Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
Okami.arm6.elf

Overview

General Information

Sample name:Okami.arm6.elf
Analysis ID:1650698
MD5:b125d1bce648842dbb70783398904adb
SHA1:ecbe2f1765240c6d41810dec0b575d07b8c5eed6
SHA256:134dc83206eabc226333563e0546ef1193f5b9edf0eff07df735c092c26c679e
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai
Score:88
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Yara detected Mirai
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are user agent strings indicative of HTTP manipulation
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1650698
Start date and time:2025-03-27 23:04:26 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Okami.arm6.elf
Detection:MAL
Classification:mal88.troj.linELF@0/0@2/0
  • VT rate limit hit for: 94.154.34.47:23

Runtime Messages

Command:/tmp/Okami.arm6.elf
PID:5475
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5498, Parent: 3633)
  • rm (PID: 5498, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3u
  • dash New Fork (PID: 5499, Parent: 3633)
  • cat (PID: 5499, Parent: 3633, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.5EyKsbOHwQ
  • dash New Fork (PID: 5500, Parent: 3633)
  • head (PID: 5500, Parent: 3633, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5501, Parent: 3633)
  • tr (PID: 5501, Parent: 3633, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5502, Parent: 3633)
  • cut (PID: 5502, Parent: 3633, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5503, Parent: 3633)
  • cat (PID: 5503, Parent: 3633, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.5EyKsbOHwQ
  • dash New Fork (PID: 5504, Parent: 3633)
  • head (PID: 5504, Parent: 3633, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5505, Parent: 3633)
  • tr (PID: 5505, Parent: 3633, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5506, Parent: 3633)
  • cut (PID: 5506, Parent: 3633, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5507, Parent: 3633)
  • rm (PID: 5507, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3u
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Okami.arm6.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    Okami.arm6.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      Okami.arm6.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x1182c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1187c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x118f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1191c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1196c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x119a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x119bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      Okami.arm6.elfLinux_Trojan_Gafgyt_6a510422unknownunknown
      • 0x135a:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
      Okami.arm6.elfLinux_Trojan_Gafgyt_d2953f92unknownunknown
      • 0x126a:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x1182c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1187c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x118a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x118b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x118cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x118e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x118f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1191c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1196c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x119a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x119bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmpLinux_Trojan_Gafgyt_6a510422unknownunknown
        • 0x135a:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
        5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmpLinux_Trojan_Gafgyt_d2953f92unknownunknown
        • 0x126a:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
        5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          Click to see the 49 entries

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          • AV Detection
          • Compliance
          • Networking
          • System Summary
          • Persistence and Installation Behavior
          • Malware Analysis System Evasion
          • Stealing of Sensitive Information
          • Remote Access Functionality

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: Okami.arm6.elfAvira: detected
          Source: Okami.arm6.elfMalware Configuration Extractor: Gafgyt {"C2 url": "94.154.34.47:23"}
          Source: Okami.arm6.elfReversingLabs: Detection: 63%
          Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.14:37902 version: TLS 1.2
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 54.171.230.55
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: unknownTCP traffic detected without corresponding DNS query: 94.154.34.47
          Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
          Source: Okami.arm6.elfString found in binary or memory: http://fast.no/support/crawler.asp)
          Source: Okami.arm6.elfString found in binary or memory: http://feedback.redkolibri.com/
          Source: Okami.arm6.elfString found in binary or memory: http://www.baidu.com/search/spider.htm)
          Source: Okami.arm6.elfString found in binary or memory: http://www.baidu.com/search/spider.html)
          Source: Okami.arm6.elfString found in binary or memory: http://www.billybobbot.com/crawler/)
          Source: unknownNetwork traffic detected: HTTP traffic on port 37902 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37902
          Source: unknownHTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.14:37902 version: TLS 1.2

          System Summary

          barindex
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5475, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5479, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5481, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5561, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5580, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5598, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5617, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: Okami.arm6.elf PID: 5642, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Initial sampleString containing 'busybox' found: pkill -9 busybox
          Source: Initial sampleString containing 'busybox' found: rm -rf /tmp/* /var/* /var/run/* /var/tmp/*rm -rf /var/log/wtmprm -rf /tmp/*rm -rf /bin/netstatiptables -Fpkill -9 busyboxpkill -9 perlpkill -9 pythonservice iptables stop/sbin/iptables -F; /sbin/iptables -Xservice firewalld stoprm -rf ~/.bash_historyhistory -c;history -wBIG_ENDIANLITTLE_ENDIANBIG_ENDIAN_WLITTLE_ENDIAN_WUNKNOWN/[ INFECTED ] Arch: %s || Type: %s]DUP
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: Okami.arm6.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
          Source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5475, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5479, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5481, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5561, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5580, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5598, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5617, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: Okami.arm6.elf PID: 5642, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: classification engineClassification label: mal88.troj.linELF@0/0@2/0
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/_memcpy.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/bcopy.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/bzero.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/memcpy.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/memmove.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/memset.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/strcmp.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/string/arm/strlen.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/sysdeps/linux/arm/crt1.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/sysdeps/linux/arm/crti.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/sysdeps/linux/arm/crtn.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/sysdeps/linux/arm/sigrestorer.S
          Source: Okami.arm6.elfELF static info symbol of initial sample: libc/sysdeps/linux/arm/vfork.S
          Source: /usr/bin/dash (PID: 5498)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3uJump to behavior
          Source: /usr/bin/dash (PID: 5507)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3uJump to behavior
          Source: /tmp/Okami.arm6.elf (PID: 5475)Queries kernel information via 'uname': Jump to behavior
          Source: Okami.arm6.elf, 5475.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5477.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5479.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5481.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5561.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5580.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5598.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5617.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5642.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/Okami.arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Okami.arm6.elf
          Source: Okami.arm6.elf, 5475.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5477.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5479.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5481.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5561.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5580.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5598.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5617.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5642.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
          Source: Okami.arm6.elf, 5475.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5477.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5479.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5481.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5561.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5580.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5598.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5617.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmp, Okami.arm6.elf, 5642.1.00007fff1abe2000.00007fff1ac03000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
          Source: Okami.arm6.elf, 5475.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5477.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5479.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5481.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5561.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5580.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5598.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5617.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmp, Okami.arm6.elf, 5642.1.0000561c0f672000.0000561c0f7a0000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: Okami.arm6.elf, type: SAMPLE
          Source: Yara matchFile source: Okami.arm6.elf, type: SAMPLE
          Source: Yara matchFile source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5475, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5477, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5479, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5481, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5561, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5580, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5598, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5617, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5642, type: MEMORYSTR
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
          Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60
          Source: Initial sampleUser agent string found: Mozilla/5.0 (iPad; U; CPU OS 5_1 like Mac OS X) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B367 Safari/531.21.10 UCBrowser/3.4.3.532
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Nintendo WiiU) AppleWebKit/536.30 (KHTML, like Gecko) NX/3.0.4.2.12 NintendoBrowser/4.3.1.11264.US
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; cn) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
          Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
          Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: Okami.arm6.elf, type: SAMPLE
          Source: Yara matchFile source: Okami.arm6.elf, type: SAMPLE
          Source: Yara matchFile source: 5617.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5598.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5477.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5561.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5642.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5479.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5481.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5580.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 5475.1.00007f9c48017000.00007f9c4802b000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5475, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5477, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5479, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5481, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5561, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5580, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5598, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5617, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: Okami.arm6.elf PID: 5642, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
          File Deletion          		OS Credential Dumping11
          Security Software Discovery          		Remote ServicesData from Local System1
          Data Obfuscation          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
          Application Layer Protocol          		Traffic DuplicationData Destruction

