Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
ppc.elf

Overview

General Information

Sample name:ppc.elf
Analysis ID:1628836
MD5:71bee47e919793453303a9a16e9c482f
SHA1:3289aa9b5adf5878bc7e0249c0f30dbd7312d0f8
SHA256:7571113ed139ae1919846073949c6a289783545554e69e707e6214324c4ae31c
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Contains symbols with names commonly found in malware
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample and/or dropped files contains symbols with suspicious names
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1628836
Start date and time:2025-03-04 07:28:38 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ppc.elf
Detection:MAL
Classification:mal76.troj.linELF@0/0@4/0
  • VT rate limit hit for: srolangvan.com

Runtime Messages

Command:/tmp/ppc.elf
PID:5434
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
srolangvan.com
Standard Error:

Process Tree

  • system is lnxubuntu20
  • ppc.elf (PID: 5434, Parent: 5355, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/ppc.elf
    • ppc.elf New Fork (PID: 5436, Parent: 5434)
      • ppc.elf New Fork (PID: 5438, Parent: 5436)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ppc.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    ppc.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xded4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe03c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5434.1.00007fe170001000.00007fe170010000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xded4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdee8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdefc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdf9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdfec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe000:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe014:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe028:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe03c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe050:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe064:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    Process Memory Space: ppc.elf PID: 5434Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x989d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x98b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x98c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x98d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x98ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9901:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9915:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9929:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x993d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9951:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9965:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9979:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x998d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x99a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x99b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x99c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x99dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x99f1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9a05:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9a19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x9a2d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    • AV Detection
    • Networking
    • System Summary
    • Persistence and Installation Behavior
    • Malware Analysis System Evasion
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: ppc.elfAvira: detected
    Source: ppc.elfReversingLabs: Detection: 42%
    Source: global trafficTCP traffic: 192.168.2.13:41476 -> 160.22.161.89:56999
    Source: /tmp/ppc.elf (PID: 5434)Socket: 127.0.0.1:46157Jump to behavior
    Source: global trafficDNS traffic detected: DNS query: srolangvan.com

    System Summary

    barindex
    Source: ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 5434.1.00007fe170001000.00007fe170010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: ppc.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: ELF static info symbol of initial sampleName: attack.c
    Source: ELF static info symbol of initial sampleName: attack_get_opt_int
    Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
    Source: ELF static info symbol of initial sampleName: attack_init
    Source: ELF static info symbol of initial sampleName: attack_kill_all
    Source: ELF static info symbol of initial sampleName: attack_method_nudp
    Source: ELF static info symbol of initial sampleName: attack_method_stdhex
    Source: ELF static info symbol of initial sampleName: attack_method_tcp
    Source: ELF static info symbol of initial sampleName: attack_ongoing
    Source: ELF static info symbol of initial sampleName: attack_parse
    Source: ppc.elfELF static info symbol of initial sample: hexPayload
    Source: ppc.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 5434.1.00007fe170001000.00007fe170010000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: ppc.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal76.troj.linELF@0/0@4/0
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/230/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/5381/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/110/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/231/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/111/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/232/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/112/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/233/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/113/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/234/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/114/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/235/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/115/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/236/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/116/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/237/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/117/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/238/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/118/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/239/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/119/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/914/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3635/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/10/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/917/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/11/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/12/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/13/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/5274/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/14/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/15/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/16/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/17/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/18/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/19/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/240/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3095/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/120/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/241/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/121/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/242/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/122/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/243/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/2/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/123/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/244/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/124/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/245/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1588/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/125/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/4/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/246/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/126/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/5/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/247/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/127/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/6/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/248/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/128/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/7/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/249/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/129/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/8/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/800/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/9/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1906/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/802/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/803/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/20/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/21/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/22/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/23/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/24/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/25/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/26/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/27/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/28/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/29/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3420/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1482/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/490/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1480/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/250/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/371/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/130/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/251/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/131/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/252/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/132/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/253/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/254/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1238/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/134/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/255/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/256/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/257/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/378/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3413/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/258/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/259/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/1475/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/3775/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5438)File opened: /proc/936/cmdlineJump to behavior
    Source: /tmp/ppc.elf (PID: 5434)Queries kernel information via 'uname': Jump to behavior
    Source: ppc.elf, 5434.1.00005570ec3a3000.00005570ec453000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
    Source: ppc.elf, 5434.1.00007ffd43b2c000.00007ffd43b4d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ppc.elf
    Source: ppc.elf, 5434.1.00005570ec3a3000.00005570ec453000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
    Source: ppc.elf, 5434.1.00007ffd43b2c000.00007ffd43b4d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: ppc.elf, type: SAMPLE

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: ppc.elf, type: SAMPLE

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
    Masquerading    		1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local System1
    Non-Standard Port    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1628836 Sample: ppc.elf Startdate: 04/03/2025 Architecture: LINUX Score: 76 14 srolangvan.com 160.22.161.89, 41476, 41478, 41480 SIPL-ASSysconInfowayPvtLtdIN unknown 2->14 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 2 other signatures 2->22 8 ppc.elf 2->8         started        signatures3 process4 process5 10 ppc.elf 8->10         started        process6 12 ppc.elf 10->12         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ppc.elf42%ReversingLabsLinux.Backdoor.Mirai
    ppc.elf100%AviraEXP/ELF.Mirai.J

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Download Network PCAP: filteredfull

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    srolangvan.com
    		160.22.161.89
    		truefalse
      		unknown

      World Map of Contacted IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      160.22.161.89
      		srolangvan.comunknown
      		45194SIPL-ASSysconInfowayPvtLtdINfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      160.22.161.89mpsl.elfGet hashmaliciousMiraiBrowse
        arm6.elfGet hashmaliciousMiraiBrowse
          spc.elfGet hashmaliciousMiraiBrowse
            mips.elfGet hashmaliciousMiraiBrowse
              spc.elfGet hashmaliciousMiraiBrowse
                m68k.elfGet hashmaliciousUnknownBrowse
                  x86.elfGet hashmaliciousMiraiBrowse
                    debug.dbg.elfGet hashmaliciousMiraiBrowse
                      sh4.elfGet hashmaliciousMiraiBrowse
                        mpsl.elfGet hashmaliciousMiraiBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          srolangvan.commpsl.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          arm6.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          spc.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          SIPL-ASSysconInfowayPvtLtdINmpsl.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          arm6.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          spc.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          mips.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          spc.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          m68k.elfGet hashmaliciousUnknownBrowse
                          • 160.22.161.89
                          x86.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          debug.dbg.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          sh4.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89
                          mpsl.elfGet hashmaliciousMiraiBrowse
                          • 160.22.161.89

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          No created / dropped files found

                          Static File Info

                          General

                          File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
                          Entropy (8bit):6.1369766759113205
                          TrID:
                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                          File name:ppc.elf
                          File size:82'366 bytes
                          MD5:71bee47e919793453303a9a16e9c482f
                          SHA1:3289aa9b5adf5878bc7e0249c0f30dbd7312d0f8
                          SHA256:7571113ed139ae1919846073949c6a289783545554e69e707e6214324c4ae31c
                          SHA512:da521e85ab021eb4a4a1cd8a42fbc140eeb0f37cb2c4b96d19b7406b2f07fd8b18c74bb89fcd94af4d20cf657d3b367bf52f42f3ebd5e6ed00497b3a70c9e2d6
                          SSDEEP:1536:odN/vFI2NvWgsxzsCFVl3CdX6+v6fMmKVTIp2v:y/vCgvWgisCFVg5vhTVTd
                          TLSH:C9833B0273290967C09799B019EF1FF197B6ECD026F2B206A92D7FA44772FB11485F46
                          File Content Preview:.ELF...........................4.........4. ...(..........................................................,`...............T...T...T................dt.Q.............................!..|......$H...H......$8!. |...N.. .!..|.......?.............../...@..`= .

