Create Interactive Tour

Linux Analysis Report
psmips.elf

Overview

General Information

Sample name:	psmips.elf
Analysis ID:	1644216
MD5:	2ef51410690dc12a309cc8b0aa59a294
SHA1:	b4b5c0a8ed4d01b637556826afffd87c831ca543
SHA256:	f7b791cd1a116eaecf3a2bb4d63077f02e19af185b036058f4f42f24d52979f9
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "ps" command used to list the status of processes

Executes the "rm" command used to delete files or directories

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1644216
Start date and time:	2025-03-20 13:06:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	psmips.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:	/tmp/psmips.elf
PID:	5481
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

psmips.elf (PID: 5481, Parent: 5406, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/psmips.elf

psmips.elf New Fork (PID: 5483, Parent: 5481)

psmips.elf New Fork (PID: 5489, Parent: 5483)

sh (PID: 5489, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5491, Parent: 5489)

ps (PID: 5491, Parent: 5489, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5492, Parent: 5483)

sh (PID: 5492, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5497, Parent: 5492)

ps (PID: 5497, Parent: 5492, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5500, Parent: 5483)

sh (PID: 5500, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5502, Parent: 5500)

ps (PID: 5502, Parent: 5500, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5511, Parent: 5483)

sh (PID: 5511, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5513, Parent: 5511)

ps (PID: 5513, Parent: 5511, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5514, Parent: 5483)

sh (PID: 5514, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5516, Parent: 5514)

ps (PID: 5516, Parent: 5514, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5520, Parent: 5483)

sh (PID: 5520, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5522, Parent: 5520)

ps (PID: 5522, Parent: 5520, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5541, Parent: 5483)

sh (PID: 5541, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5543, Parent: 5541)

ps (PID: 5543, Parent: 5541, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5546, Parent: 5483)

sh (PID: 5546, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5548, Parent: 5546)

ps (PID: 5548, Parent: 5546, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5551, Parent: 5483)

sh (PID: 5551, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5557, Parent: 5551)

ps (PID: 5557, Parent: 5551, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5558, Parent: 5483)

sh (PID: 5558, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5560, Parent: 5558)

ps (PID: 5560, Parent: 5558, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5563, Parent: 5483)

sh (PID: 5563, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5565, Parent: 5563)

ps (PID: 5565, Parent: 5563, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5568, Parent: 5483)

sh (PID: 5568, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5570, Parent: 5568)

ps (PID: 5570, Parent: 5568, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5571, Parent: 5483)

sh (PID: 5571, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5573, Parent: 5571)

ps (PID: 5573, Parent: 5571, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5576, Parent: 5483)

sh (PID: 5576, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5578, Parent: 5576)

ps (PID: 5578, Parent: 5576, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5580, Parent: 5483)

sh (PID: 5580, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5586, Parent: 5580)

ps (PID: 5586, Parent: 5580, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5589, Parent: 5483)

sh (PID: 5589, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5591, Parent: 5589)

ps (PID: 5591, Parent: 5589, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5596, Parent: 5483)

sh (PID: 5596, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5601, Parent: 5596)

ps (PID: 5601, Parent: 5596, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5604, Parent: 5483)

sh (PID: 5604, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5606, Parent: 5604)

ps (PID: 5606, Parent: 5604, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5607, Parent: 5483)

sh (PID: 5607, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5609, Parent: 5607)

ps (PID: 5609, Parent: 5607, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5612, Parent: 5483)

sh (PID: 5612, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5618, Parent: 5612)

ps (PID: 5618, Parent: 5612, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5621, Parent: 5483)

sh (PID: 5621, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5623, Parent: 5621)

ps (PID: 5623, Parent: 5621, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5624, Parent: 5483)

sh (PID: 5624, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5626, Parent: 5624)

ps (PID: 5626, Parent: 5624, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5629, Parent: 5483)

sh (PID: 5629, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5631, Parent: 5629)

ps (PID: 5631, Parent: 5629, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5635, Parent: 5483)

sh (PID: 5635, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5641, Parent: 5635)

ps (PID: 5641, Parent: 5635, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5642, Parent: 5483)

sh (PID: 5642, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5644, Parent: 5642)

ps (PID: 5644, Parent: 5642, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5647, Parent: 5483)

sh (PID: 5647, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5653, Parent: 5647)

ps (PID: 5653, Parent: 5647, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5656, Parent: 5483)

sh (PID: 5656, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5658, Parent: 5656)

ps (PID: 5658, Parent: 5656, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5683, Parent: 5483)

sh (PID: 5683, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5688, Parent: 5683)

ps (PID: 5688, Parent: 5683, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5691, Parent: 5483)

sh (PID: 5691, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5693, Parent: 5691)

ps (PID: 5693, Parent: 5691, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5696, Parent: 5483)

sh (PID: 5696, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5698, Parent: 5696)

ps (PID: 5698, Parent: 5696, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5699, Parent: 5483)

sh (PID: 5699, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5701, Parent: 5699)

ps (PID: 5701, Parent: 5699, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5705, Parent: 5483)

sh (PID: 5705, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5707, Parent: 5705)

ps (PID: 5707, Parent: 5705, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5712, Parent: 5483)

sh (PID: 5712, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5714, Parent: 5712)

ps (PID: 5714, Parent: 5712, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5715, Parent: 5483)

sh (PID: 5715, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5717, Parent: 5715)

ps (PID: 5717, Parent: 5715, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5720, Parent: 5483)

sh (PID: 5720, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5722, Parent: 5720)

ps (PID: 5722, Parent: 5720, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5723, Parent: 5483)

sh (PID: 5723, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5725, Parent: 5723)

ps (PID: 5725, Parent: 5723, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

psmips.elf New Fork (PID: 5728, Parent: 5483)

sh (PID: 5728, Parent: 5483, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps w"

sh New Fork (PID: 5730, Parent: 5728)

ps (PID: 5730, Parent: 5728, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps w

dash New Fork (PID: 5659, Parent: 3632)

rm (PID: 5659, Parent: 3632, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr

dash New Fork (PID: 5660, Parent: 3632)

rm (PID: 5660, Parent: 3632, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Bitcoin Miner
• Networking
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: psmips.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: psmips.elf	Virustotal: Detection: 43%			Perma Link
Source: psmips.elf	ReversingLabs: Detection: 44%

Source: /usr/bin/ps (PID: 5491)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5502)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5516)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5522)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5543)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5548)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5557)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5565)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5570)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5573)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5578)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5586)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5591)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5601)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5606)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5609)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5618)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5623)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5626)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5631)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5641)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5644)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5653)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5658)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5688)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5693)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5698)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5701)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5707)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5714)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5717)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5722)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5725)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5730)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55

Source: unknown	Network traffic detected: HTTP traffic on port 34592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37910
Source: unknown	Network traffic detected: HTTP traffic on port 37910 -> 443

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: psmips.elf	ELF static info symbol of initial sample: libc/string/mips/memcpy.S
Source: psmips.elf	ELF static info symbol of initial sample: libc/string/mips/memset.S
Source: psmips.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crt1.S
Source: psmips.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crti.S
Source: psmips.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/crtn.S
Source: psmips.elf	ELF static info symbol of initial sample: libc/sysdeps/linux/mips/pipe.S

Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3760/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3760/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3760/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3761/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3761/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3761/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1583/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1583/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/2672/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/2672/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/110/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/110/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/110/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3759/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3759/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3759/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/111/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/111/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/111/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/112/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/112/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/112/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/113/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/113/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/113/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/234/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/234/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/234/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1577/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1577/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1577/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/114/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/114/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/114/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/235/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/235/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/235/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/115/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/115/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/115/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/116/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/116/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/116/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/117/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/117/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/117/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/118/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/118/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/118/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/119/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/119/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/119/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3752/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3752/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3752/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3632/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3632/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3632/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/10/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/10/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/10/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/917/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/917/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/917/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/11/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/11/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/11/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/12/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/12/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/12/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/13/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/13/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/13/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/14/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/14/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/14/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/15/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/15/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/15/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/16/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/16/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/16/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/17/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/17/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/17/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/18/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/18/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/18/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/19/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/19/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/19/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1593/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1593/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/240/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/240/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/240/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/120/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/120/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/120/cmdline	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3094/stat	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3094/status	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	File opened: /proc/3094/cmdline	Jump to behavior