          Malware Configuration

          Threatname: Gafgyt

          {
  "C2 url": "94.154.34.47:23"
}

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1650698 Sample: Okami.arm6.elf Startdate: 27/03/2025 Architecture: LINUX Score: 88 41 94.154.34.47, 23 SELECTELRU Ukraine 2->41 43 54.171.230.55, 37902, 443 AMAZON-02US United States 2->43 45 daisy.ubuntu.com 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 53 3 other signatures 2->53 15 Okami.arm6.elf 2->15         started        17 dash rm 2->17         started        19 dash cat 2->19         started        21 8 other processes 2->21 signatures3 process4 process5 23 Okami.arm6.elf 15->23         started        process6 25 Okami.arm6.elf 23->25         started        process7 27 Okami.arm6.elf 25->27         started        process8 29 Okami.arm6.elf 27->29         started        process9 31 Okami.arm6.elf 29->31         started        process10 33 Okami.arm6.elf 31->33         started        process11 35 Okami.arm6.elf 33->35         started        process12 37 Okami.arm6.elf 35->37         started        process13 39 Okami.arm6.elf 37->39         started       

          Screenshots

          Download Video

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Okami.arm6.elf64%ReversingLabsLinux.Trojan.Gafgyt
          Okami.arm6.elf100%AviraLINUX/Gafgyt.opnd

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Download Network PCAP: filteredfull

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          daisy.ubuntu.com
          		162.213.35.25
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            94.154.34.47:23true
              		unknown
              NameSourceMaliciousAntivirus DetectionReputation
              http://www.baidu.com/search/spider.html)Okami.arm6.elffalse
                		high
                http://www.billybobbot.com/crawler/)Okami.arm6.elffalse
                  		high
                  http://fast.no/support/crawler.asp)Okami.arm6.elffalse
                    		high
                    http://feedback.redkolibri.com/Okami.arm6.elffalse
                      		high
                      http://www.baidu.com/search/spider.htm)Okami.arm6.elffalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        54.171.230.55
                        		unknownUnited States
                        		16509AMAZON-02USfalse
                        94.154.34.47
                        		unknownUkraine
                        		49505SELECTELRUtrue

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        54.171.230.55na.elfGet hashmaliciousPrometeiBrowse
                          na.elfGet hashmaliciousPrometeiBrowse
                            arm5.elfGet hashmaliciousUnknownBrowse
                              na.elfGet hashmaliciousPrometeiBrowse
                                bin.sh.elfGet hashmaliciousMiraiBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    SecuriteInfo.com.FileRepMalware.2065.17794.elfGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.Linux.Mirai.2522.5402.17083.elfGet hashmaliciousUnknownBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          x86_64.elfGet hashmaliciousUnknownBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            daisy.ubuntu.comsshd.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 162.213.35.25
                                            apache2.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 162.213.35.25
                                            bejv86.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.25
                                            rrrdsl.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.25
                                            efea6.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.25
                                            arm5.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.25
                                            sshd.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.24
                                            sshd.elfGet hashmaliciousGafgytBrowse
                                            • 162.213.35.24
                                            cron.elfGet hashmaliciousGafgytBrowse
                                            • 162.213.35.25
                                            SecuriteInfo.com.ELF.Mirai-AXV.27459.929.elfGet hashmaliciousUnknownBrowse
                                            • 162.213.35.24

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            AMAZON-02UShttps://mipscenter.comGet hashmaliciousUnknownBrowse
                                            • 13.33.252.15
                                            sh.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 34.249.145.219
                                            openssh.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 34.249.145.219
                                            wget.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 34.249.145.219
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.170.242.139
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.170.242.139
                                            sshd.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 34.254.182.186
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.170.242.139
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.170.242.139
                                            https://mahoganydevelopment.knack.com/untitled-appGet hashmaliciousHTMLPhisherBrowse
                                            • 13.216.201.204
                                            SELECTELRUAf3hqfTjFh.exeGet hashmaliciousAmadey, Babadeda, LummaC StealerBrowse
                                            • 176.113.115.6
                                            k03ldc.m68k.elfGet hashmaliciousUnknownBrowse
                                            • 91.220.90.33
                                            WeJUMzwLs1.exeGet hashmaliciousNetSupport RAT, Amadey, LummaC StealerBrowse
                                            • 176.113.115.6
                                            rRYQiGZ4K3.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, Stealc, VidarBrowse
                                            • 176.113.115.6
                                            a69aiSX97n.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC StealerBrowse
                                            • 176.113.115.6
                                            ATitERlY7I.exeGet hashmaliciousScreenConnect Tool, Amadey, DarkVision Rat, LummaC StealerBrowse
                                            • 176.113.115.6
                                            FRCe39S0oE.exeGet hashmaliciousAmadeyBrowse
                                            • 176.113.115.6
                                            Order0324fpubh-10-994125-1,pdf.batGet hashmaliciousGuLoaderBrowse
                                            • 45.8.124.12
                                            pBYl2fOFZX.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 176.113.115.96
                                            pBYl2fOFZX.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 176.113.115.96