                          Static ELF Info

                          ELF header

                          Class:ELF32
                          Data:2's complement, big endian
                          Version:1 (current)
                          Machine:PowerPC
                          Version Number:0x1
                          Type:EXEC (Executable file)
                          OS/ABI:UNIX - System V
                          ABI Version:0
                          Entry Point Address:0x10000218
                          Flags:0x0
                          ELF Header Size:52
                          Program Header Offset:52
                          Program Header Size:32
                          Number of Program Headers:4
                          Section Header Offset:64392
                          Section Header Size:40
                          Number of Section Headers:19
                          Header String Table Index:16

                          Sections

                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                          NULL0x00x00x00x00x0000
                          .initPROGBITS0x100000b40xb40x240x00x6AX004
                          .textPROGBITS0x100000d80xd80xd91c0x00x6AX004
                          .finiPROGBITS0x1000d9f40xd9f40x200x00x6AX004
                          .rodataPROGBITS0x1000da140xda140x10dc0x00x2A004
                          .eh_framePROGBITS0x1001f0000xf0000x540x00x3WA004
                          .tbssNOBITS0x1001f0540xf0540x80x00x403WAT004
                          .ctorsPROGBITS0x1001f0540xf0540x80x00x3WA004
                          .dtorsPROGBITS0x1001f05c0xf05c0x80x00x3WA004
                          .jcrPROGBITS0x1001f0640xf0640x40x00x3WA004
                          .dataPROGBITS0x1001f0680xf0680x1cc0x00x3WA004
                          .gotPROGBITS0x1001f2340xf2340x100x40x7WAX004
                          .sdataPROGBITS0x1001f2440xf2440x440x00x3WA004
                          .sbssNOBITS0x1001f2880xf2880x740x00x3WA004
                          .bssNOBITS0x1001f2fc0xf2880x29640x00x3WA004
                          .commentPROGBITS0x00xf2880x8820x00x0001
                          .shstrtabSTRTAB0x00xfb0a0x7e0x00x0001
                          .symtabSYMTAB0x00xfe800x26300x100x0182054
                          .strtabSTRTAB0x00x124b00x1d0e0x00x0001

                          Program Segments

                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                          LOAD0x00x100000000x100000000xeaf00xeaf06.23070x5R E0x10000.init .text .fini .rodata
                          LOAD0xf0000x1001f0000x1001f0000x2880x2c603.96900x7RWE0x10000.eh_frame .tbss .ctors .dtors .jcr .data .got .sdata .sbss .bss
                          TLS0xf0540x1001f0540x1001f0540x00x80.00000x4R 0x4.tbss
                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                          Symbols