Source: /tmp/psmips.elf (PID: 5489)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5492)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5500)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5511)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5514)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5520)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5541)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5546)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5551)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5558)	Shell command executed: sh -c "ps w"	Jump to behavior
Source: /tmp/psmips.elf (PID: 5563)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5568)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5571)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5576)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5580)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5589)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5596)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5604)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5607)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5612)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5621)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5624)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5629)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5635)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5642)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5647)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5656)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5683)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5691)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5696)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5699)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5705)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5712)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5715)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5720)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5723)	Shell command executed: sh -c "ps w"
Source: /tmp/psmips.elf (PID: 5728)	Shell command executed: sh -c "ps w"

Source: /bin/sh (PID: 5491)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5497)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5502)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5513)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5516)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5522)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5543)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5548)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5557)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5560)	Ps executable: /usr/bin/ps -> ps w	Jump to behavior
Source: /bin/sh (PID: 5565)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5570)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5573)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5578)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5586)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5591)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5601)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5606)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5609)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5618)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5623)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5626)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5631)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5641)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5644)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5653)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5658)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5688)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5693)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5698)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5701)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5707)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5714)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5717)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5722)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5725)	Ps executable: /usr/bin/ps -> ps w
Source: /bin/sh (PID: 5730)	Ps executable: /usr/bin/ps -> ps w

Source: /usr/bin/dash (PID: 5659)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr
Source: /usr/bin/dash (PID: 5660)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr

Source: /usr/bin/ps (PID: 5491)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5497)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5502)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5513)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5516)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5522)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5543)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5548)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5557)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /usr/bin/ps (PID: 5565)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5570)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5573)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5578)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5586)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5591)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5601)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5606)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5609)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5618)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5623)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5626)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5631)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5641)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5644)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5653)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5658)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5688)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5693)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5698)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5701)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5707)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5714)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5717)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5722)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5725)	Reads from proc file: /proc/meminfo
Source: /usr/bin/ps (PID: 5730)	Reads from proc file: /proc/meminfo

Source: /usr/bin/ps (PID: 5491)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5502)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5516)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5522)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5543)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5548)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5557)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/ps (PID: 5565)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5570)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5573)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5578)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5586)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5591)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5601)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5606)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5609)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5618)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5623)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5626)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5631)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5641)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5644)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5653)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5658)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5688)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5693)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5698)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5701)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5707)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5714)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5717)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5722)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5725)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/ps (PID: 5730)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /tmp/psmips.elf (PID: 5481)

Queries kernel information via 'uname':

Jump to behavior

Source: psmips.elf, 5481.1.000055c311fc8000.000055c31204f000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: psmips.elf, 5481.1.000055c311fc8000.000055c31204f000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: psmips.elf, 5481.1.00007ffe7eccb000.00007ffe7ecec000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: psmips.elf, 5481.1.00007ffe7eccb000.00007ffe7ecec000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/psmips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/psmips.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 File Deletion	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
psmips.elf	44%	Virustotal		Browse
psmips.elf	44%	ReversingLabs	Linux.Trojan.Mirai
psmips.elf	100%	Avira	LINUX/AVI.Agent.vjxlv

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.171.230.55	unknown	United States		16509	AMAZON-02US	false
54.217.10.153	unknown	United States		16509	AMAZON-02US	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
54.171.230.55	yakuza.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	main_mpsl.elf	Get hash	malicious	Mirai	Browse
	i.elf	Get hash	malicious	Mirai	Browse
	arc.elf	Get hash	malicious	Mirai	Browse
	aarch64.elf	Get hash	malicious	Mirai	Browse
	boatnet.m68k.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
54.217.10.153	yakuza.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	main_x86.elf	Get hash	malicious	Mirai	Browse
	jkse.arm7.elf	Get hash	malicious	Mirai	Browse
	re.bot.mips.elf	Get hash	malicious	Unknown	Browse
	45.126.126.33-sora.arm-2025-03-12T01_48_26.elf	Get hash	malicious	Mirai	Browse
	efea6.elf	Get hash	malicious	Mirai	Browse
	tftp.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	nshkarm6.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	yakuza.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	yakuza.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.217.10.153
	https://sharepointsync.zoholandingpage.com/vandpsolutions.com?PO60267SP-20-2025	Get hash	malicious	HTMLPhisher	Browse	13.249.91.126
	yakuza.sh4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	.5r3fqt67ew531has4231.mpsl.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	.5r3fqt67ew531has4231.ppc.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	http://escogruupo.com	Get hash	malicious	Unknown	Browse	18.238.55.64
	main_m68k.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	main_x86.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
AMAZON-02US	yakuza.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	yakuza.m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.217.10.153
	https://sharepointsync.zoholandingpage.com/vandpsolutions.com?PO60267SP-20-2025	Get hash	malicious	HTMLPhisher	Browse	13.249.91.126
	yakuza.sh4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	na.elf	Get hash	malicious	Prometei	Browse	54.255.164.76
	.5r3fqt67ew531has4231.mpsl.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	.5r3fqt67ew531has4231.ppc.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	http://escogruupo.com	Get hash	malicious	Unknown	Browse	18.238.55.64
	main_m68k.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	main_x86.elf	Get hash	malicious	Mirai	Browse	34.249.145.219

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
Entropy (8bit):	5.326178579446536
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	psmips.elf
File size:	59'208 bytes
MD5:	2ef51410690dc12a309cc8b0aa59a294
SHA1:	b4b5c0a8ed4d01b637556826afffd87c831ca543
SHA256:	f7b791cd1a116eaecf3a2bb4d63077f02e19af185b036058f4f42f24d52979f9
SHA512:	941777907b0c6c8ddb2165587402c04bac028001f72c1f8aaab08b93778fffab59f295ae4f861ce7543ec9b71bee0c831985d397a3c54fd3d92a1510afa282e6
SSDEEP:	768:aZ66bi0XFjNGyf0yZdqeYYmU5IcGQE3WjaIKzoMvQyfYute/S:aZ6ii0XJ9+e5mOpGQEGIvQyfYute/S
TLSH:	9143D9123A11EFFBE55D82300BF38A3056D576A52E919389F25CEB5C1F226CC1C5E7A4
File Content Preview:	.ELF.....................@.....4.........4. ...(....p........@...@...........................@...@.....D...D...............D.D.D.D.D......&.........dt.Q.................................................E.p<...'......!'.......................<...'......!...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4002a0
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	44996
Section Header Size:	40
Number of Section Headers:	20
Header String Table Index:	17