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            fb4726d465c5f28b84cd6d14cedd13a7sshd.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 54.171.230.55
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.171.230.55
                                            wget.elfGet hashmaliciousGafgytBrowse
                                            • 54.171.230.55
                                            apache2.elfGet hashmaliciousGafgytBrowse
                                            • 54.171.230.55
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.171.230.55
                                            SecuriteInfo.com.Linux.Mirai.2522.5402.17083.elfGet hashmaliciousUnknownBrowse
                                            • 54.171.230.55
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.171.230.55
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.171.230.55
                                            m68k.elfGet hashmaliciousUnknownBrowse
                                            • 54.171.230.55
                                            vjwe68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 54.171.230.55

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
                                            Entropy (8bit):5.992011053234242
                                            TrID:
                                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                            File name:Okami.arm6.elf
                                            File size:120'680 bytes
                                            MD5:b125d1bce648842dbb70783398904adb
                                            SHA1:ecbe2f1765240c6d41810dec0b575d07b8c5eed6
                                            SHA256:134dc83206eabc226333563e0546ef1193f5b9edf0eff07df735c092c26c679e
                                            SHA512:6da1976e087166aa2ae12847538ead2eeb83482c346efe490092204395815d0e2f4489b703360f14cccc2769488b6b8a0b7fda13562e9b0cff9908d9e3196ab8
                                            SSDEEP:3072:z23afQBWaCl9O8E/uLTf45hWs02yb6sLbWvF4mygQCYsmXKhi:z23afQBWcuLTQ5hR02gYmmygQCYsYKhi
                                            TLSH:18C33A06E5508B57C1D2177AB79F460D37232BA897DB33129A247FB42FC279E1E39920
                                            File Content Preview:.ELF..............(.........4....^......4. ...(........p48..4...4...................................D8..D8...............@...@...@......Tj..........Q.td..................................-...L..................G.F.G.F.G.F.G.F G.F(G.F0G.F8G.F@G.FHG.FPG.FXG.

                                            Static ELF Info

                                            ELF header

                                            Class:ELF32
                                            Data:2's complement, little endian
                                            Version:1 (current)
                                            Machine:ARM
                                            Version Number:0x1
                                            Type:EXEC (Executable file)
                                            OS/ABI:UNIX - System V
                                            ABI Version:0
                                            Entry Point Address:0x81b0
                                            Flags:0x4000002
                                            ELF Header Size:52
                                            Program Header Offset:52
                                            Program Header Size:32
                                            Number of Program Headers:4
                                            Section Header Offset:89628
                                            Section Header Size:40
                                            Number of Section Headers:24
                                            Header String Table Index:21

                                            Sections

                                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                            NULL0x00x00x00x00x0000
                                            .initPROGBITS0x80b40xb40x100x00x6AX004
                                            .textPROGBITS0x80d00xd00x102f40x00x6AX0016
                                            .finiPROGBITS0x183c40x103c40x100x00x6AX004
                                            .rodataPROGBITS0x183d80x103d80x34440x00x2A008
                                            .ARM.extabPROGBITS0x1b81c0x1381c0x180x00x2A004
                                            .ARM.exidxARM_EXIDX0x1b8340x138340x100x00x82AL204
                                            .eh_framePROGBITS0x240000x140000x40x00x3WA004
                                            .init_arrayINIT_ARRAY0x240040x140040x40x00x3WA004
                                            .fini_arrayFINI_ARRAY0x240080x140080x40x00x3WA004
                                            .jcrPROGBITS0x2400c0x1400c0x40x00x3WA004
                                            .gotPROGBITS0x240100x140100x780x40x3WA004
                                            .dataPROGBITS0x240880x140880x3600x00x3WA004
                                            .bssNOBITS0x243e80x143e80x666c0x00x3WA008
                                            .commentPROGBITS0x00x143e80xc760x00x0001
                                            .debug_arangesPROGBITS0x00x150600xe00x00x0008
                                            .debug_infoPROGBITS0x00x151400x4b00x00x0001
                                            .debug_abbrevPROGBITS0x00x155f00x8c0x00x0001
                                            .debug_linePROGBITS0x00x1567c0x6550x00x0001
                                            .debug_framePROGBITS0x00x15cd40x580x00x0004
                                            .ARM.attributesARM_ATTRIBUTES0x00x15d2c0x100x00x0001
                                            .shstrtabSTRTAB0x00x15d3c0xdd0x00x0001
                                            .symtabSYMTAB0x00x161dc0x4c300x100x0236564
                                            .strtabSTRTAB0x00x1ae0c0x295c0x00x0001

                                            Program Segments

                                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                            EXIDX0x138340x1b8340x1b8340x100x102.40560x4R 0x4.ARM.exidx
                                            LOAD0x00x80000x80000x138440x138446.22200x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                            LOAD0x140000x240000x240000x3e80x6a544.16020x6RW 0x8000.eh_frame .init_array .fini_array .jcr .got .data .bss
                                            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                            Symbols

