEN2
            __GI_gettimeofday.symtab0x13d0464FUNC<unknown>HIDDEN2
            __GI_getuid.symtab0x13d4420FUNC<unknown>HIDDEN2
            __GI_inet_addr.symtab0xfbb440FUNC<unknown>HIDDEN2
            __GI_inet_aton.symtab0x15ef0248FUNC<unknown>HIDDEN2
            __GI_initstate_r.symtab0x11c80248FUNC<unknown>HIDDEN2
            __GI_ioctl.symtab0xc8a4224FUNC<unknown>HIDDEN2
            __GI_isatty.symtab0xfb1436FUNC<unknown>HIDDEN2
            __GI_kill.symtab0xc98456FUNC<unknown>HIDDEN2
            __GI_listen.symtab0xfe1c64FUNC<unknown>HIDDEN2
            __GI_lseek.symtab0x13d5864FUNC<unknown>HIDDEN2
            __GI_lseek64.symtab0x16960112FUNC<unknown>HIDDEN2
            __GI_memchr.symtab0x15a40240FUNC<unknown>HIDDEN2
            __GI_memcpy.symtab0xf6c04FUNC<unknown>HIDDEN2
            __GI_memmove.symtab0xf6d04FUNC<unknown>HIDDEN2
            __GI_mempcpy.symtab0x15b3036FUNC<unknown>HIDDEN2
            __GI_memrchr.symtab0x15b54224FUNC<unknown>HIDDEN2
            __GI_memset.symtab0xf6e0156FUNC<unknown>HIDDEN2
            __GI_mkdir.symtab0xc9bc64FUNC<unknown>HIDDEN2
            __GI_mmap.symtab0x13924124FUNC<unknown>HIDDEN2
            __GI_mremap.symtab0x13d9868FUNC<unknown>HIDDEN2
            __GI_munmap.symtab0x13ddc64FUNC<unknown>HIDDEN2
            __GI_nanosleep.symtab0x13e5c96FUNC<unknown>HIDDEN2
            __GI_open.symtab0x13080100FUNC<unknown>HIDDEN2
            __GI_opendir.symtab0xd12c196FUNC<unknown>HIDDEN2
            __GI_raise.symtab0x12da8240FUNC<unknown>HIDDEN2
            __GI_random.symtab0x11858164FUNC<unknown>HIDDEN2
            __GI_random_r.symtab0x11b18144FUNC<unknown>HIDDEN2
            __GI_read.symtab0x131a0100FUNC<unknown>HIDDEN2
            __GI_readdir.symtab0xd2a0232FUNC<unknown>HIDDEN2
            __GI_readdir64.symtab0x13ed0236FUNC<unknown>HIDDEN2
            __GI_readlink.symtab0xca8464FUNC<unknown>HIDDEN2
            __GI_recv.symtab0xfea0112FUNC<unknown>HIDDEN2
            __GI_recvfrom.symtab0xff58136FUNC<unknown>HIDDEN2
            __GI_sbrk.symtab0xcac4108FUNC<unknown>HIDDEN2
            __GI_select.symtab0xcb74132FUNC<unknown>HIDDEN2
            __GI_send.symtab0x10024112FUNC<unknown>HIDDEN2
            __GI_sendto.symtab0x100e0136FUNC<unknown>HIDDEN2
            __GI_setsid.symtab0xcbf864FUNC<unknown>HIDDEN2
            __GI_setsockopt.symtab0x1016872FUNC<unknown>HIDDEN2
            __GI_setstate_r.symtab0x11d78236FUNC<unknown>HIDDEN2
            __GI_sigaction.symtab0x139cc136FUNC<unknown>HIDDEN2
            __GI_sigaddset.symtab0x101f480FUNC<unknown>HIDDEN2
            __GI_sigemptyset.symtab0x1024420FUNC<unknown>HIDDEN2
            __GI_signal.symtab0x10258196FUNC<unknown>HIDDEN2
            __GI_sigprocmask.symtab0xcc38140FUNC<unknown>HIDDEN2
            __GI_sleep.symtab0x12e98300FUNC<unknown>HIDDEN2
            __GI_snprintf.symtab0xd7d448FUNC<unknown>HIDDEN2
            __GI_socket.symtab0x101b068FUNC<unknown>HIDDEN2
            __GI_srandom_r.symtab0x11ba8216FUNC<unknown>HIDDEN2
            __GI_stat.symtab0xccc4100FUNC<unknown>HIDDEN2
            __GI_strcat.symtab0xf80040FUNC<unknown>HIDDEN2
            __GI_strchr.symtab0x15c34240FUNC<unknown>HIDDEN2
            __GI_strchrnul.symtab0x15d24236FUNC<unknown>HIDDEN2
            __GI_strcmp.symtab0xf78028FUNC<unknown>HIDDEN2
            __GI_strcoll.symtab0xf78028FUNC<unknown>HIDDEN2
            __GI_strcspn.symtab0x15e1068FUNC<unknown>HIDDEN2
            __GI_strlen.symtab0xf7a096FUNC<unknown>HIDDEN2
            __GI_strnlen.symtab0xf828204FUNC<unknown>HIDDEN2
            __GI_strrchr.symtab0x15e5480FUNC<unknown>HIDDEN2
            __GI_strspn.symtab0x15ea476FUNC<unknown>HIDDEN2
            __GI_strstr.symtab0xf8f4252FUNC<unknown>HIDDEN2
            __GI_strtol.symtab0x11e8428FUNC<unknown>HIDDEN2
            __GI_sysconf.symtab0x122881572FUNC<unknown>HIDDEN2
            __GI_tcgetattr.symtab0xfb38124FUNC<unknown>HIDDEN2
            __GI_time.symtab0xcd2848FUNC<unknown>HIDDEN2
            __GI_times.symtab0x13ebc20FUNC<unknown>HIDDEN2
            __GI_uname.symtab0xcd9464FUNC<unknown>HIDDEN2
            __GI_vsnprintf.symtab0xd804208FUNC<unknown>HIDDEN2
            __GI_wcrtomb.symtab0x1436084FUNC<unknown>HIDDEN2
            __GI_wcsnrtombs.symtab0x143d8188FUNC<unknown>HIDDEN2
            __GI_wcsrtombs.symtab0x143b436FUNC<unknown>HIDDEN2
            __GI_write.symtab0x13110100FUNC<unknown>HIDDEN2
            __JCR_END__.symtab0x226540OBJECT<unknown>DEFAULT11
            __JCR_LIST__.symtab0x226540OBJECT<unknown>DEFAULT11