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.reginfo	MIPS_REGINFO	0x4000b4	0xb4	0x18	0x18	0x2	A	0	0	4
.init	PROGBITS	0x4000cc	0xcc	0x8c	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x400160	0x160	0x7b00	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x407c60	0x7c60	0x5c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x407cc0	0x7cc0	0x1480	0x0	0x2	A	0	0	16
.eh_frame	PROGBITS	0x409140	0x9140	0x4	0x0	0x2	A	0	0	4
.ctors	PROGBITS	0x449144	0x9144	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x44914c	0x914c	0x8	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x449154	0x9154	0x4	0x0	0x3	WA	0	0	4
.data	PROGBITS	0x449160	0x9160	0x320	0x0	0x3	WA	0	0	16
.got	PROGBITS	0x449480	0x9480	0x2ac	0x4	0x10000003	WAp	0	0	16
.sbss	NOBITS	0x44972c	0x972c	0x8	0x0	0x10000003	WAp	0	0	4
.bss	NOBITS	0x449740	0x972c	0x20d8	0x0	0x3	WA	0	0	16
.comment	PROGBITS	0x0	0x972c	0x786	0x0	0x0		0	0	1
.mdebug.abi32	PROGBITS	0x786	0x9eb2	0x0	0x0	0x0		0	0	1
.pdr	PROGBITS	0x0	0x9eb4	0x1080	0x0	0x0		0	0	4
.shstrtab	STRTAB	0x0	0xaf34	0x8d	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0xb2e4	0x1db0	0x10	0x0		19	203	4
.strtab	STRTAB	0x0	0xd094	0x16b4	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
<unknown>	0xb4	0x4000b4	0x4000b4	0x18	0x18	0.9834	0x4	R	0x4	.reginfo
LOAD	0x0	0x400000	0x400000	0x9144	0x9144	5.4180	0x5	R E	0x10000	.reginfo .init .text .fini .rodata .eh_frame
LOAD	0x9144	0x449144	0x449144	0x5e8	0x26d4	2.9420	0x6	RW	0x10000	.ctors .dtors .jcr .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x4000b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x4000cc	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x400160	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x407c60	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x407cc0	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x409140	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x449144	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x44914c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x449154	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x449160	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x449480	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x44972c	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x449740	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x786	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
_GLOBAL_OFFSET_TABLE_	.symtab	0x449480	0	OBJECT	<unknown>	DEFAULT	11
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__CTOR_END__	.symtab	0x449148	0	OBJECT	<unknown>	DEFAULT	7
__CTOR_LIST__	.symtab	0x449144	0	OBJECT	<unknown>	DEFAULT	7
__C_ctype_b	.symtab	0x449420	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x408aa0	768	OBJECT	<unknown>	DEFAULT	5
__C_ctype_tolower	.symtab	0x449430	4	OBJECT	<unknown>	DEFAULT	10
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x408da0	768	OBJECT	<unknown>	DEFAULT	5
__DTOR_END__	.symtab	0x449150	0	OBJECT	<unknown>	DEFAULT	8
__DTOR_LIST__	.symtab	0x44914c	0	OBJECT	<unknown>	DEFAULT	8
__EH_FRAME_BEGIN__	.symtab	0x409140	0	OBJECT	<unknown>	DEFAULT	6
__FRAME_END__	.symtab	0x409140	0	OBJECT	<unknown>	DEFAULT	6
__GI___C_ctype_b	.symtab	0x449420	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_b_data	.symtab	0x408aa0	768	OBJECT	<unknown>	HIDDEN	5
__GI___C_ctype_tolower	.symtab	0x449430	4	OBJECT	<unknown>	HIDDEN	10
__GI___C_ctype_tolower_data	.symtab	0x408da0	768	OBJECT	<unknown>	HIDDEN	5
__GI___ctype_b	.symtab	0x449424	4	OBJECT	<unknown>	HIDDEN	10
__GI___ctype_tolower	.symtab	0x449434	4	OBJECT	<unknown>	HIDDEN	10
__GI___errno_location	.symtab	0x400980	24	FUNC	<unknown>	HIDDEN	3
__GI___fgetc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	HIDDEN	3
__GI___glibc_strerror_r	.symtab	0x402d90	68	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl	.symtab	0x404790	136	FUNC	<unknown>	HIDDEN	3
__GI___libc_fcntl64	.symtab	0x404820	104	FUNC	<unknown>	HIDDEN	3
__GI___libc_open	.symtab	0x404bf0	124	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_fini	.symtab	0x404200	196	FUNC	<unknown>	HIDDEN	3
__GI___uClibc_init	.symtab	0x40435c	140	FUNC	<unknown>	HIDDEN	3
__GI___xpg_strerror_r	.symtab	0x402de0	392	FUNC	<unknown>	HIDDEN	3
__GI__exit	.symtab	0x404890	80	FUNC	<unknown>	HIDDEN	3
__GI_abort	.symtab	0x406d80	428	FUNC	<unknown>	HIDDEN	3
__GI_brk	.symtab	0x407050	112	FUNC	<unknown>	HIDDEN	3
__GI_close	.symtab	0x400860	84	FUNC	<unknown>	HIDDEN	3
__GI_connect	.symtab	0x403980	84	FUNC	<unknown>	HIDDEN	3
__GI_dup2	.symtab	0x4048e0	84	FUNC	<unknown>	HIDDEN	3
__GI_errno	.symtab	0x44b7c0	4	OBJECT	<unknown>	HIDDEN	13
__GI_execl	.symtab	0x4040a0	204	FUNC	<unknown>	HIDDEN	3
__GI_execve	.symtab	0x404940	84	FUNC	<unknown>	HIDDEN	3
__GI_exit	.symtab	0x406f30	236	FUNC	<unknown>	HIDDEN	3
__GI_fclose	.symtab	0x404f20	512	FUNC	<unknown>	HIDDEN	3
__GI_fcntl	.symtab	0x404790	136	FUNC	<unknown>	HIDDEN	3
__GI_fcntl64	.symtab	0x404820	104	FUNC	<unknown>	HIDDEN	3
__GI_fdopen	.symtab	0x405120	128	FUNC	<unknown>	HIDDEN	3
__GI_fflush_unlocked	.symtab	0x4066d0	628	FUNC	<unknown>	HIDDEN	3
__GI_fgetc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	HIDDEN	3
__GI_fgets	.symtab	0x402470	216	FUNC	<unknown>	HIDDEN	3
__GI_fgets_unlocked	.symtab	0x402550	268	FUNC	<unknown>	HIDDEN	3
__GI_fork	.symtab	0x4008c0	84	FUNC	<unknown>	HIDDEN	3
__GI_fprintf	.symtab	0x400a00	72	FUNC	<unknown>	HIDDEN	3
__GI_fputs_unlocked	.symtab	0x402660	128	FUNC	<unknown>	HIDDEN	3
__GI_fseek	.symtab	0x4073c0	68	FUNC	<unknown>	HIDDEN	3
__GI_fseeko64	.symtab	0x407410	388	FUNC	<unknown>	HIDDEN	3
__GI_fwrite_unlocked	.symtab	0x4026e0	280	FUNC	<unknown>	HIDDEN	3
__GI_getc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	HIDDEN	3
__GI_getegid	.symtab	0x4049a0	88	FUNC	<unknown>	HIDDEN	3
__GI_geteuid	.symtab	0x404a00	88	FUNC	<unknown>	HIDDEN	3
__GI_getgid	.symtab	0x404a60	84	FUNC	<unknown>	HIDDEN	3
__GI_getpid	.symtab	0x407a20	84	FUNC	<unknown>	HIDDEN	3
__GI_getuid	.symtab	0x404ac0	84	FUNC	<unknown>	HIDDEN	3
__GI_h_errno	.symtab	0x44b7c4	4	OBJECT	<unknown>	HIDDEN	13
__GI_inet_ntop	.symtab	0x403620	852	FUNC	<unknown>	HIDDEN	3
__GI_inet_pton	.symtab	0x403170	700	FUNC	<unknown>	HIDDEN	3
__GI_ioctl	.symtab	0x404b20	104	FUNC	<unknown>	HIDDEN	3
__GI_isatty	.symtab	0x402f70	60	FUNC	<unknown>	HIDDEN	3
__GI_kill	.symtab	0x407a80	88	FUNC	<unknown>	HIDDEN	3
__GI_lseek64	.symtab	0x407ae0	168	FUNC	<unknown>	HIDDEN	3
__GI_memchr	.symtab	0x406ae0	264	FUNC	<unknown>	HIDDEN	3
__GI_memcpy	.symtab	0x402800	308	FUNC	<unknown>	HIDDEN	3
__GI_mempcpy	.symtab	0x406bf0	76	FUNC	<unknown>	HIDDEN	3
__GI_memrchr	.symtab	0x406c40	272	FUNC	<unknown>	HIDDEN	3
__GI_memset	.symtab	0x402940	144	FUNC	<unknown>	HIDDEN	3
__GI_nanosleep	.symtab	0x404b90	84	FUNC	<unknown>	HIDDEN	3
__GI_open	.symtab	0x404bf0	124	FUNC	<unknown>	HIDDEN	3
__GI_perror	.symtab	0x4009a0	84	FUNC	<unknown>	HIDDEN	3
__GI_pipe	.symtab	0x404750	64	FUNC	<unknown>	HIDDEN	3
__GI_raise	.symtab	0x407940	76	FUNC	<unknown>	HIDDEN	3
__GI_read	.symtab	