                                            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            .symtab0x80b40SECTION<unknown>DEFAULT1
                                            .symtab0x80d00SECTION<unknown>DEFAULT2
                                            .symtab0x183c40SECTION<unknown>DEFAULT3
                                            .symtab0x183d80SECTION<unknown>DEFAULT4
                                            .symtab0x1b81c0SECTION<unknown>DEFAULT5
                                            .symtab0x1b8340SECTION<unknown>DEFAULT6
                                            .symtab0x240000SECTION<unknown>DEFAULT7
                                            .symtab0x240040SECTION<unknown>DEFAULT8
                                            .symtab0x240080SECTION<unknown>DEFAULT9
                                            .symtab0x2400c0SECTION<unknown>DEFAULT10
                                            .symtab0x240100SECTION<unknown>DEFAULT11
                                            .symtab0x240880SECTION<unknown>DEFAULT12
                                            .symtab0x243e80SECTION<unknown>DEFAULT13
                                            .symtab0x00SECTION<unknown>DEFAULT14
                                            .symtab0x00SECTION<unknown>DEFAULT15
                                            .symtab0x00SECTION<unknown>DEFAULT16
                                            .symtab0x00SECTION<unknown>DEFAULT17
                                            .symtab0x00SECTION<unknown>DEFAULT18
                                            .symtab0x00SECTION<unknown>DEFAULT19
                                            .symtab0x00SECTION<unknown>DEFAULT20
                                            .symtab0x00SECTION<unknown>DEFAULT21
                                            .symtab0x00SECTION<unknown>DEFAULT22
                                            .symtab0x00SECTION<unknown>DEFAULT23
                                            $a.symtab0x80b40NOTYPE<unknown>DEFAULT1
                                            $a.symtab0x183c40NOTYPE<unknown>DEFAULT3
                                            $a.symtab0x80c00NOTYPE<unknown>DEFAULT1
                                            $a.symtab0x183d00NOTYPE<unknown>DEFAULT3
                                            $a.symtab0x810c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x81500NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x81b00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x81ec0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x82100NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x82e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x842c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x90d80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x92440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x95100NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x97e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x9c040NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x9f080NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x9f6c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xa4340NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xa5f40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xb1140NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xb3e00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xbea40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xc0300NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xc0bc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xc1700NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xc2880NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcba40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xccb80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcccc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcd400NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcda00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcdb40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcde80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xce180NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xce580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xce8c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcea80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcedc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcf100NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcf500NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcf840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcfb80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xcfec0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd0200NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd0f80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd12c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd1580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd18c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd1c00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd1e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd2180NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd2340NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd2680NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd31c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd3840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd3b80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd48c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xd4bc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xdc7c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xdd1c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xdd600NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xdf100NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xdf640NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe4d40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe50c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe5c00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe6600NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe6c00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe6d00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe6f00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe7000NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe7100NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe80c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe8d80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe8fc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xe9b80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xeaa80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xeac00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xeaf00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xebf00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xec740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xec980NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xed140NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xed740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xee1c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xee440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xee600NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xeec80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xef000NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xef440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xef7c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xefb40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xeff40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xf0380NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xf0700NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xf08c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xf1440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xf1b00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xfb480NOTYPE<unknown>DEFAULT2
                                            $a.symtab0xffe80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x100280NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x101500NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x101680NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1020c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x102c40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x103840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x104280NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1050c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1059c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x106740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x107580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x107780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x107940NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x109540NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x10a0c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x10ab80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x10c040NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x111dc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1129c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x112f00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1135c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x116300NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1178c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x117f40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1187c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x118880NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x118a00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x118e00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x119140NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1193c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x119500NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x119840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x119980NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x119ac0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11a180NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11a2c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11a580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