            ___Unwind_ForcedUnwind.symtab0x182b436FUNC<unknown>HIDDEN2
            ___Unwind_RaiseException.symtab0x1824836FUNC<unknown>HIDDEN2
            ___Unwind_Resume.symtab0x1826c36FUNC<unknown>HIDDEN2
            ___Unwind_Resume_or_Rethrow.symtab0x1829036FUNC<unknown>HIDDEN2
            __adddf3.symtab0x16b20784FUNC<unknown>HIDDEN2
            __aeabi_cdcmpeq.symtab0x1747c24FUNC<unknown>HIDDEN2
            __aeabi_cdcmple.symtab0x1747c24FUNC<unknown>HIDDEN2
            __aeabi_cdrcmple.symtab0x1746052FUNC<unknown>HIDDEN2
            __aeabi_d2uiz.symtab0x1750c84FUNC<unknown>HIDDEN2
            __aeabi_dadd.symtab0x16b20784FUNC<unknown>HIDDEN2
            __aeabi_dcmpeq.symtab0x1749424FUNC<unknown>HIDDEN2
            __aeabi_dcmpge.symtab0x174dc24FUNC<unknown>HIDDEN2
            __aeabi_dcmpgt.symtab0x174f424FUNC<unknown>HIDDEN2
            __aeabi_dcmple.symtab0x174c424FUNC<unknown>HIDDEN2
            __aeabi_dcmplt.symtab0x174ac24FUNC<unknown>HIDDEN2
            __aeabi_ddiv.symtab0x171c0524FUNC<unknown>HIDDEN2
            __aeabi_dmul.symtab0x16f30656FUNC<unknown>HIDDEN2
            __aeabi_drsub.symtab0x16b140FUNC<unknown>HIDDEN2
            __aeabi_dsub.symtab0x16b1c788FUNC<unknown>HIDDEN2
            __aeabi_f2d.symtab0x16e7c64FUNC<unknown>HIDDEN2
            __aeabi_i2d.symtab0x16e5440FUNC<unknown>HIDDEN2
            __aeabi_idiv.symtab0x169d00FUNC<unknown>HIDDEN2
            __aeabi_idivmod.symtab0x16afc24FUNC<unknown>HIDDEN2
            __aeabi_l2d.symtab0x16ed096FUNC<unknown>HIDDEN2
            __aeabi_read_tp.symtab0x13a808FUNC<unknown>DEFAULT2
            __aeabi_ui2d.symtab0x16e3036FUNC<unknown>HIDDEN2
            __aeabi_uidiv.symtab0xc5dc0FUNC<unknown>HIDDEN2
            __aeabi_uidivmod.symtab0xc6d824FUNC<unknown>HIDDEN2
            __aeabi_ul2d.symtab0x16ebc116FUNC<unknown>HIDDEN2
            __aeabi_unwind_cpp_pr0.symtab0x182148FUNC<unknown>HIDDEN2
            __aeabi_unwind_cpp_pr1.symtab0x1820c8FUNC<unknown>HIDDEN2
            __aeabi_unwind_cpp_pr2.symtab0x182048FUNC<unknown>HIDDEN2
            __app_fini.symtab0x24f704OBJECT<unknown>HIDDEN14
            __atexit_lock.symtab0x2292424OBJECT<unknown>DEFAULT13
            __bss_end__.symtab0x25aa80NOTYPE<unknown>DEFAULTSHN_ABS
            __bss_start.symtab0x229500NOTYPE<unknown>DEFAULTSHN_ABS
            __bss_start__.symtab0x229500NOTYPE<unknown>DEFAULTSHN_ABS
            __check_one_fd.symtab0x1343484FUNC<unknown>DEFAULT2
            __close.symtab0x12ff0100FUNC<unknown>DEFAULT2
            __close_nocancel.symtab0x12fd424FUNC<unknown>DEFAULT2
            __cmpdf2.symtab0x173dc132FUNC<unknown>HIDDEN2
            __ctype_b.symtab0x2294c4OBJECT<unknown>DEFAULT13
            __curbrk.symtab0x24f784OBJECT<unknown>HIDDEN14
            __cxa_begin_cleanup.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __cxa_call_unexpected.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __cxa_type_match.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __data_start.symtab0x227000NOTYPE<unknown>DEFAULT13
            __default_rt_sa_restorer.symtab0x13a6c0FUNC<unknown>DEFAULT2
            __default_sa_restorer.symtab0x13a600FUNC<unknown>DEFAULT2
            __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __div0.symtab0xc6f020FUNC<unknown>HIDDEN2
            __divdf3.symtab0x171c0524FUNC<unknown>HIDDEN2
            __divsi3.symtab0x169d0300FUNC<unknown>HIDDEN2
            __do_global_dtors_aux.symtab0x80f00FUNC<unknown>DEFAULT2
            __do_global_dtors_aux_fini_array_entry.symtab0x226500OBJECT<unknown>DEFAULT10
            __end__.symtab0x25aa80NOTYPE<unknown>DEFAULTSHN_ABS
            __environ.symtab0x24f684OBJECT<unknown>DEFAULT14
            __eqdf2.symtab0x173dc132FUNC<unknown>HIDDEN2
            __errno_location.symtab0xd43032FUNC<unknown>DEFAULT2
            __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __exidx_end.symtab0x1a6480NOTYPE<unknown>DEFAULTSHN_ABS
            __exidx_start.symtab0x1a5300NOTYPE<unknown>DEFAULTSHN_ABS
            __exit_cleanup.symtab0x24a184OBJECT<unknown>HIDDEN14
            __extendsfdf2.symtab0x16e7c64FUNC<unknown>HIDDEN2
            __fcntl_nocancel.symtab0xc704152FUNC<unknown>DEFAULT2
            __fgetc_unlocked.symtab0x153dc300FUNC<unknown>DEFAULT2
            __fini_array_end.symtab0x226540NOTYPE<unknown>HIDDEN10
            __fini_array_start.symtab0x226500NOTYPE<unknown>HIDDEN10
            __fixunsdfsi.symtab0x1750c84FUNC<unknown>HIDDEN2
            __floatdidf.symtab0x16ed096FUNC<unknown>HIDDEN2