                          NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                          .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          .symtab0x100000b40SECTION<unknown>DEFAULT1
                          .symtab0x100000d80SECTION<unknown>DEFAULT2
                          .symtab0x1000d9f40SECTION<unknown>DEFAULT3
                          .symtab0x1000da140SECTION<unknown>DEFAULT4
                          .symtab0x1001f0000SECTION<unknown>DEFAULT5
                          .symtab0x1001f0540SECTION<unknown>DEFAULT6
                          .symtab0x1001f0540SECTION<unknown>DEFAULT7
                          .symtab0x1001f05c0SECTION<unknown>DEFAULT8
                          .symtab0x1001f0640SECTION<unknown>DEFAULT9
                          .symtab0x1001f0680SECTION<unknown>DEFAULT10
                          .symtab0x1001f2340SECTION<unknown>DEFAULT11
                          .symtab0x1001f2440SECTION<unknown>DEFAULT12
                          .symtab0x1001f2880SECTION<unknown>DEFAULT13
                          .symtab0x1001f2fc0SECTION<unknown>DEFAULT14
                          .symtab0x00SECTION<unknown>DEFAULT15
                          C.3.5322.symtab0x1000e79c12OBJECT<unknown>DEFAULT4
                          C.3.6052.symtab0x1000eacc12OBJECT<unknown>DEFAULT4
                          C.3.6106.symtab0x1000eac012OBJECT<unknown>DEFAULT4
                          C.4.5416.symtab0x1000e35024OBJECT<unknown>DEFAULT4
                          C.4.6053.symtab0x1000ead812OBJECT<unknown>DEFAULT4
                          C.6.6061.symtab0x1000eae412OBJECT<unknown>DEFAULT4
                          C.7.5462.symtab0x1000e7a812OBJECT<unknown>DEFAULT4
                          LOCAL_ADDR.symtab0x1001f2904OBJECT<unknown>DEFAULT13
                          _Exit.symtab0x1000acb892FUNC<unknown>DEFAULT2
                          _GLOBAL_OFFSET_TABLE_.symtab0x1001f2380OBJECT<unknown>HIDDEN11
                          _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _SDA_BASE_.symtab0x100272440NOTYPE<unknown>DEFAULT12
                          _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __CTOR_END__.symtab0x1001f0580OBJECT<unknown>DEFAULT7
                          __CTOR_LIST__.symtab0x1001f0540OBJECT<unknown>DEFAULT7
                          __C_ctype_b.symtab0x1001f2644OBJECT<unknown>DEFAULT12
                          __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __C_ctype_b_data.symtab0x1000e7be768OBJECT<unknown>DEFAULT4
                          __DTOR_END__.symtab0x1001f0600OBJECT<unknown>DEFAULT8
                          __DTOR_LIST__.symtab0x1001f05c0OBJECT<unknown>DEFAULT8
                          __EH_FRAME_BEGIN__.symtab0x1001f0000OBJECT<unknown>DEFAULT5
                          __FRAME_END__.symtab0x1001f0500OBJECT<unknown>DEFAULT5
                          __GI___C_ctype_b.symtab0x1001f2644OBJECT<unknown>HIDDEN12
                          __GI___close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                          __GI___close_nocancel.symtab0x1000a48816FUNC<unknown>HIDDEN2
                          __GI___ctype_b.symtab0x1001f2684OBJECT<unknown>HIDDEN12
                          __GI___errno_location.symtab0x1000784820FUNC<unknown>HIDDEN2
                          __GI___fcntl_nocancel.symtab0x100070f0116FUNC<unknown>HIDDEN2
                          __GI___fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                          __GI___libc_close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                          __GI___libc_fcntl.symtab0x10007164236FUNC<unknown>HIDDEN2
                          __GI___libc_open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                          __GI___libc_read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                          __GI___libc_write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                          __GI___open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                          __GI___open_nocancel.symtab0x1000a4fc16FUNC<unknown>HIDDEN2
                          __GI___read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                          __GI___read_nocancel.symtab0x1000a60416FUNC<unknown>HIDDEN2
                          __GI___sigaddset.symtab0x1000814440FUNC<unknown>HIDDEN2
                          __GI___sigdelset.symtab0x1000816c40FUNC<unknown>HIDDEN2
                          __GI___sigismember.symtab0x1000811c40FUNC<unknown>HIDDEN2
                          __GI___uClibc_fini.symtab0x1000a7f8144FUNC<unknown>HIDDEN2
                          __GI___uClibc_init.symtab0x1000a8e8100FUNC<unknown>HIDDEN2
                          __GI___write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                          __GI___write_nocancel.symtab0x1000a58016FUNC<unknown>HIDDEN2
                          __GI__exit.symtab0x1000acb892FUNC<unknown>HIDDEN2
                          __GI_abort.symtab0x10009484248FUNC<unknown>HIDDEN2
                          __GI_accept.symtab0x10007ac8120FUNC<unknown>HIDDEN2
                          __GI_bind.symtab0x10007b4052FUNC<unknown>HIDDEN2
                          __GI_brk.symtab0x1000d2dc52FUNC<unknown>HIDDEN2
                          __GI_close.symtab0x1000a47c116FUNC<unknown>HIDDEN2
                          __GI_closedir.symtab0x10007474212FUNC<unknown>HIDDEN2
                          __GI_config_close.symtab0x1000b67480FUNC<unknown>HIDDEN2
                          __GI_config_open.symtab0x1000b6c484FUNC<unknown>HIDDEN2
                          __GI_config_read.symtab0x1000b340820FUNC<unknown>HIDDEN2
                          __GI_connect.symtab0x10007ba8120FUNC<unknown>HIDDEN2
                          __GI_exit.symtab0x10009a9c136FUNC<unknown>HIDDEN2
                          __GI_fclose.symtab0x1000b718640FUNC<unknown>HIDDEN2
                          __GI_fcntl.symtab0x10007164236FUNC<unknown>HIDDEN2
                          __GI_fflush_unlocked.symtab0x1000c3d4744FUNC<unknown>HIDDEN2
                          __GI_fgetc.symtab0x1000bf94304FUNC<unknown>HIDDEN2
                          __GI_fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                          __GI_fgets.symtab0x1000c0c4244FUNC<unknown>HIDDEN2
                          __GI_fgets_unlocked.symtab0x1000c7f4196FUNC<unknown>HIDDEN2
                          __GI_fopen.symtab0x1000b99812FUNC<unknown>HIDDEN2
                          __GI_fork.symtab0x10009edc824FUNC<unknown>HIDDEN2
                          __GI_fstat.symtab0x1000ad14124FUNC<unknown>HIDDEN2
                          __GI_getc_unlocked.symtab0x1000c6bc312FUNC<unknown>HIDDEN2
                          __GI_getdtablesize.symtab0x1000ae4056FUNC<unknown>HIDDEN2
                          __GI_getegid.symtab0x1000ae7816FUNC<unknown>HIDDEN2
                          __GI_geteuid.symtab0x1000ae8816FUNC<unknown>HIDDEN2
                          __GI_getgid.symtab0x1000ae9816FUNC<unknown>HIDDEN2
                          __GI_getpagesize.symtab0x1000aea828FUNC<unknown>HIDDEN2
                          __GI_getpid.symtab0x1000a21456FUNC<unknown>HIDDEN2
                          __GI_getrlimit.symtab0x1000aec452FUNC<unknown>HIDDEN2
                          __GI_getsockname.symtab0x10007c2052FUNC<unknown>HIDDEN2
                          __GI_getuid.symtab0x1000aef816FUNC<unknown>HIDDEN2
                          __GI_inet_addr.symtab0x10007a6052FUNC<unknown>HIDDEN2
                          __GI_inet_aton.symtab0x1000cd68208FUNC<unknown>HIDDEN2
                          __GI_initstate_r.symtab0x100098d0236FUNC<unknown>HIDDEN2
                          __GI_ioctl.symtab0x1000d14c228FUNC<unknown>HIDDEN2
                          __GI_isatty.symtab0x1000cca044FUNC<unknown>HIDDEN2
                          __GI_kill.symtab0x1000726052FUNC<unknown>HIDDEN2
                          __GI_listen.symtab0x10007c8852FUNC<unknown>HIDDEN2
                          __GI_lseek64.symtab0x1000d918112FUNC<unknown>HIDDEN2
                          __GI_memcpy.symtab0x10007894156FUNC<unknown>HIDDEN2
                          __GI_memmove.symtab0x1000c8b8164FUNC<unknown>HIDDEN2
                          __GI_mempcpy.symtab0x1000d71452FUNC<unknown>HIDDEN2
                          __GI_memset.symtab0x10007930144FUNC<unknown>HIDDEN2
                          __GI_mmap.symtab0x1000af0852FUNC<unknown>HIDDEN2
                          __GI_mremap.symtab0x1000af3c52FUNC<unknown>HIDDEN2
                          __GI_munmap.symtab0x1000af7052FUNC<unknown>HIDDEN2
                          __GI_nanosleep.symtab0x1000afd8112FUNC<unknown>HIDDEN2
                          __GI_open.symtab0x1000a4f0132FUNC<unknown>HIDDEN2
                          __GI_opendir.symtab0x10007600208FUNC<unknown>HIDDEN2
                          __GI_raise.symtab0x1000a24c148FUNC<unknown>HIDDEN2
                          __GI_random.symtab0x10009580104FUNC<unknown>HIDDEN2
                          __GI_random_r.symtab0x10009750140FUNC<unknown>HIDDEN2