11a8c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11ac00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11b140NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11b480NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11b800NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11c780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11d480NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11df40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11e8c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11f780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x11f940NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x123380NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1238c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x123b00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x124600NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x126140NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x126340NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x126e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x129f00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x12b300NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x12c000NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x12c700NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x12c9c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x12df80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x135ec0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x136c80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x137840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1390c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x13b180NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x13c440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x13cf00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x141800NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x142700NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x142e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1432c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x143dc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x144bc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x145080NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x145580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1457c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x146680NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x146a80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x147a00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x14a400NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x14b740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x14f280NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x14fd40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1500c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x150580NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x150780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x150840NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x150b80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x150ec0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x151440NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x153740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x153b40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x154f80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1551c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1566c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x156c40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x157880NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x157b80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x158500NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1588c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x15b780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x15f400NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x160380NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x168200NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x168740NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x168cc0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x16d280NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x16dc00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x16e0c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x171040NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x171380NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x171b00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x172080NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x172700NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x172800NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x172b40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x173a00NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x174540NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x174b40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x174e40NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x176e80NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x1771c0NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x177880NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x178340NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x179780NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x17d940NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x182300NOTYPE<unknown>DEFAULT2
                                            $a.symtab0x183700NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x81440NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x240080NOTYPE<unknown>DEFAULT9
                                            $d.symtab0x819c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x240040NOTYPE<unknown>DEFAULT8
                                            $d.symtab0x2408c0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x81e00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x240900NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x820c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x82e00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x84200NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x90d40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x92400NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x950c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x97e40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x9bfc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x9f040NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x9f680NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xa4300NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x19e680NOTYPE<unknown>DEFAULT4
                                            $d.symtab0xa5ec0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xb0f40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xb3d40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xbe6c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xc0240NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xc0b40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xc13c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xc2740NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xcb800NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xd1e00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xd2100NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x2418c0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x241940NOTYPE<unknown>DEFAULT12
                                            $d.symtab0xd22c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xd37c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xd3b00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xd4780NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x241d00NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x2419c0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x1a7640NOTYPE<unknown>DEFAULT4
                                            $d.symtab0xdc5c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xdf0c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xdf580NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xe4a40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x242d80NOTYPE<unknown>DEFAULT12
                                            $d.symtab0xe8d00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xeaa00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xeae80NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xebe40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xec6c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xed100NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xee140NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xeebc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xeefc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xef400NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xef780NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xefb00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xeff00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xf0340NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xf06c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xf13c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0xfb2c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x242dc0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0xffcc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x100200NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1013c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x242f40NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x101f00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x102a80NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x103680NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1040c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x2430c0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x243a40NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x105040NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x105980NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x106680NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x107500NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1b3900NOTYPE<unknown>DEFAULT4