            __floatsidf.symtab0x16e5440FUNC<unknown>HIDDEN2
            __floatundidf.symtab0x16ebc116FUNC<unknown>HIDDEN2
            __floatunsidf.symtab0x16e3036FUNC<unknown>HIDDEN2
            __fork.symtab0x128fc972FUNC<unknown>DEFAULT2
            __fork_generation_pointer.symtab0x25a744OBJECT<unknown>HIDDEN14
            __fork_handlers.symtab0x25a784OBJECT<unknown>HIDDEN14
            __fork_lock.symtab0x24a1c4OBJECT<unknown>HIDDEN14
            __frame_dummy_init_array_entry.symtab0x2264c0OBJECT<unknown>DEFAULT9
            __gedf2.symtab0x173cc148FUNC<unknown>HIDDEN2
            __getdents.symtab0x13b9c160FUNC<unknown>HIDDEN2
            __getdents64.symtab0x163c4328FUNC<unknown>HIDDEN2
            __getpagesize.symtab0x13ca440FUNC<unknown>DEFAULT2
            __getpid.symtab0x12d6072FUNC<unknown>DEFAULT2
            __glibc_strerror_r.symtab0xf9f024FUNC<unknown>DEFAULT2
            __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __gnu_Unwind_Find_exidx.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __gnu_Unwind_ForcedUnwind.symtab0x179b828FUNC<unknown>HIDDEN2
            __gnu_Unwind_RaiseException.symtab0x17aa0184FUNC<unknown>HIDDEN2
            __gnu_Unwind_Restore_VFP.symtab0x182380FUNC<unknown>HIDDEN2
            __gnu_Unwind_Resume.symtab0x17a34108FUNC<unknown>HIDDEN2
            __gnu_Unwind_Resume_or_Rethrow.symtab0x17b5832FUNC<unknown>HIDDEN2
            __gnu_Unwind_Save_VFP.symtab0x182400FUNC<unknown>HIDDEN2
            __gnu_unwind_execute.symtab0x1831c1812FUNC<unknown>HIDDEN2
            __gnu_unwind_frame.symtab0x18a3072FUNC<unknown>HIDDEN2
            __gnu_unwind_pr_common.symtab0x17cbc1352FUNC<unknown>DEFAULT2
            __gtdf2.symtab0x173cc148FUNC<unknown>HIDDEN2
            __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __init_array_end.symtab0x226500NOTYPE<unknown>HIDDEN9
            __init_array_start.symtab0x2264c0NOTYPE<unknown>HIDDEN9
            __ledf2.symtab0x173d4140FUNC<unknown>HIDDEN2
            __libc_accept.symtab0xfc20116FUNC<unknown>DEFAULT2
            __libc_close.symtab0x12ff0100FUNC<unknown>DEFAULT2
            __libc_connect.symtab0xfd1c116FUNC<unknown>DEFAULT2
            __libc_disable_asynccancel.symtab0x13210136FUNC<unknown>HIDDEN2
            __libc_enable_asynccancel.symtab0x13298220FUNC<unknown>HIDDEN2
            __libc_errno.symtab0x04TLS<unknown>HIDDEN8
            __libc_fcntl.symtab0xc79c244FUNC<unknown>DEFAULT2
            __libc_fork.symtab0x128fc972FUNC<unknown>DEFAULT2
            __libc_h_errno.symtab0x44TLS<unknown>HIDDEN8
            __libc_multiple_threads.symtab0x25a7c4OBJECT<unknown>HIDDEN14
            __libc_nanosleep.symtab0x13e5c96FUNC<unknown>DEFAULT2
            __libc_open.symtab0x13080100FUNC<unknown>DEFAULT2
            __libc_read.symtab0x131a0100FUNC<unknown>DEFAULT2
            __libc_recv.symtab0xfea0112FUNC<unknown>DEFAULT2
            __libc_recvfrom.symtab0xff58136FUNC<unknown>DEFAULT2
            __libc_select.symtab0xcb74132FUNC<unknown>DEFAULT2
            __libc_send.symtab0x10024112FUNC<unknown>DEFAULT2
            __libc_sendto.symtab0x100e0136FUNC<unknown>DEFAULT2
            __libc_setup_tls.symtab0x160ec560FUNC<unknown>DEFAULT2
            __libc_sigaction.symtab0x139cc136FUNC<unknown>DEFAULT2
            __libc_stack_end.symtab0x24f644OBJECT<unknown>DEFAULT14
            __libc_write.symtab0x13110100FUNC<unknown>DEFAULT2
            __lll_lock_wait_private.symtab0x12cc8152FUNC<unknown>HIDDEN2
            __ltdf2.symtab0x173d4140FUNC<unknown>HIDDEN2
            __malloc_consolidate.symtab0x112e8436FUNC<unknown>HIDDEN2
            __malloc_largebin_index.symtab0x10388120FUNC<unknown>DEFAULT2
            __malloc_lock.symtab0x2284824OBJECT<unknown>DEFAULT13
            __malloc_state.symtab0x256fc888OBJECT<unknown>DEFAULT14
            __malloc_trim.symtab0x11238176FUNC<unknown>DEFAULT2
            __muldf3.symtab0x16f30656FUNC<unknown>HIDDEN2
            __nedf2.symtab0x173dc132FUNC<unknown>HIDDEN2
            __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __open.symtab0x13080100FUNC<unknown>DEFAULT2
            __open_nocancel.symtab0x1306424FUNC<unknown>DEFAULT2
            __pagesize.symtab0x24f6c4OBJECT<unknown>DEFAULT14
            __preinit_array_end.symtab0x2264c0NOTYPE<unknown>HIDDEN8
            __preinit_array_start.symtab0x2264c0NOTYPE<unknown>HIDDEN8
            __progname.symtab0x229404OBJECT<unknown>DEFAULT13
            __progname_full.symtab0x229444OBJECT<unknown>DEFAULT13