0x407b90	84	FUNC	<unknown>	HIDDEN	3
__GI_sbrk	.symtab	0x404c90	144	FUNC	<unknown>	HIDDEN	3
__GI_send	.symtab	0x4039e0	84	FUNC	<unknown>	HIDDEN	3
__GI_setsid	.symtab	0x400920	84	FUNC	<unknown>	HIDDEN	3
__GI_sigaction	.symtab	0x407110	232	FUNC	<unknown>	HIDDEN	3
__GI_sigprocmask	.symtab	0x407260	148	FUNC	<unknown>	HIDDEN	3
__GI_socket	.symtab	0x403a40	84	FUNC	<unknown>	HIDDEN	3
__GI_sprintf	.symtab	0x4051a0	80	FUNC	<unknown>	HIDDEN	3
__GI_strchr	.symtab	0x4029d0	256	FUNC	<unknown>	HIDDEN	3
__GI_strcpy	.symtab	0x406d50	36	FUNC	<unknown>	HIDDEN	3
__GI_strlen	.symtab	0x402ad0	184	FUNC	<unknown>	HIDDEN	3
__GI_strnlen	.symtab	0x402b90	256	FUNC	<unknown>	HIDDEN	3
__GI_strstr	.symtab	0x402c90	256	FUNC	<unknown>	HIDDEN	3
__GI_tcgetattr	.symtab	0x402fb0	176	FUNC	<unknown>	HIDDEN	3
__GI_tolower	.symtab	0x404d40	60	FUNC	<unknown>	HIDDEN	3
__GI_vfprintf	.symtab	0x401080	260	FUNC	<unknown>	HIDDEN	3
__GI_vsnprintf	.symtab	0x4051f0	260	FUNC	<unknown>	HIDDEN	3
__GI_wait4	.symtab	0x407300	88	FUNC	<unknown>	HIDDEN	3
__GI_waitpid	.symtab	0x404d20	28	FUNC	<unknown>	HIDDEN	3
__GI_wcrtomb	.symtab	0x404d80	112	FUNC	<unknown>	HIDDEN	3
__GI_wcsnrtombs	.symtab	0x404e30	228	FUNC	<unknown>	HIDDEN	3
__GI_wcsrtombs	.symtab	0x404df0	64	FUNC	<unknown>	HIDDEN	3
__GI_write	.symtab	0x407360	84	FUNC	<unknown>	HIDDEN	3
__JCR_END__	.symtab	0x449154	0	OBJECT	<unknown>	DEFAULT	9
__JCR_LIST__	.symtab	0x449154	0	OBJECT	<unknown>	DEFAULT	9
__app_fini	.symtab	0x44b7ac	4	OBJECT	<unknown>	HIDDEN	13
__atexit_lock	.symtab	0x449460	24	OBJECT	<unknown>	DEFAULT	10
__bss_start	.symtab	0x44972c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x4042d4	136	FUNC	<unknown>	DEFAULT	3
__ctype_b	.symtab	0x449424	4	OBJECT	<unknown>	DEFAULT	10
__ctype_tolower	.symtab	0x449434	4	OBJECT	<unknown>	DEFAULT	10
__curbrk	.symtab	0x44b7f0	4	OBJECT	<unknown>	HIDDEN	13
__data_start	.symtab	0x449180	0	OBJECT	<unknown>	DEFAULT	10
__deregister_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__do_global_ctors_aux	.symtab	0x407bf0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x400160	0	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x449160	0	OBJECT	<unknown>	HIDDEN	10
__environ	.symtab	0x44b7a4	4	OBJECT	<unknown>	DEFAULT	13
__errno_location	.symtab	0x400980	24	FUNC	<unknown>	DEFAULT	3
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x44b7e0	4	OBJECT	<unknown>	HIDDEN	13
__fgetc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__fini_array_start	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__glibc_strerror_r	.symtab	0x402d90	68	FUNC	<unknown>	DEFAULT	3
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__h_errno_location	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__heap_alloc	.symtab	0x403e20	188	FUNC	<unknown>	DEFAULT	3
__heap_free	.symtab	0x403f28	364	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area	.symtab	0x403ee0	44	FUNC	<unknown>	DEFAULT	3
__heap_link_free_area_after	.symtab	0x403f0c	28	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__init_array_start	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__libc_close	.symtab	0x400860	84	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x403980	84	FUNC	<unknown>	DEFAULT	3
__libc_creat	.symtab	0x404c6c	28	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x404790	136	FUNC	<unknown>	DEFAULT	3
__libc_fcntl64	.symtab	0x404820	104	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x4008c0	84	FUNC	<unknown>	DEFAULT	3
__libc_getpid	.symtab	0x407a20	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x407ae0	168	FUNC	<unknown>	DEFAULT	3
__libc_nanosleep	.symtab	0x404b90	84	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x404bf0	124	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x407b90	84	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x4039e0	84	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x407110	232	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x44b7a0	4	OBJECT	<unknown>	DEFAULT	13
__libc_waitpid	.symtab	0x404d20	28	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x407360	84	FUNC	<unknown>	DEFAULT	3
__malloc_heap	.symtab	0x449400	4	OBJECT	<unknown>	DEFAULT	10
__malloc_heap_lock	.symtab	0x44b780	24	OBJECT	<unknown>	DEFAULT	13
__malloc_sbrk_lock	.symtab	0x44b800	24	OBJECT	<unknown>	DEFAULT	13
__pagesize	.symtab	0x44b7a8	4	OBJECT	<unknown>	DEFAULT	13
__preinit_array_end	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x449144	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__pthread_initialize_minimal	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x4042c4	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_lock	.symtab	0x4042c4	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_trylock	.symtab	0x4042c4	8	FUNC	<unknown>	DEFAULT	3
__pthread_mutex_unlock	.symtab	0x4042c4	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_0	.symtab	0x4042c4	8	FUNC	<unknown>	DEFAULT	3
__pthread_return_void	.symtab	0x4042cc	8	FUNC	<unknown>	DEFAULT	3
__raise	.symtab	0x407940	76	FUNC	<unknown>	HIDDEN	3
__register_frame_info	.symtab	0x0	0	FUNC	<unknown>	DEFAULT	SHN_UNDEF
__rtld_fini	.symtab	0x44b7b0	4	OBJECT	<unknown>	HIDDEN	13
__sigaddset	.symtab	0x4079b8	44	FUNC	<unknown>	DEFAULT	3
__sigdelset	.symtab	0x4079e4	48	FUNC	<unknown>	DEFAULT	3
__sigismember	.symtab	0x407990	40	FUNC	<unknown>	DEFAULT	3
__start	.symtab	0x4002a0	100	FUNC	<unknown>	DEFAULT	3
__stdin	.symtab	0x4491ec	4	OBJECT	<unknown>	DEFAULT	10
__stdio_READ	.symtab	0x4075a0	140	FUNC	<unknown>	HIDDEN	3
__stdio_WRITE	.symtab	0x405300	280	FUNC	<unknown>	HIDDEN	3
__stdio_adjust_position	.symtab	0x407630	324	FUNC	<unknown>	HIDDEN	3
__stdio_fwrite	.symtab	0x405790	472	FUNC	<unknown>	HIDDEN	3
__stdio_init_mutex	.symtab	0x400ec8	32	FUNC	<unknown>	HIDDEN	3
__stdio_mutex_initializer.3833	.symtab	0x407d60	24	OBJECT	<unknown>	DEFAULT	5
__stdio_rfill	.symtab	0x407780	88	FUNC	<unknown>	HIDDEN	3
__stdio_seek	.symtab	0x4078d0	112	FUNC	<unknown>	HIDDEN	3
__stdio_trans2r_o	.symtab	0x4077e0	228	FUNC	<unknown>	HIDDEN	3
__stdio_trans2w_o	.symtab	0x405970	308	FUNC	<unknown>	HIDDEN	3
__stdio_wcommit	.symtab	0x401010	100	FUNC	<unknown>	HIDDEN	3
__stdout	.symtab	0x4491f0	4	OBJECT	<unknown>	DEFAULT	10
__syscall_error	.symtab	0x4070c0	72	FUNC	<unknown>	HIDDEN	3
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x407200	84	FUNC	<unknown>	HIDDEN	3
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x404200	196	FUNC	<unknown>	DEFAULT	3
__uClibc_init	.symtab	0x40435c	140	FUNC	<unknown>	DEFAULT	3
__uClibc_main	.symtab	0x4043e8	864	FUNC	<unknown>	DEFAULT	3
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x449410	4	OBJECT	<unknown>	HIDDEN	10
__xpg_strerror_r	.symtab	0x402de0	392	FUNC	<unknown>	DEFAULT	3
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x401190	128	FUNC	<unknown>	DEFAULT	3
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_dl_aux_init	.symtab	0x407020	44	FUNC	<unknown>	DEFAULT	3
_dl_phdr	.symtab	0x44972c	4	OBJECT	<unknown>	DEFAULT	12
_dl_phnum	.symtab	0x449730	4	OBJECT	<unknown>	DEFAULT	12