                          __GI_read.symtab0x1000a5f8132FUNC<unknown>HIDDEN2
                          __GI_readdir.symtab0x10007788192FUNC<unknown>HIDDEN2
                          __GI_readdir64.symtab0x1000b27c196FUNC<unknown>HIDDEN2
                          __GI_readlink.symtab0x100072c852FUNC<unknown>HIDDEN2
                          __GI_recv.symtab0x10007cf0128FUNC<unknown>HIDDEN2
                          __GI_recvfrom.symtab0x10007da4144FUNC<unknown>HIDDEN2
                          __GI_sbrk.symtab0x1000b048116FUNC<unknown>HIDDEN2
                          __GI_select.symtab0x10007330136FUNC<unknown>HIDDEN2
                          __GI_send.symtab0x10007e68128FUNC<unknown>HIDDEN2
                          __GI_sendto.symtab0x10007f1c144FUNC<unknown>HIDDEN2
                          __GI_setsid.symtab0x100073b852FUNC<unknown>HIDDEN2
                          __GI_setsockopt.symtab0x10007fac52FUNC<unknown>HIDDEN2
                          __GI_setstate_r.symtab0x100099bc224FUNC<unknown>HIDDEN2
                          __GI_sigaction.symtab0x1000ce3836FUNC<unknown>HIDDEN2
                          __GI_sigaddset.symtab0x1000801452FUNC<unknown>HIDDEN2
                          __GI_sigemptyset.symtab0x1000804820FUNC<unknown>HIDDEN2
                          __GI_signal.symtab0x1000805c192FUNC<unknown>HIDDEN2
                          __GI_sigprocmask.symtab0x100073ec120FUNC<unknown>HIDDEN2
                          __GI_sleep.symtab0x1000a2e0292FUNC<unknown>HIDDEN2
                          __GI_socket.symtab0x10007fe052FUNC<unknown>HIDDEN2
                          __GI_srandom_r.symtab0x100097dc244FUNC<unknown>HIDDEN2
                          __GI_strchr.symtab0x1000c95c256FUNC<unknown>HIDDEN2
                          __GI_strchrnul.symtab0x1000ca5c248FUNC<unknown>HIDDEN2
                          __GI_strcmp.symtab0x1000cb5452FUNC<unknown>HIDDEN2
                          __GI_strcoll.symtab0x1000cb5452FUNC<unknown>HIDDEN2
                          __GI_strcspn.symtab0x1000cb8896FUNC<unknown>HIDDEN2
                          __GI_strlen.symtab0x100079c0160FUNC<unknown>HIDDEN2
                          __GI_strrchr.symtab0x1000cbe8112FUNC<unknown>HIDDEN2
                          __GI_strspn.symtab0x1000cc5872FUNC<unknown>HIDDEN2
                          __GI_sysconf.symtab0x10009c6c624FUNC<unknown>HIDDEN2
                          __GI_tcgetattr.symtab0x1000cccc156FUNC<unknown>HIDDEN2
                          __GI_tcsetattr.symtab0x1000d748376FUNC<unknown>HIDDEN2
                          __GI_time.symtab0x1000746416FUNC<unknown>HIDDEN2
                          __GI_times.symtab0x1000b0bc16FUNC<unknown>HIDDEN2
                          __GI_write.symtab0x1000a574132FUNC<unknown>HIDDEN2
                          __JCR_END__.symtab0x1001f0640OBJECT<unknown>DEFAULT9
                          __JCR_LIST__.symtab0x1001f0640OBJECT<unknown>DEFAULT9
                          __app_fini.symtab0x1001f2c04OBJECT<unknown>HIDDEN13
                          __atexit_lock.symtab0x1001f15024OBJECT<unknown>DEFAULT10
                          __bss_start.symtab0x1001f2880NOTYPE<unknown>DEFAULTSHN_ABS
                          __check_one_fd.symtab0x1000a88896FUNC<unknown>DEFAULT2
                          __close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                          __close_nocancel.symtab0x1000a48816FUNC<unknown>DEFAULT2
                          __ctype_b.symtab0x1001f2684OBJECT<unknown>DEFAULT12
                          __curbrk.symtab0x1001f2f84OBJECT<unknown>DEFAULT13
                          __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __do_global_ctors_aux.symtab0x1000d9880FUNC<unknown>DEFAULT2
                          __do_global_dtors_aux.symtab0x100000d80FUNC<unknown>DEFAULT2
                          __dso_handle.symtab0x1001f0680OBJECT<unknown>HIDDEN10
                          __environ.symtab0x1001f2b84OBJECT<unknown>DEFAULT13
                          __errno_location.symtab0x1000784820FUNC<unknown>DEFAULT2
                          __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __exit_cleanup.symtab0x1001f2a44OBJECT<unknown>HIDDEN13
                          __fcntl_nocancel.symtab0x100070f0116FUNC<unknown>DEFAULT2
                          __fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                          __fini_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __fini_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                          __fork_generation_pointer.symtab0x1001f2a84OBJECT<unknown>HIDDEN13
                          __fork_handlers.symtab0x1001f2ac4OBJECT<unknown>HIDDEN13
                          __fork_lock.symtab0x1001f2b04OBJECT<unknown>HIDDEN13
                          __getdents.symtab0x1000ad90176FUNC<unknown>HIDDEN2
                          __getdents64.symtab0x1000d344344FUNC<unknown>HIDDEN2
                          __getpagesize.symtab0x1000aea828FUNC<unknown>DEFAULT2
                          __getpid.symtab0x1000a21456FUNC<unknown>DEFAULT2
                          __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __init_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __init_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __libc_accept.symtab0x10007ac8120FUNC<unknown>DEFAULT2
                          __libc_close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                          __libc_connect.symtab0x10007ba8120FUNC<unknown>DEFAULT2
                          __libc_disable_asynccancel.symtab0x1000a67c124FUNC<unknown>HIDDEN2
                          __libc_enable_asynccancel.symtab0x1000a6f8172FUNC<unknown>HIDDEN2
                          __libc_errno.symtab0x04TLS<unknown>HIDDEN6
                          __libc_fcntl.symtab0x10007164236FUNC<unknown>DEFAULT2
                          __libc_fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                          __libc_h_errno.symtab0x44TLS<unknown>HIDDEN6
                          __libc_nanosleep.symtab0x1000afd8112FUNC<unknown>DEFAULT2
                          __libc_open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                          __libc_read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                          __libc_recv.symtab0x10007cf0128FUNC<unknown>DEFAULT2
                          __libc_recvfrom.symtab0x10007da4144FUNC<unknown>DEFAULT2
                          __libc_select.symtab0x10007330136FUNC<unknown>DEFAULT2
                          __libc_send.symtab0x10007e68128FUNC<unknown>DEFAULT2
                          __libc_sendto.symtab0x10007f1c144FUNC<unknown>DEFAULT2
                          __libc_setup_tls.symtab0x1000cee8464FUNC<unknown>DEFAULT2
                          __libc_sigaction.symtab0x1000ce3836FUNC<unknown>DEFAULT2
                          __libc_stack_end.symtab0x1001f2b44OBJECT<unknown>DEFAULT13
                          __libc_write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                          __lll_lock_wait_private.symtab0x1000a404120FUNC<unknown>HIDDEN2
                          __malloc_consolidate.symtab0x1000906c460FUNC<unknown>HIDDEN2
                          __malloc_largebin_index.symtab0x10008194112FUNC<unknown>DEFAULT2
                          __malloc_lock.symtab0x1001f07424OBJECT<unknown>DEFAULT10
                          __malloc_state.symtab0x100218e8888OBJECT<unknown>DEFAULT14
                          __malloc_trim.symtab0x10008fb4184FUNC<unknown>DEFAULT2
                          __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                          __open_nocancel.symtab0x1000a4fc16FUNC<unknown>DEFAULT2
                          __pagesize.symtab0x1001f2bc4OBJECT<unknown>DEFAULT13
                          __preinit_array_end.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __preinit_array_start.symtab0x1001f0540NOTYPE<unknown>HIDDEN6
                          __progname.symtab0x1001f25c4OBJECT<unknown>DEFAULT12
                          __progname_full.symtab0x1001f2604OBJECT<unknown>DEFAULT12
                          __pthread_initialize_minimal.symtab0x1000d0b812FUNC<unknown>DEFAULT2
                          __pthread_mutex_init.symtab0x1000a7ac8FUNC<unknown>DEFAULT2
                          __pthread_mutex_lock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                          __pthread_mutex_trylock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                          __pthread_mutex_unlock.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                          __pthread_return_0.symtab0x1000a7a48FUNC<unknown>DEFAULT2
                          __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                          __read_nocancel.symtab0x1000a60416FUNC<unknown>DEFAULT2
                          __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                          __rtld_fini.symtab0x1001f2c44OBJECT<unknown>HIDDEN13
                          __sigaddset.symtab0x1000814440FUNC<unknown>DEFAULT2