                                            $d.symtab0x1094c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x109ec0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x243b80NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x10ab40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x10be00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x111b80NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x112880NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x112e80NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1134c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x115f00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x243d00NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x1177c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x118700NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x119340NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x11a100NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x243dc0NOTYPE<unknown>DEFAULT12
                                            $d.symtab0x11c640NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x11d400NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x11df00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1b71c0NOTYPE<unknown>DEFAULT4
                                            $d.symtab0x11f640NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x2a6300NOTYPE<unknown>DEFAULT13
                                            $d.symtab0x11f8c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x123300NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x125f40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x129bc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x135cc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1b7500NOTYPE<unknown>DEFAULT4
                                            $d.symtab0x136b40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x137700NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x138e00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x13af40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x13c3c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x142680NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x143d40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x144b40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x146600NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x147980NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x14b5c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x14f0c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x14fcc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x150000NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x150500NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x156580NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x15b6c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x15f340NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x167e40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x1686c0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x168c40NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x16ce00NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x16da80NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x174dc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x176dc0NOTYPE<unknown>DEFAULT2
                                            $d.symtab0x177800NOTYPE<unknown>DEFAULT2
                                            $t.symtab0x80d00NOTYPE<unknown>DEFAULT2
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            C.1.3506.symtab0x1b71c24OBJECT<unknown>DEFAULT4
                                            C.100.5646.symtab0x19e68104OBJECT<unknown>DEFAULT4
                                            Laligned.symtab0xe6880NOTYPE<unknown>DEFAULT2
                                            Llastword.symtab0xe6a40NOTYPE<unknown>DEFAULT2
                                            Okami.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            Q.symtab0x2442016384OBJECT<unknown>DEFAULT13
                                            RemoveTempDirs.symtab0xc0bc180FUNC<unknown>DEFAULT2
                                            SendHTTP.symtab0xb240416FUNC<unknown>DEFAULT2
                                            SendSTD.symtab0xa434448FUNC<unknown>DEFAULT2
                                            SendSTDHEX.symtab0xa2e4336FUNC<unknown>DEFAULT2
                                            SendTCP.symtab0xaa501732FUNC<unknown>DEFAULT2
                                            SendUDP.symtab0xa5f41116FUNC<unknown>DEFAULT2
                                            UpdateNameSrvs.symtab0xc030140FUNC<unknown>DEFAULT2
                                            _Exit.symtab0xd12c44FUNC<unknown>DEFAULT2
                                            _GLOBAL_OFFSET_TABLE_.symtab0x240100OBJECT<unknown>HIDDEN11
                                            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_b.symtab0x2418c4OBJECT<unknown>DEFAULT12
                                            __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_b_data.symtab0x1a164768OBJECT<unknown>DEFAULT4
                                            __C_ctype_tolower.symtab0x243dc4OBJECT<unknown>DEFAULT12
                                            __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_tolower_data.symtab0x1b41c768OBJECT<unknown>DEFAULT4
                                            __C_ctype_toupper.symtab0x241944OBJECT<unknown>DEFAULT12
                                            __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __C_ctype_toupper_data.symtab0x1a464768OBJECT<unknown>DEFAULT4
                                            __EH_FRAME_BEGIN__.symtab0x240000OBJECT<unknown>DEFAULT7
                                            __FRAME_END__.symtab0x240000OBJECT<unknown>DEFAULT7
                                            __GI___C_ctype_b.symtab0x2418c4OBJECT<unknown>HIDDEN12
                                            __GI___C_ctype_tolower.symtab0x243dc4OBJECT<unknown>HIDDEN12
                                            __GI___C_ctype_toupper.symtab0x241944OBJECT<unknown>HIDDEN12
                                            __GI___ctype_b.symtab0x241904OBJECT<unknown>HIDDEN12
                                            __GI___ctype_tolower.symtab0x243e04OBJECT<unknown>HIDDEN12
                                            __GI___ctype_toupper.symtab0x241984OBJECT<unknown>HIDDEN12
                                            __GI___errno_location.symtab0xd21828FUNC<unknown>HIDDEN2
                                            __GI___fcntl_nocancel.symtab0xd08c108FUNC<unknown>HIDDEN2
                                            __GI___fgetc_unlocked.symtab0x13b18300FUNC<unknown>HIDDEN2
                                            __GI___glibc_strerror_r.symtab0xeaa824FUNC<unknown>HIDDEN2
                                            __GI___h_errno_location.symtab0x11f7828FUNC<unknown>HIDDEN2
                                            __GI___libc_fcntl.symtab0xd020108FUNC<unknown>HIDDEN2
                                            __GI___sigaddset.symtab0xf16836FUNC<unknown>HIDDEN2
                                            __GI___sigdelset.symtab0xf18c36FUNC<unknown>HIDDEN2
                                            __GI___sigismember.symtab0xf14436FUNC<unknown>HIDDEN2
                                            __GI___uClibc_fini.symtab0x11220124FUNC<unknown>HIDDEN2
                                            __GI___uClibc_init.symtab0x112f0108FUNC<unknown>HIDDEN2
                                            __GI___xpg_strerror_r.symtab0xeaf0256FUNC<unknown>HIDDEN2
                                            __GI__exit.symtab0xd12c44FUNC<unknown>HIDDEN2
                                            __GI_abort.symtab0x10028296FUNC<unknown>HIDDEN2
                                            __GI_atoi.symtab0x1075832FUNC<unknown>HIDDEN2
                                            __GI_brk.symtab0x1500c76FUNC<unknown>HIDDEN2
                                            __GI_chdir.symtab0xcf5052FUNC<unknown>HIDDEN2
                                            __GI_clock_getres.symtab0x1195052FUNC<unknown>HIDDEN2
                                            __GI_close.symtab0xd18c52FUNC<unknown>HIDDEN2
                                            __GI_closedir.symtab0x11b80248FUNC<unknown>HIDDEN2
                                            __GI_config_close.symtab0x122bc52FUNC<unknown>HIDDEN2
                                            __GI_config_open.symtab0x122f072FUNC<unknown>HIDDEN2
                                            __GI_config_read.symtab0x11f94808FUNC<unknown>HIDDEN2
                                            __GI_connect.symtab0xeec856FUNC<unknown>HIDDEN2
                                            __GI_errno.symtab0x2a6304OBJECT<unknown>HIDDEN13
                                            __GI_execl.symtab0x14f28172FUNC<unknown>HIDDEN2
                                            __GI_execve.symtab0x1508452FUNC<unknown>HIDDEN2
                                            __GI_exit.symtab0x10954184FUNC<unknown>HIDDEN2
                                            __GI_fclose.symtab0x12460436FUNC<unknown>HIDDEN2
                                            __GI_fcntl.symtab0xd020108FUNC<unknown>HIDDEN2
                                            __GI_fflush_unlocked.symtab0x1390c524FUNC<unknown>HIDDEN2
                                            __GI_fgetc.symtab0x135ec220FUNC<unknown>HIDDEN2
                                            __GI_fgetc_unlocked.symtab0x13b18300FUNC<unknown>HIDDEN2
                                            __GI_fgets.symtab0x136c8188FUNC<unknown>HIDDEN2
                                            __GI_fgets_unlocked.symtab0x13c44160FUNC<unknown>HIDDEN2
                                            __GI_fopen.symtab0x1261432FUNC<unknown>HIDDEN2
                                            __GI_fork.symtab0xce5852FUNC<unknown>HIDDEN2
                                            __GI_fputs_unlocked.symtab0xe4d456FUNC<unknown>HIDDEN2
                                            __GI_fseek.symtab0x154f836FUNC<unknown>HIDDEN2
                                            __GI_fseeko64.symtab0x1551c336FUNC<unknown>HIDDEN2