_edata	.symtab	0x44972c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x44b818	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x44b7c0	4	OBJECT	<unknown>	DEFAULT	13
_exit	.symtab	0x404890	80	FUNC	<unknown>	DEFAULT	3
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fbss	.symtab	0x44972c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_fdata	.symtab	0x449160	0	NOTYPE	<unknown>	DEFAULT	10
_fini	.symtab	0x407c60	28	FUNC	<unknown>	DEFAULT	4
_fixed_buffers	.symtab	0x449778	8192	OBJECT	<unknown>	DEFAULT	13
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x401210	228	FUNC	<unknown>	DEFAULT	3
_fpmaxtostr	.symtab	0x405cf0	2120	FUNC	<unknown>	HIDDEN	3
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ftext	.symtab	0x400160	0	NOTYPE	<unknown>	DEFAULT	3
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_gp	.symtab	0x451470	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_gp_disp	.symtab	0x0	0	OBJECT	<unknown>	DEFAULT	SHN_UNDEF
_h_errno	.symtab	0x44b7c4	4	OBJECT	<unknown>	DEFAULT	13
_init	.symtab	0x4000cc	28	FUNC	<unknown>	DEFAULT	2
_load_inttype	.symtab	0x405ab0	136	FUNC	<unknown>	HIDDEN	3
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_init	.symtab	0x401aa0	220	FUNC	<unknown>	HIDDEN	3
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x401e7c	1512	FUNC	<unknown>	HIDDEN	3
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x401b80	100	FUNC	<unknown>	HIDDEN	3
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x401bf0	540	FUNC	<unknown>	HIDDEN	3
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x401e10	108	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_pop_restore	.symtab	0x4042cc	8	FUNC	<unknown>	DEFAULT	3
_pthread_cleanup_push_defer	.symtab	0x4042cc	8	FUNC	<unknown>	DEFAULT	3
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x405420	880	FUNC	<unknown>	HIDDEN	3
_stdio_init	.symtab	0x400e10	184	FUNC	<unknown>	HIDDEN	3
_stdio_openlist	.symtab	0x4491f4	4	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_add_lock	.symtab	0x4491a0	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_dec_use	.symtab	0x406540	400	FUNC	<unknown>	DEFAULT	3
_stdio_openlist_del_count	.symtab	0x449774	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_del_lock	.symtab	0x4491b8	24	OBJECT	<unknown>	DEFAULT	10
_stdio_openlist_use_count	.symtab	0x449770	4	OBJECT	<unknown>	DEFAULT	13
_stdio_streams	.symtab	0x4491f8	240	OBJECT	<unknown>	DEFAULT	10
_stdio_term	.symtab	0x400ee8	284	FUNC	<unknown>	HIDDEN	3
_stdio_user_locking	.symtab	0x4491d0	4	OBJECT	<unknown>	DEFAULT	10
_store_inttype	.symtab	0x405b40	68	FUNC	<unknown>	HIDDEN	3
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x407ed0	2934	OBJECT	<unknown>	HIDDEN	5
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x405b90	340	FUNC	<unknown>	HIDDEN	3
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x4012f4	1960	FUNC	<unknown>	HIDDEN	3
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x406d80	428	FUNC	<unknown>	DEFAULT	3
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x44b7d0	4	OBJECT	<unknown>	DEFAULT	13
been_there_done_that.2792	.symtab	0x44b7b4	4	OBJECT	<unknown>	DEFAULT	13
blacklist	.symtab	0x449190	12	OBJECT	<unknown>	DEFAULT	10
brk	.symtab	0x407050	112	FUNC	<unknown>	DEFAULT	3
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x400860	84	FUNC	<unknown>	DEFAULT	3
close.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.2296	.symtab	0x449740	1	OBJECT	<unknown>	DEFAULT	13
connect	.symtab	0x403980	84	FUNC	<unknown>	DEFAULT	3
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
creat	.symtab	0x404c6c	28	FUNC	<unknown>	DEFAULT	3
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
data_start	.symtab	0x449180	0	OBJECT	<unknown>	DEFAULT	10
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dup2	.symtab	0x4048e0	84	FUNC	<unknown>	DEFAULT	3
dup2.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
environ	.symtab	0x44b7a4	4	OBJECT	<unknown>	DEFAULT	13
errno	.symtab	0x44b7c0	4	OBJECT	<unknown>	DEFAULT	13
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
estridx	.symtab	0x407e40	126	OBJECT	<unknown>	DEFAULT	5
execl	.symtab	0x4040a0	204	FUNC	<unknown>	DEFAULT	3
execl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
execve	.symtab	0x404940	84	FUNC	<unknown>	DEFAULT	3
execve.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x406f30	236	FUNC	<unknown>	DEFAULT	3
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x4090f8	72	OBJECT	<unknown>	DEFAULT	5
fclose	.symtab	0x404f20	512	FUNC	<unknown>	DEFAULT	3
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0x404790	136	FUNC	<unknown>	DEFAULT	3
fcntl64	.symtab	0x404820	104	FUNC	<unknown>	DEFAULT	3
fdopen	.symtab	0x405120	128	FUNC	<unknown>	DEFAULT	3
fdopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fflush_unlocked	.symtab	0x4066d0	628	FUNC	<unknown>	DEFAULT	3
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	DEFAULT	3
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x402470	216	FUNC	<unknown>	DEFAULT	3
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x402550	268	FUNC	<unknown>	DEFAULT	3
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x4090e0	20	OBJECT	<unknown>	DEFAULT	5
fork	.symtab	0x4008c0	84	FUNC	<unknown>	DEFAULT	3
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fprintf	.symtab	0x400a00	72	FUNC	<unknown>	DEFAULT	3
fprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fputs_unlocked	.symtab	0x402660	128	FUNC	<unknown>	DEFAULT	3
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x40021c	0	FUNC	<unknown>	DEFAULT	3
free	.symtab	0x403c90	396	FUNC	<unknown>	DEFAULT	3
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x4073c0	68	FUNC	<unknown>	DEFAULT	3
fseeko	.symtab	0x4073c0	68	FUNC	<unknown>	DEFAULT	3
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x407410	388	FUNC	<unknown>	DEFAULT	3
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0x4026e0	280	FUNC	<unknown>	DEFAULT	3
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getc_unlocked	.symtab	0x406950	388	FUNC	<unknown>	DEFAULT	3
getegid	.symtab	0x4049a0	88	FUNC	<unknown>	DEFAULT	3
getegid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
geteuid	.symtab	0x404a00	88	FUNC	<unknown>	DEFAULT	3
geteuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getgid	.symtab	0x404a60	84	FUNC	<unknown>	DEFAULT	3
getgid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getpid	.symtab	0x407a20	84	FUNC	<unknown>	DEFAULT	3
getpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getuid	.symtab	0x404ac0	84	FUNC	<unknown>	DEFAULT	3
getuid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
h_errno	.symtab	0x44b7c4	4	OBJECT	<unknown>	DEFAULT	13
heap_alloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
heap_free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
hlt	.symtab	0x4002fc	0	NOTYPE	<unknown>	DEFAULT	3
htonl	.symtab	0x403070	8	FUNC	<unknown>	DEFAULT	3
htons	.symtab	0x403078	8	FUNC	<unknown>	DEFAULT	3
index	.symtab	0x4029d0	256	FUNC	<unknown>	DEFAULT	3