                          __sigdelset.symtab0x1000816c40FUNC<unknown>DEFAULT2
                          __sigismember.symtab0x1000811c40FUNC<unknown>DEFAULT2
                          __sigjmp_save.symtab0x1000d8c088FUNC<unknown>HIDDEN2
                          __sigsetjmp.symtab0x1000d230172FUNC<unknown>DEFAULT2
                          __stdin.symtab0x1001f2784OBJECT<unknown>DEFAULT12
                          __stdio_READ.symtab0x1000d49c120FUNC<unknown>HIDDEN2
                          __stdio_WRITE.symtab0x1000d514264FUNC<unknown>HIDDEN2
                          __stdio_rfill.symtab0x1000d61c72FUNC<unknown>HIDDEN2
                          __stdio_trans2r_o.symtab0x1000d664176FUNC<unknown>HIDDEN2
                          __stdio_wcommit.symtab0x1000bf4876FUNC<unknown>HIDDEN2
                          __stdout.symtab0x1001f27c4OBJECT<unknown>DEFAULT12
                          __sys_accept.symtab0x10007a9452FUNC<unknown>DEFAULT2
                          __sys_connect.symtab0x10007b7452FUNC<unknown>DEFAULT2
                          __sys_recv.symtab0x10007cbc52FUNC<unknown>DEFAULT2
                          __sys_recvfrom.symtab0x10007d7052FUNC<unknown>DEFAULT2
                          __sys_send.symtab0x10007e3452FUNC<unknown>DEFAULT2
                          __sys_sendto.symtab0x10007ee852FUNC<unknown>DEFAULT2
                          __syscall_error.symtab0x1000ac9428FUNC<unknown>HIDDEN2
                          __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __syscall_nanosleep.symtab0x1000afa452FUNC<unknown>DEFAULT2
                          __syscall_rt_sigaction.symtab0x1000d31052FUNC<unknown>DEFAULT2
                          __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __syscall_select.symtab0x100072fc52FUNC<unknown>DEFAULT2
                          __uClibc_fini.symtab0x1000a7f8144FUNC<unknown>DEFAULT2
                          __uClibc_init.symtab0x1000a8e8100FUNC<unknown>DEFAULT2
                          __uClibc_main.symtab0x1000a94c840FUNC<unknown>DEFAULT2
                          __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          __uclibc_progname.symtab0x1001f2584OBJECT<unknown>HIDDEN12
                          __write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                          __write_nocancel.symtab0x1000a58016FUNC<unknown>DEFAULT2
                          __xstat32_conv.symtab0x1000b1b0204FUNC<unknown>HIDDEN2
                          __xstat64_conv.symtab0x1000b0cc228FUNC<unknown>HIDDEN2
                          _dl_aux_init.symtab0x1000d0c428FUNC<unknown>DEFAULT2
                          _dl_nothread_init_static_tls.symtab0x1000d0e0108FUNC<unknown>HIDDEN2
                          _dl_phdr.symtab0x1001f2f04OBJECT<unknown>DEFAULT13
                          _dl_phnum.symtab0x1001f2f44OBJECT<unknown>DEFAULT13
                          _dl_tls_dtv_gaps.symtab0x1001f2e41OBJECT<unknown>DEFAULT13
                          _dl_tls_dtv_slotinfo_list.symtab0x1001f2e04OBJECT<unknown>DEFAULT13
                          _dl_tls_generation.symtab0x1001f2e84OBJECT<unknown>DEFAULT13
                          _dl_tls_max_dtv_idx.symtab0x1001f2d84OBJECT<unknown>DEFAULT13
                          _dl_tls_setup.symtab0x1000ce9880FUNC<unknown>DEFAULT2
                          _dl_tls_static_align.symtab0x1001f2d44OBJECT<unknown>DEFAULT13
                          _dl_tls_static_nelem.symtab0x1001f2ec4OBJECT<unknown>DEFAULT13
                          _dl_tls_static_size.symtab0x1001f2dc4OBJECT<unknown>DEFAULT13
                          _dl_tls_static_used.symtab0x1001f2d04OBJECT<unknown>DEFAULT13
                          _edata.symtab0x1001f2880NOTYPE<unknown>DEFAULTSHN_ABS
                          _end.symtab0x10021c600NOTYPE<unknown>DEFAULTSHN_ABS
                          _exit.symtab0x1000acb892FUNC<unknown>DEFAULT2
                          _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _fini.symtab0x1000d9f40FUNC<unknown>DEFAULT3
                          _fixed_buffers.symtab0x1001f3648192OBJECT<unknown>DEFAULT14
                          _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _init.symtab0x100000b40FUNC<unknown>DEFAULT1
                          _pthread_cleanup_pop_restore.symtab0x1000a7c056FUNC<unknown>DEFAULT2
                          _pthread_cleanup_push_defer.symtab0x1000a7b412FUNC<unknown>DEFAULT2
                          _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _setjmp.symtab0x1000acb08FUNC<unknown>DEFAULT2
                          _sigintr.symtab0x1001f29c8OBJECT<unknown>HIDDEN13
                          _start.symtab0x1000021872FUNC<unknown>DEFAULT2
                          _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _stdio_fopen.symtab0x1000b9a41000FUNC<unknown>HIDDEN2
                          _stdio_init.symtab0x1000bd8c128FUNC<unknown>HIDDEN2
                          _stdio_openlist.symtab0x1001f2804OBJECT<unknown>DEFAULT12
                          _stdio_openlist_add_lock.symtab0x1001f34c12OBJECT<unknown>DEFAULT14
                          _stdio_openlist_dec_use.symtab0x1000c1b8540FUNC<unknown>HIDDEN2
                          _stdio_openlist_del_count.symtab0x1001f2cc4OBJECT<unknown>DEFAULT13
                          _stdio_openlist_del_lock.symtab0x1001f35812OBJECT<unknown>DEFAULT14
                          _stdio_openlist_use_count.symtab0x1001f2c84OBJECT<unknown>DEFAULT13
                          _stdio_streams.symtab0x1001f168204OBJECT<unknown>DEFAULT10
                          _stdio_term.symtab0x1000be0c316FUNC<unknown>HIDDEN2
                          _stdio_user_locking.symtab0x1001f2844OBJECT<unknown>DEFAULT12
                          _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          abort.symtab0x10009484248FUNC<unknown>DEFAULT2
                          abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          accept.symtab0x10007ac8120FUNC<unknown>DEFAULT2
                          accept.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          anti_gdb_entry.symtab0x1000509c20FUNC<unknown>DEFAULT2
                          attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          attack_get_opt_int.symtab0x10000834132FUNC<unknown>DEFAULT2
                          attack_get_opt_ip.symtab0x100007b4128FUNC<unknown>DEFAULT2
                          attack_init.symtab0x100008b81068FUNC<unknown>DEFAULT2
                          attack_kill_all.symtab0x10000374404FUNC<unknown>DEFAULT2
                          attack_method_nudp.symtab0x100046581620FUNC<unknown>DEFAULT2
                          attack_method_stdhex.symtab0x10004358768FUNC<unknown>DEFAULT2
                          attack_method_tcp.symtab0x100012dc1592FUNC<unknown>DEFAULT2
                          attack_ongoing.symtab0x1001f31832OBJECT<unknown>DEFAULT14
                          attack_parse.symtab0x10000508684FUNC<unknown>DEFAULT2
                          attack_start.symtab0x10000260276FUNC<unknown>DEFAULT2
                          attack_tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          attack_tcp_ack.symtab0x100025c81624FUNC<unknown>DEFAULT2
                          attack_tcp_legit.symtab0x1000325c1668FUNC<unknown>DEFAULT2
                          attack_tcp_null.symtab0x100038e01908FUNC<unknown>DEFAULT2
                          attack_tcp_sack2.symtab0x100019141608FUNC<unknown>DEFAULT2
                          attack_tcp_stomp.symtab0x10001f5c1644FUNC<unknown>DEFAULT2
                          attack_tcp_syn.symtab0x10000ce41528FUNC<unknown>DEFAULT2
                          attack_tcp_syndata.symtab0x10002c201596FUNC<unknown>DEFAULT2
                          attack_udp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          attack_udp_plain.symtab0x10004058768FUNC<unknown>DEFAULT2
                          been_there_done_that.symtab0x1001f3484OBJECT<unknown>DEFAULT14
                          bind.symtab0x10007b4052FUNC<unknown>DEFAULT2
                          bind.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          brk.symtab0x1000d2dc52FUNC<unknown>DEFAULT2
                          bsd_signal.symtab0x1000805c192FUNC<unknown>DEFAULT2
                          call___do_global_ctors_aux.symtab0x1000d9d80FUNC<unknown>DEFAULT2
                          call___do_global_dtors_aux.symtab0x100001700FUNC<unknown>DEFAULT2
                          call_frame_dummy.symtab0x100001fc0FUNC<unknown>DEFAULT2
                          calloc.symtab0x10008b14264FUNC<unknown>DEFAULT2
                          calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          checksum_generic.symtab0x10004cac100FUNC<unknown>DEFAULT2
                          checksum_tcpudp.symtab0x10004d10188FUNC<unknown>DEFAULT2
                          clock.symtab0x1000785c56FUNC<unknown>DEFAULT2
                          clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          close.symtab0x1000a47c116FUNC<unknown>DEFAULT2
                          closedir.symtab0x10007474212FUNC<unknown>DEFAULT2