                                            __GI_fstat.symtab0x150ec88FUNC<unknown>HIDDEN2
                                            __GI_fwrite_unlocked.symtab0xe50c176FUNC<unknown>HIDDEN2
                                            __GI_getc_unlocked.symtab0x13b18300FUNC<unknown>HIDDEN2
                                            __GI_getdtablesize.symtab0x11a2c44FUNC<unknown>HIDDEN2
                                            __GI_getegid.symtab0x1198420FUNC<unknown>HIDDEN2
                                            __GI_geteuid.symtab0x1199820FUNC<unknown>HIDDEN2
                                            __GI_getgid.symtab0x11a1820FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname.symtab0xee4428FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname2.symtab0xee60104FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname2_r.symtab0x147a0672FUNC<unknown>HIDDEN2
                                            __GI_gethostbyname_r.symtab0x16e0c760FUNC<unknown>HIDDEN2
                                            __GI_gethostname.symtab0x17138120FUNC<unknown>HIDDEN2
                                            __GI_getpagesize.symtab0x1191440FUNC<unknown>HIDDEN2
                                            __GI_getpid.symtab0xcda020FUNC<unknown>HIDDEN2
                                            __GI_getrlimit.symtab0x150b852FUNC<unknown>HIDDEN2
                                            __GI_gettimeofday.symtab0xcfec52FUNC<unknown>HIDDEN2
                                            __GI_getuid.symtab0x1193c20FUNC<unknown>HIDDEN2
                                            __GI_h_errno.symtab0x2a6344OBJECT<unknown>HIDDEN13
                                            __GI_htonl.symtab0xed2432FUNC<unknown>HIDDEN2
                                            __GI_htons.symtab0xed1416FUNC<unknown>HIDDEN2
                                            __GI_inet_addr.symtab0xee1c40FUNC<unknown>HIDDEN2
                                            __GI_inet_aton.symtab0x146a8248FUNC<unknown>HIDDEN2
                                            __GI_inet_ntoa.symtab0xee0028FUNC<unknown>HIDDEN2
                                            __GI_inet_ntoa_r.symtab0xed74140FUNC<unknown>HIDDEN2
                                            __GI_inet_ntop.symtab0x15cbc644FUNC<unknown>HIDDEN2
                                            __GI_inet_pton.symtab0x1595c540FUNC<unknown>HIDDEN2
                                            __GI_initstate_r.symtab0x10674228FUNC<unknown>HIDDEN2
                                            __GI_ioctl.symtab0x11ac084FUNC<unknown>HIDDEN2
                                            __GI_isatty.symtab0xec7436FUNC<unknown>HIDDEN2
                                            __GI_isspace.symtab0xd1c040FUNC<unknown>HIDDEN2
                                            __GI_kill.symtab0xcfb852FUNC<unknown>HIDDEN2
                                            __GI_lseek64.symtab0x17208100FUNC<unknown>HIDDEN2
                                            __GI_memchr.symtab0x14180240FUNC<unknown>HIDDEN2
                                            __GI_memcpy.symtab0xe6f04FUNC<unknown>HIDDEN2
                                            __GI_memmove.symtab0x172704FUNC<unknown>HIDDEN2
                                            __GI_mempcpy.symtab0x1455836FUNC<unknown>HIDDEN2
                                            __GI_memrchr.symtab0x143dc224FUNC<unknown>HIDDEN2
                                            __GI_memset.symtab0xe5c0156FUNC<unknown>HIDDEN2
                                            __GI_mmap.symtab0x1178c104FUNC<unknown>HIDDEN2
                                            __GI_mremap.symtab0x1537464FUNC<unknown>HIDDEN2
                                            __GI_munmap.symtab0x11a5852FUNC<unknown>HIDDEN2
                                            __GI_nanosleep.symtab0x11a8c52FUNC<unknown>HIDDEN2
                                            __GI_ntohl.symtab0xed5432FUNC<unknown>HIDDEN2
                                            __GI_ntohs.symtab0xed4416FUNC<unknown>HIDDEN2
                                            __GI_open.symtab0xcd4096FUNC<unknown>HIDDEN2
                                            __GI_opendir.symtab0x11d48172FUNC<unknown>HIDDEN2
                                            __GI_poll.symtab0x1710452FUNC<unknown>HIDDEN2
                                            __GI_raise.symtab0xf07028FUNC<unknown>HIDDEN2
                                            __GI_random.symtab0x10168164FUNC<unknown>HIDDEN2
                                            __GI_random_r.symtab0x1050c144FUNC<unknown>HIDDEN2
                                            __GI_rawmemchr.symtab0x1432c176FUNC<unknown>HIDDEN2
                                            __GI_read.symtab0xcf8452FUNC<unknown>HIDDEN2
                                            __GI_readdir64.symtab0x11e8c236FUNC<unknown>HIDDEN2
                                            __GI_recv.symtab0xef4456FUNC<unknown>HIDDEN2
                                            __GI_sbrk.symtab0x119ac108FUNC<unknown>HIDDEN2
                                            __GI_select.symtab0xcf1064FUNC<unknown>HIDDEN2
                                            __GI_send.symtab0xef7c56FUNC<unknown>HIDDEN2
                                            __GI_sendto.symtab0xefb464FUNC<unknown>HIDDEN2
                                            __GI_seteuid.symtab0xcccc116FUNC<unknown>HIDDEN2
                                            __GI_setresuid.symtab0xd15852FUNC<unknown>HIDDEN2
                                            __GI_setreuid.symtab0xcea852FUNC<unknown>HIDDEN2
                                            __GI_setsockopt.symtab0xeff468FUNC<unknown>HIDDEN2
                                            __GI_setstate_r.symtab0x10428228FUNC<unknown>HIDDEN2
                                            __GI_sigaction.symtab0x117f4136FUNC<unknown>HIDDEN2
                                            __GI_signal.symtab0xf08c184FUNC<unknown>HIDDEN2
                                            __GI_sigprocmask.symtab0x11b4856FUNC<unknown>HIDDEN2
                                            __GI_sleep.symtab0x10a0c172FUNC<unknown>HIDDEN2
                                            __GI_socket.symtab0xf03856FUNC<unknown>HIDDEN2
                                            __GI_sprintf.symtab0xd23452FUNC<unknown>HIDDEN2
                                            __GI_srandom_r.symtab0x1059c216FUNC<unknown>HIDDEN2
                                            __GI_stat.symtab0x171b088FUNC<unknown>HIDDEN2
                                            __GI_strcasecmp.symtab0x1771c108FUNC<unknown>HIDDEN2
                                            __GI_strcasestr.symtab0xebf0132FUNC<unknown>HIDDEN2
                                            __GI_strchr.symtab0xe9b8240FUNC<unknown>HIDDEN2
                                            __GI_strchrnul.symtab0x1457c236FUNC<unknown>HIDDEN2
                                            __GI_strcmp.symtab0xe6d028FUNC<unknown>HIDDEN2
                                            __GI_strcoll.symtab0xe6d028FUNC<unknown>HIDDEN2
                                            __GI_strcpy.symtab0xe8d836FUNC<unknown>HIDDEN2
                                            __GI_strcspn.symtab0x142e868FUNC<unknown>HIDDEN2
                                            __GI_strdup.symtab0x1728052FUNC<unknown>HIDDEN2
                                            __GI_strlen.symtab0xe66096FUNC<unknown>HIDDEN2
                                            __GI_strncpy.symtab0xe8fc188FUNC<unknown>HIDDEN2
                                            __GI_strnlen.symtab0xe80c204FUNC<unknown>HIDDEN2
                                            __GI_strpbrk.symtab0x1466864FUNC<unknown>HIDDEN2
                                            __GI_strrchr.symtab0x1450880FUNC<unknown>HIDDEN2
                                            __GI_strspn.symtab0x144bc76FUNC<unknown>HIDDEN2
                                            __GI_strstr.symtab0xe710252FUNC<unknown>HIDDEN2
                                            __GI_strtok.symtab0xeac048FUNC<unknown>HIDDEN2
                                            __GI_strtok_r.symtab0x14270120FUNC<unknown>HIDDEN2
                                            __GI_strtol.symtab0x1077828FUNC<unknown>HIDDEN2
                                            __GI_sysconf.symtab0x10c041496FUNC<unknown>HIDDEN2
                                            __GI_tcgetattr.symtab0xec98124FUNC<unknown>HIDDEN2
                                            __GI_time.symtab0xcde848FUNC<unknown>HIDDEN2
                                            __GI_toupper.symtab0xd1e848FUNC<unknown>HIDDEN2
                                            __GI_uname.symtab0x176e852FUNC<unknown>HIDDEN2
                                            __GI_vfork.symtab0x118a064FUNC<unknown>HIDDEN2
                                            __GI_vsnprintf.symtab0xd268180FUNC<unknown>HIDDEN2
                                            __GI_wait4.symtab0x118e052FUNC<unknown>HIDDEN2
                                            __GI_waitpid.symtab0xce8c28FUNC<unknown>HIDDEN2
                                            __GI_wcrtomb.symtab0x1233884FUNC<unknown>HIDDEN2
                                            __GI_wcsnrtombs.symtab0x123b0176FUNC<unknown>HIDDEN2
                                            __GI_wcsrtombs.symtab0x1238c36FUNC<unknown>HIDDEN2
                                            __GI_write.symtab0xd0f852FUNC<unknown>HIDDEN2
                                            __JCR_END__.symtab0x2400c0OBJECT<unknown>DEFAULT10
                                            __JCR_LIST__.symtab0x2400c0OBJECT<unknown>DEFAULT10
                                            __adddf3.symtab0x17984784FUNC<unknown>HIDDEN2
                                            __aeabi_cdcmpeq.symtab0x182e024FUNC<unknown>HIDDEN2
                                            __aeabi_cdcmple.symtab0x182e024FUNC<unknown>HIDDEN2
                                            __aeabi_cdrcmple.symtab0x182c452FUNC<unknown>HIDDEN2
                                            __aeabi_d2uiz.symtab0x1837084FUNC<unknown>HIDDEN2