inet_ntop	.symtab	0x403620	852	FUNC	<unknown>	DEFAULT	3
inet_ntop4	.symtab	0x40342c	500	FUNC	<unknown>	DEFAULT	3
inet_pton	.symtab	0x403170	700	FUNC	<unknown>	DEFAULT	3
inet_pton4	.symtab	0x403080	240	FUNC	<unknown>	DEFAULT	3
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initfini.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
initial_fa	.symtab	0x4492f0	264	OBJECT	<unknown>	DEFAULT	10
ioctl	.symtab	0x404b20	104	FUNC	<unknown>	DEFAULT	3
ioctl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
is_blacklisted	.symtab	0x4004cc	200	FUNC	<unknown>	DEFAULT	3
isatty	.symtab	0x402f70	60	FUNC	<unknown>	DEFAULT	3
isatty.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
kill	.symtab	0x407a80	88	FUNC	<unknown>	DEFAULT	3
kill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memcpy.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/string/mips/memset.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crt1.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crti.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/crtn.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
libc/sysdeps/linux/mips/pipe.S	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
llseek.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
lseek64	.symtab	0x407ae0	168	FUNC	<unknown>	DEFAULT	3
main	.symtab	0x40077c	220	FUNC	<unknown>	DEFAULT	3
malloc	.symtab	0x403aa0	492	FUNC	<unknown>	DEFAULT	3
malloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memchr	.symtab	0x406ae0	264	FUNC	<unknown>	DEFAULT	3
memchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memcpy	.symtab	0x402800	308	FUNC	<unknown>	DEFAULT	3
mempcpy	.symtab	0x406bf0	76	FUNC	<unknown>	DEFAULT	3
mempcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memrchr	.symtab	0x406c40	272	FUNC	<unknown>	DEFAULT	3
memrchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
memset	.symtab	0x402940	144	FUNC	<unknown>	DEFAULT	3
monitor_processes	.symtab	0x400594	488	FUNC	<unknown>	DEFAULT	3
mylock	.symtab	0x449440	24	OBJECT	<unknown>	DEFAULT	10
nanosleep	.symtab	0x404b90	84	FUNC	<unknown>	DEFAULT	3
nanosleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohl	.symtab	0x403060	8	FUNC	<unknown>	DEFAULT	3
ntohl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ntohs	.symtab	0x403068	8	FUNC	<unknown>	DEFAULT	3
ntop.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
object.2349	.symtab	0x449744	24	OBJECT	<unknown>	DEFAULT	13
open	.symtab	0x404bf0	124	FUNC	<unknown>	DEFAULT	3
open.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
p.2294	.symtab	0x449170	0	OBJECT	<unknown>	DEFAULT	10
pclose	.symtab	0x400a50	324	FUNC	<unknown>	DEFAULT	3
perror	.symtab	0x4009a0	84	FUNC	<unknown>	DEFAULT	3
perror.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
pipe	.symtab	0x404750	64	FUNC	<unknown>	DEFAULT	3
popen	.symtab	0x400b94	636	FUNC	<unknown>	DEFAULT	3
popen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
popen_list	.symtab	0x449760	4	OBJECT	<unknown>	DEFAULT	13
prefix.4045	.symtab	0x407d90	12	OBJECT	<unknown>	DEFAULT	5
ps.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
qual_chars.4050	.symtab	0x407db0	20	OBJECT	<unknown>	DEFAULT	5
raise	.symtab	0x407940	76	FUNC	<unknown>	DEFAULT	3
raise.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
read	.symtab	0x407b90	84	FUNC	<unknown>	DEFAULT	3
read.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sbrk	.symtab	0x404c90	144	FUNC	<unknown>	DEFAULT	3
sbrk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send	.symtab	0x4039e0	84	FUNC	<unknown>	DEFAULT	3
send.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
send_to_server	.symtab	0x400310	444	FUNC	<unknown>	DEFAULT	3
setsid	.symtab	0x400920	84	FUNC	<unknown>	DEFAULT	3
setsid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigaction	.symtab	0x407110	232	FUNC	<unknown>	DEFAULT	3
sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigprocmask	.symtab	0x407260	148	FUNC	<unknown>	DEFAULT	3
sigprocmask.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
sigsetops.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
socket	.symtab	0x403a40	84	FUNC	<unknown>	DEFAULT	3
socket.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
spec_and_mask.4049	.symtab	0x407dc4	16	OBJECT	<unknown>	DEFAULT	5
spec_base.4044	.symtab	0x407d9c	7	OBJECT	<unknown>	DEFAULT	5
spec_chars.4046	.symtab	0x407df0	21	OBJECT	<unknown>	DEFAULT	5
spec_flags.4045	.symtab	0x407e08	8	OBJECT	<unknown>	DEFAULT	5
spec_or_mask.4048	.symtab	0x407dd4	16	OBJECT	<unknown>	DEFAULT	5
spec_ranges.4047	.symtab	0x407de4	9	OBJECT	<unknown>	DEFAULT	5
sprintf	.symtab	0x4051a0	80	FUNC	<unknown>	DEFAULT	3
sprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
stderr	.symtab	0x4491e8	4	OBJECT	<unknown>	DEFAULT	10
stdin	.symtab	0x4491e0	4	OBJECT	<unknown>	DEFAULT	10
stdout	.symtab	0x4491e4	4	OBJECT	<unknown>	DEFAULT	10
strchr	.symtab	0x4029d0	256	FUNC	<unknown>	DEFAULT	3
strchr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strcpy	.symtab	0x406d50	36	FUNC	<unknown>	DEFAULT	3
strcpy.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strerror_r	.symtab	0x402de0	392	FUNC	<unknown>	DEFAULT	3
strlen	.symtab	0x402ad0	184	FUNC	<unknown>	DEFAULT	3
strlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strnlen	.symtab	0x402b90	256	FUNC	<unknown>	DEFAULT	3
strnlen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
strstr	.symtab	0x402c90	256	FUNC	<unknown>	DEFAULT	3
strstr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tcgetattr	.symtab	0x402fb0	176	FUNC	<unknown>	DEFAULT	3
tcgetattr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
tolower	.symtab	0x404d40	60	FUNC	<unknown>	DEFAULT	3
tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
type_codes	.symtab	0x407e10	24	OBJECT	<unknown>	DEFAULT	5
type_sizes	.symtab	0x407e28	12	OBJECT	<unknown>	DEFAULT	5
unknown.1088	.symtab	0x407ec0	14	OBJECT	<unknown>	DEFAULT	5
usleep	.symtab	0x404170	144	FUNC	<unknown>	DEFAULT	3
usleep.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vfprintf	.symtab	0x401080	260	FUNC	<unknown>	DEFAULT	3
vfprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
vsnprintf	.symtab	0x4051f0	260	FUNC	<unknown>	DEFAULT	3
vsnprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wait4	.symtab	0x407300	88	FUNC	<unknown>	DEFAULT	3
wait4.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
waitpid	.symtab	0x404d20	28	FUNC	<unknown>	DEFAULT	3
waitpid.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcrtomb	.symtab	0x404d80	112	FUNC	<unknown>	DEFAULT	3
wcrtomb.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsnrtombs	.symtab	0x404e30	228	FUNC	<unknown>	DEFAULT	3
wcsnrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
wcsrtombs	.symtab	0x404df0	64	FUNC	<unknown>	DEFAULT	3
wcsrtombs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
write	.symtab	0x407360	84	FUNC	<unknown>	DEFAULT	3
write.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
xdigits.3043	.symtab	0x408a64	17	OBJECT	<unknown>	DEFAULT	5