                          closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          completed.5580.symtab0x1001f2fc0OBJECT<unknown>DEFAULT14
                          connect.symtab0x10007ba8120FUNC<unknown>DEFAULT2
                          connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          ensure_single_instance.symtab0x100050b0492FUNC<unknown>DEFAULT2
                          environ.symtab0x1001f2b84OBJECT<unknown>DEFAULT13
                          errno.symtab0x04TLS<unknown>DEFAULT6
                          errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          exit.symtab0x10009a9c136FUNC<unknown>DEFAULT2
                          exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fclose.symtab0x1000b718640FUNC<unknown>DEFAULT2
                          fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fcntl.symtab0x10007164236FUNC<unknown>DEFAULT2
                          fd_ctrl.symtab0x1001f24c4OBJECT<unknown>DEFAULT12
                          fd_serv.symtab0x1001f2504OBJECT<unknown>DEFAULT12
                          fd_to_DIR.symtab0x10007548184FUNC<unknown>DEFAULT2
                          fdopendir.symtab0x100076d0184FUNC<unknown>DEFAULT2
                          fflush_unlocked.symtab0x1000c3d4744FUNC<unknown>DEFAULT2
                          fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fgetc.symtab0x1000bf94304FUNC<unknown>DEFAULT2
                          fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fgetc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                          fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fgets.symtab0x1000c0c4244FUNC<unknown>DEFAULT2
                          fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fgets_unlocked.symtab0x1000c7f4196FUNC<unknown>DEFAULT2
                          fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fopen.symtab0x1000b99812FUNC<unknown>DEFAULT2
                          fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fork.symtab0x10009edc824FUNC<unknown>DEFAULT2
                          fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          frame_dummy.symtab0x1000018c0FUNC<unknown>DEFAULT2
                          free.symtab0x10009238524FUNC<unknown>DEFAULT2
                          free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          fstat.symtab0x1000ad14124FUNC<unknown>DEFAULT2
                          fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getc.symtab0x1000bf94304FUNC<unknown>DEFAULT2
                          getc_unlocked.symtab0x1000c6bc312FUNC<unknown>DEFAULT2
                          getdents.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getdtablesize.symtab0x1000ae4056FUNC<unknown>DEFAULT2
                          getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getegid.symtab0x1000ae7816FUNC<unknown>DEFAULT2
                          getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          geteuid.symtab0x1000ae8816FUNC<unknown>DEFAULT2
                          geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getgid.symtab0x1000ae9816FUNC<unknown>DEFAULT2
                          getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getpagesize.symtab0x1000aea828FUNC<unknown>DEFAULT2
                          getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getpid.symtab0x1000a21456FUNC<unknown>DEFAULT2
                          getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getppid.symtab0x1000725016FUNC<unknown>DEFAULT2
                          getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getrlimit.symtab0x1000aec452FUNC<unknown>DEFAULT2
                          getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getsockname.symtab0x10007c2052FUNC<unknown>DEFAULT2
                          getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getsockopt.symtab0x10007c5452FUNC<unknown>DEFAULT2
                          getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          getuid.symtab0x1000aef816FUNC<unknown>DEFAULT2
                          getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          h_errno.symtab0x44TLS<unknown>DEFAULT6
                          hexPayload.symtab0x1001f2444OBJECT<unknown>DEFAULT12
                          index.symtab0x1000c95c256FUNC<unknown>DEFAULT2
                          inet_addr.symtab0x10007a6052FUNC<unknown>DEFAULT2
                          inet_aton.symtab0x1000cd68208FUNC<unknown>DEFAULT2
                          inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          init_static_tls.symtab0x1000ce5c60FUNC<unknown>DEFAULT2
                          initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          initstate.symtab0x10009664132FUNC<unknown>DEFAULT2
                          initstate_r.symtab0x100098d0236FUNC<unknown>DEFAULT2
                          ioctl.symtab0x1000d14c228FUNC<unknown>DEFAULT2
                          ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          isatty.symtab0x1000cca044FUNC<unknown>DEFAULT2
                          isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          kill.symtab0x1000726052FUNC<unknown>DEFAULT2
                          kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          killer.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          killer_init.symtab0x10004fa0252FUNC<unknown>DEFAULT2
                          killer_kill.symtab0x10004dcc52FUNC<unknown>DEFAULT2
                          killer_kill_by_port.symtab0x100065841540FUNC<unknown>DEFAULT2
                          killer_mirai_exists.symtab0x10004e00416FUNC<unknown>DEFAULT2
                          killer_pid.symtab0x1001f2944OBJECT<unknown>DEFAULT13
                          libc-cancellation.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          libc-lowlevellock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          libc-tls.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          listen.symtab0x10007c8852FUNC<unknown>DEFAULT2
                          listen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          local_bind.4513.symtab0x1001f0701OBJECT<unknown>DEFAULT10
                          lseek64.symtab0x1000d918112FUNC<unknown>DEFAULT2
                          main.symtab0x1000533c1836FUNC<unknown>DEFAULT2
                          main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          malloc.symtab0x100082042320FUNC<unknown>DEFAULT2
                          malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          malloc_trim.symtab0x1000944464FUNC<unknown>DEFAULT2
                          memcpy.symtab0x10007894156FUNC<unknown>DEFAULT2
                          memcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          memmove.symtab0x1000c8b8164FUNC<unknown>DEFAULT2
                          memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          mempcpy.symtab0x1000d71452FUNC<unknown>DEFAULT2
                          mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          memset.symtab0x10007930144FUNC<unknown>DEFAULT2
                          memset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          methods.symtab0x1001f28c4OBJECT<unknown>DEFAULT13
                          methods_len.symtab0x1001f2881OBJECT<unknown>DEFAULT13
                          mmap.symtab0x1000af0852FUNC<unknown>DEFAULT2
                          mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          mremap.symtab0x1000af3c52FUNC<unknown>DEFAULT2
                          mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          munmap.symtab0x1000af7052FUNC<unknown>DEFAULT2
                          munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          mylock.symtab0x1001f08c24OBJECT<unknown>DEFAULT10
                          mylock.symtab0x1001f0a424OBJECT<unknown>DEFAULT10
                          nanosleep.symtab0x1000afd8112FUNC<unknown>DEFAULT2
                          nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          nprocessors_onln.symtab0x10009b24328FUNC<unknown>DEFAULT2
                          object.5595.symtab0x1001f3000OBJECT<unknown>DEFAULT14
                          open.symtab0x1000a4f0132FUNC<unknown>DEFAULT2
                          opendir.symtab0x10007600208FUNC<unknown>DEFAULT2
                          opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          p.5578.symtab0x1001f06c0OBJECT<unknown>DEFAULT10
                          parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          pending_connection.symtab0x1001f2981OBJECT<unknown>DEFAULT13
                          prctl.symtab0x1000729452FUNC<unknown>DEFAULT2
                          prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          program_invocation_name.symtab0x1001f2604OBJECT<unknown>DEFAULT12
                          program_invocation_short_name.symtab0x1001f25c4OBJECT<unknown>DEFAULT12