            __pthread_initialize_minimal.symtab0x1631c12FUNC<unknown>DEFAULT2
            __pthread_mutex_init.symtab0x1337c8FUNC<unknown>DEFAULT2
            __pthread_mutex_lock.symtab0x133748FUNC<unknown>DEFAULT2
            __pthread_mutex_trylock.symtab0x133748FUNC<unknown>DEFAULT2
            __pthread_mutex_unlock.symtab0x133748FUNC<unknown>DEFAULT2
            __pthread_return_0.symtab0x133748FUNC<unknown>DEFAULT2
            __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __read.symtab0x131a0100FUNC<unknown>DEFAULT2
            __read_nocancel.symtab0x1318424FUNC<unknown>DEFAULT2
            __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __restore_core_regs.symtab0x1821c28FUNC<unknown>HIDDEN2
            __rtld_fini.symtab0x24f744OBJECT<unknown>HIDDEN14
            __sigaddset.symtab0x1034036FUNC<unknown>DEFAULT2
            __sigdelset.symtab0x1036436FUNC<unknown>DEFAULT2
            __sigismember.symtab0x1031c36FUNC<unknown>DEFAULT2
            __sigjmp_save.symtab0x1692064FUNC<unknown>HIDDEN2
            __sigsetjmp.symtab0x163b812FUNC<unknown>DEFAULT2
            __stdin.symtab0x2276c4OBJECT<unknown>DEFAULT13
            __stdio_READ.symtab0x166f088FUNC<unknown>HIDDEN2
            __stdio_WRITE.symtab0x14494220FUNC<unknown>HIDDEN2
            __stdio_adjust_position.symtab0x16748200FUNC<unknown>HIDDEN2
            __stdio_fwrite.symtab0x14570320FUNC<unknown>HIDDEN2
            __stdio_rfill.symtab0x1681048FUNC<unknown>HIDDEN2
            __stdio_seek.symtab0x168e460FUNC<unknown>HIDDEN2
            __stdio_trans2r_o.symtab0x16840164FUNC<unknown>HIDDEN2
            __stdio_trans2w_o.symtab0x146b0220FUNC<unknown>HIDDEN2
            __stdio_wcommit.symtab0xdf1848FUNC<unknown>HIDDEN2
            __stdout.symtab0x227704OBJECT<unknown>DEFAULT13
            __subdf3.symtab0x16b1c788FUNC<unknown>HIDDEN2
            __sys_accept.symtab0xfbdc68FUNC<unknown>DEFAULT2
            __sys_connect.symtab0xfcd868FUNC<unknown>DEFAULT2
            __sys_recv.symtab0xfe5c68FUNC<unknown>DEFAULT2
            __sys_recvfrom.symtab0xff1072FUNC<unknown>DEFAULT2
            __sys_send.symtab0xffe068FUNC<unknown>DEFAULT2
            __sys_sendto.symtab0x1009476FUNC<unknown>DEFAULT2
            __syscall_error.symtab0x139a044FUNC<unknown>HIDDEN2
            __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_nanosleep.symtab0x13e1c64FUNC<unknown>DEFAULT2
            __syscall_rt_sigaction.symtab0x13a9064FUNC<unknown>DEFAULT2
            __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_select.symtab0xcb3068FUNC<unknown>DEFAULT2
            __tls_get_addr.symtab0x160c836FUNC<unknown>DEFAULT2
            __uClibc_fini.symtab0x133b8124FUNC<unknown>DEFAULT2
            __uClibc_init.symtab0x1348888FUNC<unknown>DEFAULT2
            __uClibc_main.symtab0x134e01004FUNC<unknown>DEFAULT2
            __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __uclibc_progname.symtab0x2293c4OBJECT<unknown>HIDDEN13
            __udivsi3.symtab0xc5dc252FUNC<unknown>HIDDEN2
            __write.symtab0x13110100FUNC<unknown>DEFAULT2
            __write_nocancel.symtab0x130f424FUNC<unknown>DEFAULT2
            __xpg_strerror_r.symtab0xfa08268FUNC<unknown>DEFAULT2
            __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __xstat32_conv.symtab0xcea0172FUNC<unknown>HIDDEN2
            __xstat64_conv.symtab0xcdd4204FUNC<unknown>HIDDEN2
            _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _bss_custom_printf_spec.symtab0x24a0810OBJECT<unknown>DEFAULT14
            _bss_end__.symtab0x25aa80NOTYPE<unknown>DEFAULTSHN_ABS
            _charpad.symtab0xdf4884FUNC<unknown>DEFAULT2
            _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _custom_printf_arginfo.symtab0x256a440OBJECT<unknown>HIDDEN14
            _custom_printf_handler.symtab0x256cc40OBJECT<unknown>HIDDEN14
            _custom_printf_spec.symtab0x228444OBJECT<unknown>HIDDEN13
            _dl_aux_init.symtab0x1632856FUNC<unknown>DEFAULT2
            _dl_nothread_init_static_tls.symtab0x1636088FUNC<unknown>HIDDEN2
            _dl_phdr.symtab0x25aa04OBJECT<unknown>DEFAULT14
            _dl_phnum.symtab0x25aa44OBJECT<unknown>DEFAULT14
            _dl_tls_dtv_gaps.symtab0x25a941OBJECT<unknown>DEFAULT14
            _dl_tls_dtv_slotinfo_list.symtab0x25a904OBJECT<unknown>DEFAULT14
            _dl_tls_generation.symtab0x25a984OBJECT<unknown>DEFAULT14
            _dl_tls_max_dtv_idx.symtab0x25a884OBJECT<unknown>DEFAULT14
            _dl_tls_setup.symtab0x16060104FUNC<unknown>DEFAULT2