Network Behavior

Download Network PCAP: filtered – full

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 20, 2025 13:07:25.867618084 CET	34592	443	192.168.2.14	54.217.10.153
Mar 20, 2025 13:07:54.444633961 CET	37910	443	192.168.2.14	54.171.230.55
Mar 20, 2025 13:07:54.444696903 CET	443	37910	54.171.230.55	192.168.2.14
Mar 20, 2025 13:07:54.444752932 CET	37910	443	192.168.2.14	54.171.230.55
Mar 20, 2025 13:07:54.462749958 CET	37910	443	192.168.2.14	54.171.230.55
Mar 20, 2025 13:07:54.462779999 CET	443	37910	54.171.230.55	192.168.2.14
Mar 20, 2025 13:08:54.442821980 CET	37910	443	192.168.2.14	54.171.230.55
Mar 20, 2025 13:08:54.488318920 CET	443	37910	54.171.230.55	192.168.2.14
Mar 20, 2025 13:09:28.837861061 CET	443	37910	54.171.230.55	192.168.2.14

System Behavior

Analysis Process: psmips.elf PID: 5481, Parent PID: 5406

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	/tmp/psmips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

File Activities

File Opened

File Read

Process Activities

Process Forked

Thread Sleep

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: psmips.elf PID: 5483, Parent PID: 5481

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: psmips.elf PID: 5489, Parent PID: 5483

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5489, Parent PID: 5483

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5491, Parent PID: 5489

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5491, Parent PID: 5489

General

Start time (UTC):	12:07:24
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5492, Parent PID: 5483

General

Start time (UTC):	12:07:27
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5492, Parent PID: 5483

General

Start time (UTC):	12:07:27
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5497, Parent PID: 5492

General

Start time (UTC):	12:07:27
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5497, Parent PID: 5492

General

Start time (UTC):	12:07:27
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5500, Parent PID: 5483

General

Start time (UTC):	12:07:31
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5500, Parent PID: 5483

General

Start time (UTC):	12:07:31
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5502, Parent PID: 5500

General

Start time (UTC):	12:07:31
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5502, Parent PID: 5500

General

Start time (UTC):	12:07:31
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5511, Parent PID: 5483

General

Start time (UTC):	12:07:34
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5511, Parent PID: 5483

General

Start time (UTC):	12:07:34
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5513, Parent PID: 5511

General

Start time (UTC):	12:07:34
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5513, Parent PID: 5511

General

Start time (UTC):	12:07:34
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5514, Parent PID: 5483

General

Start time (UTC):	12:07:38
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5514, Parent PID: 5483

General

Start time (UTC):	12:07:38
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5516, Parent PID: 5514

General

Start time (UTC):	12:07:38
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5516, Parent PID: 5514

General

Start time (UTC):	12:07:38
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5520, Parent PID: 5483

General

Start time (UTC):	12:07:41
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5520, Parent PID: 5483

General

Start time (UTC):	12:07:41
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5522, Parent PID: 5520

General

Start time (UTC):	12:07:41
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5522, Parent PID: 5520

General

Start time (UTC):	12:07:41
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5541, Parent PID: 5483

General

Start time (UTC):	12:07:43
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5541, Parent PID: 5483

General

Start time (UTC):	12:07:43
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5543, Parent PID: 5541

General

Start time (UTC):	12:07:43
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5543, Parent PID: 5541

General

Start time (UTC):	12:07:43
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5546, Parent PID: 5483

General

Start time (UTC):	12:07:46
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5546, Parent PID: 5483

General

Start time (UTC):	12:07:46
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5548, Parent PID: 5546

General

Start time (UTC):	12:07:46
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5548, Parent PID: 5546

General

Start time (UTC):	12:07:46
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5551, Parent PID: 5483

General

Start time (UTC):	12:07:49
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5551, Parent PID: 5483

General

Start time (UTC):	12:07:49
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5557, Parent PID: 5551

General

Start time (UTC):	12:07:49
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5557, Parent PID: 5551

General

Start time (UTC):	12:07:49
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5558, Parent PID: 5483

General

Start time (UTC):	12:07:52
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Analysis Process: sh PID: 5558, Parent PID: 5483

General

Start time (UTC):	12:07:53
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

File Activities

File Opened

File Read

Process Activities

Process Forked

Chronological Activities

Analysis Process: sh PID: 5560, Parent PID: 5558

General

Start time (UTC):	12:07:53
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: ps PID: 5560, Parent PID: 5558

General

Start time (UTC):	12:07:53
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: psmips.elf PID: 5563, Parent PID: 5483

General

Start time (UTC):	12:07:56
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5563, Parent PID: 5483

General

Start time (UTC):	12:07:56
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5565, Parent PID: 5563

General

Start time (UTC):	12:07:56
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5565, Parent PID: 5563

General

Start time (UTC):	12:07:56
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5568, Parent PID: 5483

General

Start time (UTC):	12:07:59
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5568, Parent PID: 5483

General

Start time (UTC):	12:07:59
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5570, Parent PID: 5568

General

Start time (UTC):	12:07:59
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5570, Parent PID: 5568

General

Start time (UTC):	12:07:59
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5571, Parent PID: 5483

General

Start time (UTC):	12:08:02
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5571, Parent PID: 5483

General

Start time (UTC):	12:08:02
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5573, Parent PID: 5571

General

Start time (UTC):	12:08:02
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5573, Parent PID: 5571

General

Start time (UTC):	12:08:02
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5576, Parent PID: 5483

General

Start time (UTC):	12:08:05
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5576, Parent PID: 5483

General

Start time (UTC):	12:08:05
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5578, Parent PID: 5576

General

Start time (UTC):	12:08:05
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5578, Parent PID: 5576

General

Start time (UTC):	12:08:05
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5580, Parent PID: 5483

General

Start time (UTC):	12:08:08
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5580, Parent PID: 5483

General

Start time (UTC):	12:08:08
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5586, Parent PID: 5580

General

Start time (UTC):	12:08:08
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5586, Parent PID: 5580

General

Start time (UTC):	12:08:08
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5589, Parent PID: 5483

General

Start time (UTC):	12:08:12
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5589, Parent PID: 5483

General

Start time (UTC):	12:08:12
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5591, Parent PID: 5589

General

Start time (UTC):	12:08:12
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5591, Parent PID: 5589

General

Start time (UTC):	12:08:12
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5596, Parent PID: 5483

General

Start time (UTC):	12:08:16
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5596, Parent PID: 5483