                          raise.symtab0x1000a24c148FUNC<unknown>DEFAULT2
                          raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          rand.symtab0x1000957c4FUNC<unknown>DEFAULT2
                          rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          rand_alphastr.symtab0x10005b28364FUNC<unknown>DEFAULT2
                          rand_init.symtab0x10005ab8112FUNC<unknown>DEFAULT2
                          rand_next.symtab0x10005a6880FUNC<unknown>DEFAULT2
                          rand_str.symtab0x10005c94256FUNC<unknown>DEFAULT2
                          random.symtab0x10009580104FUNC<unknown>DEFAULT2
                          random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          random_poly_info.symtab0x1000e36840OBJECT<unknown>DEFAULT4
                          random_r.symtab0x10009750140FUNC<unknown>DEFAULT2
                          random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          randtbl.symtab0x1001f0d0128OBJECT<unknown>DEFAULT10
                          read.symtab0x1000a5f8132FUNC<unknown>DEFAULT2
                          readdir.symtab0x10007788192FUNC<unknown>DEFAULT2
                          readdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          readdir64.symtab0x1000b27c196FUNC<unknown>DEFAULT2
                          readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          readlink.symtab0x100072c852FUNC<unknown>DEFAULT2
                          readlink.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          realloc.symtab0x10008c1c920FUNC<unknown>DEFAULT2
                          realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          recv.symtab0x10007cf0128FUNC<unknown>DEFAULT2
                          recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          recvfrom.symtab0x10007da4144FUNC<unknown>DEFAULT2
                          recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          register-atfork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          resolv_entries_free.symtab0x10005d9468FUNC<unknown>DEFAULT2
                          resolv_lookup.symtab0x10005dd81340FUNC<unknown>DEFAULT2
                          resolve_cnc_addr.symtab0x1000529c160FUNC<unknown>DEFAULT2
                          resolve_func.symtab0x1001f2484OBJECT<unknown>DEFAULT12
                          rindex.symtab0x1000cbe8112FUNC<unknown>DEFAULT2
                          sbrk.symtab0x1000b048116FUNC<unknown>DEFAULT2
                          sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          select.symtab0x10007330136FUNC<unknown>DEFAULT2
                          select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          send.symtab0x10007e68128FUNC<unknown>DEFAULT2
                          send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sendto.symtab0x10007f1c144FUNC<unknown>DEFAULT2
                          sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          setsid.symtab0x100073b852FUNC<unknown>DEFAULT2
                          setsid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          setsockopt.symtab0x10007fac52FUNC<unknown>DEFAULT2
                          setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          setstate.symtab0x100095e8124FUNC<unknown>DEFAULT2
                          setstate_r.symtab0x100099bc224FUNC<unknown>DEFAULT2
                          sigaction.symtab0x1000ce3836FUNC<unknown>DEFAULT2
                          sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sigaddset.symtab0x1000801452FUNC<unknown>DEFAULT2
                          sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sigemptyset.symtab0x1000804820FUNC<unknown>DEFAULT2
                          sigjmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          signal.symtab0x1000805c192FUNC<unknown>DEFAULT2
                          signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sigprocmask.symtab0x100073ec120FUNC<unknown>DEFAULT2
                          sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sleep.symtab0x1000a2e0292FUNC<unknown>DEFAULT2
                          sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          socket.symtab0x10007fe052FUNC<unknown>DEFAULT2
                          socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          srand.symtab0x100096e8104FUNC<unknown>DEFAULT2
                          srandom.symtab0x100096e8104FUNC<unknown>DEFAULT2
                          srandom_r.symtab0x100097dc244FUNC<unknown>DEFAULT2
                          srv_addr.symtab0x100218a016OBJECT<unknown>DEFAULT14
                          static_dtv.symtab0x1002166c512OBJECT<unknown>DEFAULT14
                          static_map.symtab0x1002186c52OBJECT<unknown>DEFAULT14
                          static_slotinfo.symtab0x10021364776OBJECT<unknown>DEFAULT14
                          stderr.symtab0x1001f2744OBJECT<unknown>DEFAULT12
                          stdin.symtab0x1001f26c4OBJECT<unknown>DEFAULT12
                          stdout.symtab0x1001f2704OBJECT<unknown>DEFAULT12
                          strchr.symtab0x1000c95c256FUNC<unknown>DEFAULT2
                          strchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strchrnul.symtab0x1000ca5c248FUNC<unknown>DEFAULT2
                          strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strcmp.symtab0x1000cb5452FUNC<unknown>DEFAULT2
                          strcmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strcoll.symtab0x1000cb5452FUNC<unknown>DEFAULT2
                          strcspn.symtab0x1000cb8896FUNC<unknown>DEFAULT2
                          strcspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strlen.symtab0x100079c0160FUNC<unknown>DEFAULT2
                          strlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strrchr.symtab0x1000cbe8112FUNC<unknown>DEFAULT2
                          strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          strspn.symtab0x1000cc5872FUNC<unknown>DEFAULT2
                          strspn.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          sysconf.symtab0x10009c6c624FUNC<unknown>DEFAULT2
                          sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          table.symtab0x100218b056OBJECT<unknown>DEFAULT14
                          table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          table_init.symtab0x10006454304FUNC<unknown>DEFAULT2
                          table_key.symtab0x1001f2544OBJECT<unknown>DEFAULT12
                          table_lock_val.symtab0x1000633c140FUNC<unknown>DEFAULT2
                          table_retrieve_val.symtab0x1000631440FUNC<unknown>DEFAULT2
                          table_unlock_val.symtab0x100063c8140FUNC<unknown>DEFAULT2
                          tcgetattr.symtab0x1000cccc156FUNC<unknown>DEFAULT2
                          tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          tcp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          tcsetattr.symtab0x1000d748376FUNC<unknown>DEFAULT2
                          tcsetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          time.symtab0x1000746416FUNC<unknown>DEFAULT2
                          time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          times.symtab0x1000b0bc16FUNC<unknown>DEFAULT2
                          times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          unsafe_state.symtab0x1001f0bc20OBJECT<unknown>DEFAULT10
                          update_process.symtab0x100040544FUNC<unknown>DEFAULT2
                          util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          util_atoi.symtab0x10006ebc308FUNC<unknown>DEFAULT2
                          util_fdgets.symtab0x10006cc0164FUNC<unknown>DEFAULT2
                          util_isalpha.symtab0x10006c7848FUNC<unknown>DEFAULT2
                          util_isdigit.symtab0x10006ca824FUNC<unknown>DEFAULT2
                          util_itoa.symtab0x10006ff0256FUNC<unknown>DEFAULT2
                          util_local_addr.symtab0x10006d64172FUNC<unknown>DEFAULT2
                          util_memcpy.symtab0x10006c3036FUNC<unknown>DEFAULT2
                          util_strcat.symtab0x10006bb060FUNC<unknown>DEFAULT2
                          util_strcpy.symtab0x10006bec68FUNC<unknown>DEFAULT2
                          util_stristr.symtab0x10006e10172FUNC<unknown>DEFAULT2
                          util_strlen.symtab0x10006b8840FUNC<unknown>DEFAULT2
                          util_zero.symtab0x10006c5436FUNC<unknown>DEFAULT2
                          w.symtab0x1001f3384OBJECT<unknown>DEFAULT14
                          write.symtab0x1000a574132FUNC<unknown>DEFAULT2
                          x.symtab0x1001f33c4OBJECT<unknown>DEFAULT14
                          xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                          y.symtab0x1001f3404OBJECT<unknown>DEFAULT14
                          z.symtab0x1001f3444OBJECT<unknown>DEFAULT14