            _dl_tls_static_align.symtab0x25a844OBJECT<unknown>DEFAULT14
            _dl_tls_static_nelem.symtab0x25a9c4OBJECT<unknown>DEFAULT14
            _dl_tls_static_size.symtab0x25a8c4OBJECT<unknown>DEFAULT14
            _dl_tls_static_used.symtab0x25a804OBJECT<unknown>DEFAULT14
            _edata.symtab0x229500NOTYPE<unknown>DEFAULTSHN_ABS
            _end.symtab0x25aa80NOTYPE<unknown>DEFAULTSHN_ABS
            _exit.symtab0x13ad0104FUNC<unknown>DEFAULT2
            _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fini.symtab0x18aac0FUNC<unknown>DEFAULT3
            _fixed_buffers.symtab0x22a088192OBJECT<unknown>DEFAULT14
            _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fp_out_narrow.symtab0xdf9c132FUNC<unknown>DEFAULT2
            _fpmaxtostr.symtab0x149882036FUNC<unknown>HIDDEN2
            _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _init.symtab0x80d40FUNC<unknown>DEFAULT1
            _load_inttype.symtab0x1478c116FUNC<unknown>HIDDEN2
            _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _memcpy.symtab0x155b00FUNC<unknown>HIDDEN2
            _ppfs_init.symtab0xe714160FUNC<unknown>HIDDEN2
            _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_parsespec.symtab0xe9fc1392FUNC<unknown>HIDDEN2
            _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_prepargs.symtab0xe7b468FUNC<unknown>HIDDEN2
            _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_setargs.symtab0xe7f8432FUNC<unknown>HIDDEN2
            _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _promoted_size.symtab0xe9a884FUNC<unknown>DEFAULT2
            _pthread_cleanup_pop_restore.symtab0x1338c44FUNC<unknown>DEFAULT2
            _pthread_cleanup_push_defer.symtab0x133848FUNC<unknown>DEFAULT2
            _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _setjmp.symtab0x13a548FUNC<unknown>DEFAULT2
            _sigintr.symtab0x256f48OBJECT<unknown>HIDDEN14
            _start.symtab0x81940FUNC<unknown>DEFAULT2
            _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _stdio_fopen.symtab0xd8d41120FUNC<unknown>HIDDEN2
            _stdio_init.symtab0xdd34128FUNC<unknown>HIDDEN2
            _stdio_openlist.symtab0x227744OBJECT<unknown>DEFAULT13
            _stdio_openlist_add_lock.symtab0x229e812OBJECT<unknown>DEFAULT14
            _stdio_openlist_dec_use.symtab0xef6c688FUNC<unknown>HIDDEN2
            _stdio_openlist_del_count.symtab0x22a044OBJECT<unknown>DEFAULT14
            _stdio_openlist_del_lock.symtab0x229f412OBJECT<unknown>DEFAULT14
            _stdio_openlist_use_count.symtab0x22a004OBJECT<unknown>DEFAULT14
            _stdio_streams.symtab0x22778204OBJECT<unknown>DEFAULT13
            _stdio_term.symtab0xddb4356FUNC<unknown>HIDDEN2
            _stdio_user_locking.symtab0x2275c4OBJECT<unknown>DEFAULT13
            _stdlib_strto_l.symtab0x11ea0472FUNC<unknown>HIDDEN2
            _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _store_inttype.symtab0x1480044FUNC<unknown>HIDDEN2
            _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _string_syserrmsgs.symtab0x195c82906OBJECT<unknown>HIDDEN4
            _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _uintmaxtostr.symtab0x1482c348FUNC<unknown>HIDDEN2
            _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _vfprintf_internal.symtab0xe0201780FUNC<unknown>HIDDEN2
            _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            abort.symtab0x11718296FUNC<unknown>DEFAULT2
            abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            accept.symtab0xfc20116FUNC<unknown>DEFAULT2
            accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            anti_gdb_entry.symtab0xa77424FUNC<unknown>DEFAULT2
            atoi.symtab0x11e6432FUNC<unknown>DEFAULT2
            atol.symtab0x11e6432FUNC<unknown>DEFAULT2
            atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            attack_get_opt_int.symtab0x8554112FUNC<unknown>DEFAULT2
            attack_get_opt_ip.symtab0x84e8108FUNC<unknown>DEFAULT2
            attack_gre_ip.symtab0x87701584FUNC<unknown>DEFAULT2
            attack_init.symtab0x85c4428FUNC<unknown>DEFAULT2
            attack_parse.symtab0x82cc540FUNC<unknown>DEFAULT2
            attack_start.symtab0x81d0252FUNC<unknown>DEFAULT2
            attack_tcp_ack.symtab0x905c1788FUNC<unknown>DEFAULT2
            attack_tcp_bypass.symtab0x9eb8852FUNC<unknown>DEFAULT2
            attack_tcp_syn.symtab0x97581888FUNC<unknown>DEFAULT2