General

Start time (UTC):	12:08:16
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5601, Parent PID: 5596

General

Start time (UTC):	12:08:16
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5601, Parent PID: 5596

General

Start time (UTC):	12:08:16
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5604, Parent PID: 5483

General

Start time (UTC):	12:08:20
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5604, Parent PID: 5483

General

Start time (UTC):	12:08:20
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5606, Parent PID: 5604

General

Start time (UTC):	12:08:20
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5606, Parent PID: 5604

General

Start time (UTC):	12:08:20
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5607, Parent PID: 5483

General

Start time (UTC):	12:08:23
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5607, Parent PID: 5483

General

Start time (UTC):	12:08:23
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5609, Parent PID: 5607

General

Start time (UTC):	12:08:23
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5609, Parent PID: 5607

General

Start time (UTC):	12:08:23
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5612, Parent PID: 5483

General

Start time (UTC):	12:08:27
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5612, Parent PID: 5483

General

Start time (UTC):	12:08:27
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5618, Parent PID: 5612

General

Start time (UTC):	12:08:27
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5618, Parent PID: 5612

General

Start time (UTC):	12:08:27
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5621, Parent PID: 5483

General

Start time (UTC):	12:08:30
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5621, Parent PID: 5483

General

Start time (UTC):	12:08:30
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5623, Parent PID: 5621

General

Start time (UTC):	12:08:30
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5623, Parent PID: 5621

General

Start time (UTC):	12:08:30
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5624, Parent PID: 5483

General

Start time (UTC):	12:08:33
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5624, Parent PID: 5483

General

Start time (UTC):	12:08:33
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5626, Parent PID: 5624

General

Start time (UTC):	12:08:33
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5626, Parent PID: 5624

General

Start time (UTC):	12:08:33
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5629, Parent PID: 5483

General

Start time (UTC):	12:08:36
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5629, Parent PID: 5483

General

Start time (UTC):	12:08:36
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5631, Parent PID: 5629

General

Start time (UTC):	12:08:36
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5631, Parent PID: 5629

General

Start time (UTC):	12:08:36
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5635, Parent PID: 5483

General

Start time (UTC):	12:08:40
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5635, Parent PID: 5483

General

Start time (UTC):	12:08:40
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5641, Parent PID: 5635

General

Start time (UTC):	12:08:40
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5641, Parent PID: 5635

General

Start time (UTC):	12:08:40
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5642, Parent PID: 5483

General

Start time (UTC):	12:08:43
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5642, Parent PID: 5483

General

Start time (UTC):	12:08:43
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5644, Parent PID: 5642

General

Start time (UTC):	12:08:43
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5644, Parent PID: 5642

General

Start time (UTC):	12:08:43
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5647, Parent PID: 5483

General

Start time (UTC):	12:08:48
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5647, Parent PID: 5483

General

Start time (UTC):	12:08:48
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5653, Parent PID: 5647

General

Start time (UTC):	12:08:48
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5653, Parent PID: 5647

General

Start time (UTC):	12:08:48
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5656, Parent PID: 5483

General

Start time (UTC):	12:08:52
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5656, Parent PID: 5483

General

Start time (UTC):	12:08:52
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5658, Parent PID: 5656

General

Start time (UTC):	12:08:52
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5658, Parent PID: 5656

General

Start time (UTC):	12:08:52
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5683, Parent PID: 5483

General

Start time (UTC):	12:08:56
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5683, Parent PID: 5483

General

Start time (UTC):	12:08:56
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5688, Parent PID: 5683

General

Start time (UTC):	12:08:56
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5688, Parent PID: 5683

General

Start time (UTC):	12:08:56
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5691, Parent PID: 5483

General

Start time (UTC):	12:09:00
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5691, Parent PID: 5483

General

Start time (UTC):	12:09:00
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5693, Parent PID: 5691

General

Start time (UTC):	12:09:00
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5693, Parent PID: 5691

General

Start time (UTC):	12:09:00
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5696, Parent PID: 5483

General

Start time (UTC):	12:09:04
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5696, Parent PID: 5483

General

Start time (UTC):	12:09:04
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5698, Parent PID: 5696

General

Start time (UTC):	12:09:04
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5698, Parent PID: 5696

General

Start time (UTC):	12:09:04
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5699, Parent PID: 5483

General

Start time (UTC):	12:09:08
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5699, Parent PID: 5483

General

Start time (UTC):	12:09:08
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5701, Parent PID: 5699

General

Start time (UTC):	12:09:08
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5701, Parent PID: 5699

General

Start time (UTC):	12:09:08
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5705, Parent PID: 5483

General

Start time (UTC):	12:09:11
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5705, Parent PID: 5483

General

Start time (UTC):	12:09:11
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5707, Parent PID: 5705

General

Start time (UTC):	12:09:11
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5707, Parent PID: 5705

General

Start time (UTC):	12:09:11
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5712, Parent PID: 5483

General

Start time (UTC):	12:09:14
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5712, Parent PID: 5483

General

Start time (UTC):	12:09:14
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5714, Parent PID: 5712

General

Start time (UTC):	12:09:14
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5714, Parent PID: 5712

General

Start time (UTC):	12:09:14
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5715, Parent PID: 5483

General

Start time (UTC):	12:09:17
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5715, Parent PID: 5483

General

Start time (UTC):	12:09:17
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5717, Parent PID: 5715

General

Start time (UTC):	12:09:17
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5717, Parent PID: 5715

General

Start time (UTC):	12:09:17
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5720, Parent PID: 5483

General

Start time (UTC):	12:09:20
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5720, Parent PID: 5483

General

Start time (UTC):	12:09:20
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5722, Parent PID: 5720

General

Start time (UTC):	12:09:20
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5722, Parent PID: 5720

General

Start time (UTC):	12:09:20
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5723, Parent PID: 5483

General

Start time (UTC):	12:09:23
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5723, Parent PID: 5483

General

Start time (UTC):	12:09:23
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5725, Parent PID: 5723

General

Start time (UTC):	12:09:23
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5725, Parent PID: 5723

General

Start time (UTC):	12:09:23
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: psmips.elf PID: 5728, Parent PID: 5483

General

Start time (UTC):	12:09:26
Start date (UTC):	20/03/2025
Path:	/tmp/psmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: sh PID: 5728, Parent PID: 5483

General

Start time (UTC):	12:09:26
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	sh -c "ps w"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5730, Parent PID: 5728

General

Start time (UTC):	12:09:26
Start date (UTC):	20/03/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: ps PID: 5730, Parent PID: 5728

General

Start time (UTC):	12:09:26
Start date (UTC):	20/03/2025
Path:	/usr/bin/ps
Arguments:	ps w
File size:	137688 bytes
MD5 hash:	ab48054475a6f70f8e7fa847331f3327

Analysis Process: dash PID: 5659, Parent PID: 3632

General

Start time (UTC):	12:08:53
Start date (UTC):	20/03/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5659, Parent PID: 3632

General

Start time (UTC):	12:08:53
Start date (UTC):	20/03/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Analysis Process: dash PID: 5660, Parent PID: 3632

General

Start time (UTC):	12:08:53
Start date (UTC):	20/03/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5660, Parent PID: 3632

General

Start time (UTC):	12:08:53
Start date (UTC):	20/03/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Y1SlPlfBUT /tmp/tmp.H0mrDkYWQu /tmp/tmp.XAIyeGnwVr
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report psmips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

TCP Packets

System Behavior

Analysis Process: psmips.elf PID: 5481, Parent PID: 5406

General

File Activities

File Opened

File Read

Process Activities

Process Forked

Thread Sleep

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: psmips.elf PID: 5483, Parent PID: 5481

General

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: psmips.elf PID: 5489, Parent PID: 5483

General

Process Activities

Process Overlayed (Exec)

Thread Sleep

Chronological Activities

Linux Analysis Report
psmips.elf