                          Network Behavior

                          Download Network PCAP: filteredfull

                          Network Port Distribution

                          • Total Packets: 30
                          • 56999 undefined
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 4, 2025 07:29:28.661835909 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:28.668106079 CET5699941476160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:28.668215036 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:28.678117037 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:28.683109999 CET5699941476160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:28.683182955 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:28.688230038 CET5699941476160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:29.631369114 CET5699941476160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:29.631552935 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.631807089 CET4147656999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.641196966 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.646291018 CET5699941478160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:29.646347046 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.647584915 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.652681112 CET5699941478160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:29.652735949 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:29.657730103 CET5699941478160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:30.630090952 CET5699941478160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:30.630336046 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.630336046 CET4147856999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.638549089 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.643635988 CET5699941480160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:30.643719912 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.644429922 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.649436951 CET5699941480160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:30.649475098 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:30.654508114 CET5699941480160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:31.629293919 CET5699941480160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:31.629503965 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.629504919 CET4148056999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.638751984 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.643760920 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:31.643835068 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.644649982 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.649605036 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:31.649667978 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:31.655391932 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:41.654946089 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:29:41.660175085 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:42.004611015 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:29:42.004878998 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:30:42.047801971 CET4148256999192.168.2.13160.22.161.89
                          Mar 4, 2025 07:30:42.053240061 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:30:42.398123026 CET5699941482160.22.161.89192.168.2.13
                          Mar 4, 2025 07:30:42.398371935 CET4148256999192.168.2.13160.22.161.89
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 4, 2025 07:29:28.651578903 CET4410753192.168.2.138.8.8.8
                          Mar 4, 2025 07:29:28.660259008 CET53441078.8.8.8192.168.2.13
                          Mar 4, 2025 07:29:29.633065939 CET5525353192.168.2.138.8.8.8
                          Mar 4, 2025 07:29:29.640563965 CET53552538.8.8.8192.168.2.13
                          Mar 4, 2025 07:29:30.631376028 CET4671353192.168.2.138.8.8.8
                          Mar 4, 2025 07:29:30.638041973 CET53467138.8.8.8192.168.2.13
                          Mar 4, 2025 07:29:31.630601883 CET6031653192.168.2.138.8.8.8
                          Mar 4, 2025 07:29:31.638314962 CET53603168.8.8.8192.168.2.13

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Mar 4, 2025 07:29:28.651578903 CET192.168.2.138.8.8.80xb274Standard query (0)srolangvan.comA (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:29.633065939 CET192.168.2.138.8.8.80x30b9Standard query (0)srolangvan.comA (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:30.631376028 CET192.168.2.138.8.8.80x81d6Standard query (0)srolangvan.comA (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:31.630601883 CET192.168.2.138.8.8.80x9eb6Standard query (0)srolangvan.comA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Mar 4, 2025 07:29:28.660259008 CET8.8.8.8192.168.2.130xb274No error (0)srolangvan.com160.22.161.89A (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:29.640563965 CET8.8.8.8192.168.2.130x30b9No error (0)srolangvan.com160.22.161.89A (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:30.638041973 CET8.8.8.8192.168.2.130x81d6No error (0)srolangvan.com160.22.161.89A (IP address)IN (0x0001)false
                          Mar 4, 2025 07:29:31.638314962 CET8.8.8.8192.168.2.130x9eb6No error (0)srolangvan.com160.22.161.89A (IP address)IN (0x0001)false

                          System Behavior

                          General

                          Start time (UTC):06:29:27
                          Start date (UTC):04/03/2025
                          Path:/tmp/ppc.elf
                          Arguments:/tmp/ppc.elf
                          File size:5388968 bytes
                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                          File Activities

                          Process Activities

                          System Activities

                          Network Activities


                          General

                          Start time (UTC):06:29:27
                          Start date (UTC):04/03/2025
                          Path:/tmp/ppc.elf
                          Arguments:-
                          File size:5388968 bytes
                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                          Process Activities

                          Network Activities


                          General

                          Start time (UTC):06:29:27
                          Start date (UTC):04/03/2025
                          Path:/tmp/ppc.elf
                          Arguments:-
                          File size:5388968 bytes
                          MD5 hash:ae65271c943d3451b7f026d1fadccea6

                          File Activities

                          Process Activities