            attack_udp_plain.symtab0x8da0700FUNC<unknown>DEFAULT2
            attacks.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            been_there_done_that.symtab0x24a144OBJECT<unknown>DEFAULT14
            bind.symtab0xfc9468FUNC<unknown>DEFAULT2
            bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            brk.symtab0x138cc88FUNC<unknown>DEFAULT2
            brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            bsd_signal.symtab0x10258196FUNC<unknown>DEFAULT2
            calloc.symtab0x10d38320FUNC<unknown>DEFAULT2
            calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            checkDevice.symtab0xa6e4144FUNC<unknown>DEFAULT2
            check_real_path.symtab0xa3c8272FUNC<unknown>DEFAULT2
            checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            checksum_generic.symtab0xa20c80FUNC<unknown>DEFAULT2
            checksum_tcpudp.symtab0xa25c164FUNC<unknown>DEFAULT2
            clock.symtab0xd45052FUNC<unknown>DEFAULT2
            clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            close.symtab0x12ff0100FUNC<unknown>DEFAULT2
            closedir.symtab0xcf4c272FUNC<unknown>DEFAULT2
            closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            completed.5105.symtab0x229501OBJECT<unknown>DEFAULT14
            connect.symtab0xfd1c116FUNC<unknown>DEFAULT2
            connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            ensure_single_instance.symtab0xa78c344FUNC<unknown>DEFAULT2
            entries.symtab0x254bc4OBJECT<unknown>DEFAULT14
            environ.symtab0x24f684OBJECT<unknown>DEFAULT14
            errno.symtab0x04TLS<unknown>DEFAULT8
            errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exit.symtab0x12078196FUNC<unknown>DEFAULT2
            exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exp10_table.symtab0x1a4d072OBJECT<unknown>DEFAULT4
            fclose.symtab0xd484816FUNC<unknown>DEFAULT2
            fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fcntl.symtab0xc79c244FUNC<unknown>DEFAULT2
            fd_ctrl.symtab0x227004OBJECT<unknown>DEFAULT13
            fd_serv.symtab0x227044OBJECT<unknown>DEFAULT13
            fd_to_DIR.symtab0xd05c208FUNC<unknown>DEFAULT2
            fdopendir.symtab0xd1f0176FUNC<unknown>DEFAULT2
            fflush_unlocked.symtab0xf21c940FUNC<unknown>DEFAULT2
            fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgetc.symtab0x1517c324FUNC<unknown>DEFAULT2
            fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgetc_unlocked.symtab0x153dc300FUNC<unknown>DEFAULT2
            fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets.symtab0x152c0284FUNC<unknown>DEFAULT2
            fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets_unlocked.symtab0x15508160FUNC<unknown>DEFAULT2
            fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fmt.symtab0x1a4b820OBJECT<unknown>DEFAULT4
            fopen.symtab0xd7b432FUNC<unknown>DEFAULT2
            fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fork.symtab0x128fc972FUNC<unknown>DEFAULT2
            fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fork_handler_pool.symtab0x24a201348OBJECT<unknown>DEFAULT14
            fputs_unlocked.symtab0xf5c856FUNC<unknown>DEFAULT2
            fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            frame_dummy.symtab0x81340FUNC<unknown>DEFAULT2
            free.symtab0x1149c572FUNC<unknown>DEFAULT2
            free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fseek.symtab0x1650c36FUNC<unknown>DEFAULT2
            fseeko.symtab0x1650c36FUNC<unknown>DEFAULT2
            fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fseeko64.symtab0x16530448FUNC<unknown>DEFAULT2
            fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fstat.symtab0x13b38100FUNC<unknown>DEFAULT2
            fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fwrite_unlocked.symtab0xf600188FUNC<unknown>DEFAULT2
            fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            get_eit_entry.symtab0x17648544FUNC<unknown>DEFAULT2
            getc.symtab0x1517c324FUNC<unknown>DEFAULT2
            getc_unlocked.symtab0x153dc300FUNC<unknown>DEFAULT2
            getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2024-12-23T19:52:00.040143+01002030490ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)1192.168.2.135978487.120.114.3241277TCP
            2024-12-23T19:52:01.196291+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:52:21.263214+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:52:40.980440+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:53:01.023827+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:53:21.686053+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:53:41.488855+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:54:01.106720+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:54:23.632545+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:54:41.214151+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:55:01.257306+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            2024-12-23T19:55:21.282768+01002030489ET MALWARE ELF/MooBot Mirai DDoS Variant Server Response187.120.114.3241277192.168.2.1359784TCP
            TimestampSource PortDest PortSource IPDest IP
            Dec 23, 2024 19:51:59.910737038 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:00.030787945 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:00.030895948 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:00.040143013 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:00.161374092 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:01.196290970 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:01.196595907 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:11.202914953 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:11.323324919 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:21.263214111 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:21.263334036 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:52:40.980439901 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:52:40.980758905 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:53:01.023827076 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:53:01.024195910 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:53:21.035228968 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:53:21.155065060 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:53:21.686053038 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:53:21.686148882 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:53:41.488854885 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:53:41.488970041 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:54:01.106719971 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:54:01.106841087 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:54:23.632544994 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:54:23.632628918 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:54:41.214150906 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:54:41.214335918 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:54:51.224633932 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:54:51.344465971 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:55:01.257306099 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:55:01.257520914 CET5978441277192.168.2.1387.120.114.32
            Dec 23, 2024 19:55:21.282768011 CET412775978487.120.114.32192.168.2.13
            Dec 23, 2024 19:55:21.282900095 CET5978441277192.168.2.1387.120.114.32
            TimestampSource PortDest PortSource IPDest IP
            Dec 23, 2024 19:51:59.442894936 CET4689353192.168.2.138.8.8.8
            Dec 23, 2024 19:51:59.904369116 CET53468938.8.8.8192.168.2.13
            Dec 23, 2024 19:54:45.061300039 CET5508453192.168.2.131.1.1.1
            Dec 23, 2024 19:54:45.061350107 CET5995853192.168.2.131.1.1.1
            Dec 23, 2024 19:54:45.204638958 CET53599581.1.1.1192.168.2.13
            Dec 23, 2024 19:54:45.284111977 CET53550841.1.1.1192.168.2.13
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Dec 23, 2024 19:51:59.442894936 CET192.168.2.138.8.8.80x4fe9Standard query (0)fdh32fsdfhs.shopA (IP address)IN (0x0001)false
            Dec 23, 2024 19:54:45.061300039 CET192.168.2.131.1.1.10xfc2fStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
            Dec 23, 2024 19:54:45.061350107 CET192.168.2.131.1.1.10x8e66Standard query (0)daisy.ubuntu.com28IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Dec 23, 2024 19:51:59.904369116 CET8.8.8.8192.168.2.130x4fe9No error (0)fdh32fsdfhs.shop87.120.114.32A (IP address)IN (0x0001)false
            Dec 23, 2024 19:54:45.284111977 CET1.1.1.1192.168.2.130xfc2fNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
            Dec 23, 2024 19:54:45.284111977 CET1.1.1.1192.168.2.130xfc2fNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

            System Behavior

            Start time (UTC):18:51:57
            Start date (UTC):23/12/2024
            Path:/tmp/arm7.elf
            Arguments:/tmp/arm7.elf
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/tmp/arm7.elf
            Arguments:-
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/tmp/arm7.elf
            Arguments:-
            File size:4956856 bytes
            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/udisks2/udisksd
            Arguments:-
            File size:483056 bytes
            MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/sbin/dumpe2fs
            Arguments:dumpe2fs -h /dev/dm-0
            File size:31112 bytes
            MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-sharing
            Arguments:/usr/libexec/gsd-sharing
            File size:35424 bytes
            MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/systemd/systemd
            Arguments:-
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/upower/upowerd
            Arguments:/usr/lib/upower/upowerd
            File size:260328 bytes
            MD5 hash:1253eea2fe5fe4017069664284e326cd

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gvfsd-fuse
            Arguments:-
            File size:47632 bytes
            MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/fusermount
            Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
            File size:39144 bytes
            MD5 hash:576a1b135c82bdcbc97a91acea900566

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-wacom
            Arguments:/usr/libexec/gsd-wacom
            File size:39520 bytes
            MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-print-notifications
            Arguments:/usr/libexec/gsd-print-notifications
            File size:51840 bytes
            MD5 hash:71539698aa691718cee775d6b9450ae2

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-rfkill
            Arguments:/usr/libexec/gsd-rfkill
            File size:51808 bytes
            MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-color
            Arguments:/usr/libexec/gsd-color
            File size:92832 bytes
            MD5 hash:ac2861ad93ce047283e8e87cefef9a19

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-smartcard
            Arguments:/usr/libexec/gsd-smartcard
            File size:109152 bytes
            MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/systemd/systemd
            Arguments:-
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/upower/upowerd
            Arguments:/usr/lib/upower/upowerd
            File size:260328 bytes
            MD5 hash:1253eea2fe5fe4017069664284e326cd

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:58
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-datetime
            Arguments:/usr/libexec/gsd-datetime
            File size:76736 bytes
            MD5 hash:d80d39745740de37d6634d36e344d4bc

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/bin/xfce4-panel
            Arguments:-
            File size:375768 bytes
            MD5 hash:a15b657c7d54ac1385f1f15004ea6784

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
            Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
            File size:35136 bytes
            MD5 hash:ac0b8a906f359a8ae102244738682e76

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/udisks2/udisksd
            Arguments:-
            File size:483056 bytes
            MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/sbin/dumpe2fs
            Arguments:dumpe2fs -h /dev/dm-0
            File size:31112 bytes
            MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-media-keys
            Arguments:/usr/libexec/gsd-media-keys
            File size:232936 bytes
            MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-screensaver-proxy
            Arguments:/usr/libexec/gsd-screensaver-proxy
            File size:27232 bytes
            MD5 hash:77e309450c87dceee43f1a9e50cc0d02

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/systemd/systemd
            Arguments:-
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/lib/upower/upowerd
            Arguments:/usr/lib/upower/upowerd
            File size:260328 bytes
            MD5 hash:1253eea2fe5fe4017069664284e326cd

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-a11y-settings
            Arguments:/usr/libexec/gsd-a11y-settings
            File size:23056 bytes
            MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-power
            Arguments:/usr/libexec/gsd-power
            File size:88672 bytes
            MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-sound
            Arguments:/usr/libexec/gsd-sound
            File size:31248 bytes
            MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gnome-session-binary
            Arguments:-
            File size:334664 bytes
            MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

            Start time (UTC):18:51:59
            Start date (UTC):23/12/2024
            Path:/bin/sh
            Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/libexec/gsd-housekeeping
            Arguments:/usr/libexec/gsd-housekeeping
            File size:51840 bytes
            MD5 hash:b55f3394a84976ddb92a2915e5d76914

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/lib/udisks2/udisksd
            Arguments:-
            File size:483056 bytes
            MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/sbin/dumpe2fs
            Arguments:dumpe2fs -h /dev/dm-0
            File size:31112 bytes
            MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/lib/systemd/systemd
            Arguments:-
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/lib/upower/upowerd
            Arguments:/usr/lib/upower/upowerd
            File size:260328 bytes
            MD5 hash:1253eea2fe5fe4017069664284e326cd

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/lib/systemd/systemd
            Arguments:-
            File size:1620224 bytes
            MD5 hash:9b2bec7092a40488108543f9334aab75

            Start time (UTC):18:52:00
            Start date (UTC):23/12/2024
            Path:/usr/lib/upower/upowerd
            Arguments:/usr/lib/upower/upowerd
            File size:260328 bytes
            MD5 hash:1253eea2fe5fe4017069664284e326cd