                                            __aeabi_dadd.symtab0x17984784FUNC<unknown>HIDDEN2
                                            __aeabi_dcmpeq.symtab0x182f824FUNC<unknown>HIDDEN2
                                            __aeabi_dcmpge.symtab0x1834024FUNC<unknown>HIDDEN2
                                            __aeabi_dcmpgt.symtab0x1835824FUNC<unknown>HIDDEN2
                                            __aeabi_dcmple.symtab0x1832824FUNC<unknown>HIDDEN2
                                            __aeabi_dcmplt.symtab0x1831024FUNC<unknown>HIDDEN2
                                            __aeabi_ddiv.symtab0x18024524FUNC<unknown>HIDDEN2
                                            __aeabi_dmul.symtab0x17d94656FUNC<unknown>HIDDEN2
                                            __aeabi_drsub.symtab0x179780FUNC<unknown>HIDDEN2
                                            __aeabi_dsub.symtab0x17980788FUNC<unknown>HIDDEN2
                                            __aeabi_f2d.symtab0x17ce064FUNC<unknown>HIDDEN2
                                            __aeabi_i2d.symtab0x17cb840FUNC<unknown>HIDDEN2
                                            __aeabi_idiv.symtab0x178340FUNC<unknown>HIDDEN2
                                            __aeabi_idivmod.symtab0x1796024FUNC<unknown>HIDDEN2
                                            __aeabi_l2d.symtab0x17d3496FUNC<unknown>HIDDEN2
                                            __aeabi_ui2d.symtab0x17c9436FUNC<unknown>HIDDEN2
                                            __aeabi_uidiv.symtab0xcba40FUNC<unknown>HIDDEN2
                                            __aeabi_uidivmod.symtab0xcca024FUNC<unknown>HIDDEN2
                                            __aeabi_ul2d.symtab0x17d20116FUNC<unknown>HIDDEN2
                                            __aeabi_unwind_cpp_pr0.symtab0x150784FUNC<unknown>DEFAULT2
                                            __aeabi_unwind_cpp_pr1.symtab0x1507c4FUNC<unknown>DEFAULT2
                                            __aeabi_unwind_cpp_pr2.symtab0x150804FUNC<unknown>DEFAULT2
                                            __app_fini.symtab0x2a6284OBJECT<unknown>HIDDEN13
                                            __atexit_lock.symtab0x243b824OBJECT<unknown>DEFAULT12
                                            __bss_end__.symtab0x2aa540NOTYPE<unknown>DEFAULTSHN_ABS
                                            __bss_start.symtab0x243e80NOTYPE<unknown>DEFAULTSHN_ABS
                                            __bss_start__.symtab0x243e80NOTYPE<unknown>DEFAULTSHN_ABS
                                            __check_one_fd.symtab0x1129c84FUNC<unknown>DEFAULT2
                                            __close_nameservers.symtab0x16d28152FUNC<unknown>HIDDEN2
                                            __cmpdf2.symtab0x18240132FUNC<unknown>HIDDEN2
                                            __ctype_b.symtab0x241904OBJECT<unknown>DEFAULT12
                                            __ctype_tolower.symtab0x243e04OBJECT<unknown>DEFAULT12
                                            __ctype_toupper.symtab0x241984OBJECT<unknown>DEFAULT12
                                            __curbrk.symtab0x2a6384OBJECT<unknown>HIDDEN13
                                            __data_start.symtab0x240880NOTYPE<unknown>DEFAULT12
                                            __decode_dotted.symtab0x15f40248FUNC<unknown>HIDDEN2
                                            __decode_header.symtab0x173a0180FUNC<unknown>HIDDEN2
                                            __default_rt_sa_restorer.symtab0x1188c0FUNC<unknown>DEFAULT2
                                            __default_sa_restorer.symtab0x118800FUNC<unknown>DEFAULT2
                                            __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __div0.symtab0xccb820FUNC<unknown>HIDDEN2
                                            __divdf3.symtab0x18024524FUNC<unknown>HIDDEN2
                                            __divsi3.symtab0x17834300FUNC<unknown>HIDDEN2
                                            __dns_lookup.symtab0x160382024FUNC<unknown>HIDDEN2
                                            __do_global_dtors_aux.symtab0x810c0FUNC<unknown>DEFAULT2
                                            __do_global_dtors_aux_fini_array_entry.symtab0x240080OBJECT<unknown>DEFAULT9
                                            __dso_handle.symtab0x240880OBJECT<unknown>HIDDEN12
                                            __encode_dotted.symtab0x17788172FUNC<unknown>HIDDEN2
                                            __encode_header.symtab0x172b4236FUNC<unknown>HIDDEN2
                                            __encode_question.symtab0x1745496FUNC<unknown>HIDDEN2
                                            __end__.symtab0x2aa540NOTYPE<unknown>DEFAULTSHN_ABS
                                            __environ.symtab0x2a6204OBJECT<unknown>DEFAULT13
                                            __eqdf2.symtab0x18240132FUNC<unknown>HIDDEN2
                                            __errno_location.symtab0xd21828FUNC<unknown>DEFAULT2
                                            __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __error.symtab0x118dc0NOTYPE<unknown>DEFAULT2
                                            __exidx_end.symtab0x1b8440NOTYPE<unknown>DEFAULTSHN_ABS
                                            __exidx_start.symtab0x1b8340NOTYPE<unknown>DEFAULTSHN_ABS
                                            __exit_cleanup.symtab0x2a6184OBJECT<unknown>HIDDEN13
                                            __extendsfdf2.symtab0x17ce064FUNC<unknown>HIDDEN2
                                            __fcntl_nocancel.symtab0xd08c108FUNC<unknown>DEFAULT2
                                            __fgetc_unlocked.symtab0x13b18300FUNC<unknown>DEFAULT2
                                            __fini_array_end.symtab0x2400c0NOTYPE<unknown>HIDDEN9
                                            __fini_array_start.symtab0x240080NOTYPE<unknown>HIDDEN9
                                            __fixunsdfsi.symtab0x1837084FUNC<unknown>HIDDEN2
                                            __floatdidf.symtab0x17d3496FUNC<unknown>HIDDEN2
                                            __floatsidf.symtab0x17cb840FUNC<unknown>HIDDEN2
                                            __floatundidf.symtab0x17d20116FUNC<unknown>HIDDEN2
                                            __floatunsidf.symtab0x17c9436FUNC<unknown>HIDDEN2
                                            __frame_dummy_init_array_entry.symtab0x240040OBJECT<unknown>DEFAULT8
                                            __gedf2.symtab0x18230148FUNC<unknown>HIDDEN2
                                            __get_hosts_byname_r.symtab0x16dc076FUNC<unknown>HIDDEN2
                                            __getdents64.symtab0x153b4324FUNC<unknown>HIDDEN2
                                            __getpagesize.symtab0x1191440FUNC<unknown>DEFAULT2
                                            __glibc_strerror_r.symtab0xeaa824FUNC<unknown>DEFAULT2
                                            __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __gtdf2.symtab0x18230148FUNC<unknown>HIDDEN2
                                            __h_errno_location.symtab0x11f7828FUNC<unknown>DEFAULT2
                                            __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __init_array_end.symtab0x240080NOTYPE<unknown>HIDDEN8
                                            __init_array_start.symtab0x240040NOTYPE<unknown>HIDDEN8
                                            __ledf2.symtab0x18238140FUNC<unknown>HIDDEN2
                                            __libc_close.symtab0xd18c52FUNC<unknown>DEFAULT2
                                            __libc_connect.symtab0xeec856FUNC<unknown>DEFAULT2
                                            __libc_fcntl.symtab0xd020108FUNC<unknown>DEFAULT2
                                            __libc_fork.symtab0xce5852FUNC<unknown>DEFAULT2
                                            __libc_lseek64.symtab0x17208100FUNC<unknown>DEFAULT2
                                            __libc_nanosleep.symtab0x11a8c52FUNC<unknown>DEFAULT2
                                            __libc_open.symtab0xcd4096FUNC<unknown>DEFAULT2
                                            __libc_read.symtab0xcf8452FUNC<unknown>DEFAULT2
                                            __libc_recv.symtab0xef4456FUNC<unknown>DEFAULT2
                                            __libc_select.symtab0xcf1064FUNC<unknown>DEFAULT2
                                            __libc_send.symtab0xef7c56FUNC<unknown>DEFAULT2
                                            __libc_sendto.symtab0xefb464FUNC<unknown>DEFAULT2
                                            __libc_sigaction.symtab0x117f4136FUNC<unknown>DEFAULT2
                                            __libc_stack_end.symtab0x2a61c4OBJECT<unknown>DEFAULT13
                                            __libc_system.symtab0x11630348FUNC<unknown>DEFAULT2
                                            __libc_waitpid.symtab0xce8c28FUNC<unknown>DEFAULT2
                                            __libc_write.symtab0xd0f852FUNC<unknown>DEFAULT2
                                            __local_nameserver.symtab0x1b7fc16OBJECT<unknown>HIDDEN4
                                            __ltdf2.symtab0x18238140FUNC<unknown>HIDDEN2
                                            __malloc_consolidate.symtab0xfbf8436FUNC<unknown>HIDDEN2
                                            __malloc_largebin_index.symtab0xf1b0120FUNC<unknown>DEFAULT2
                                            __malloc_lock.symtab0x242dc24OBJECT<unknown>DEFAULT12
                                            __malloc_state.symtab0x2a6c0888OBJECT<unknown>DEFAULT13
                                            __malloc_trim.symtab0xfb48176FUNC<unknown>DEFAULT2
                                            __muldf3.symtab0x17d94656FUNC<unknown>HIDDEN2
                                            __nameserver.symtab0x2aa484OBJECT<unknown>HIDDEN13
                                            __nameservers.symtab0x2aa4c4OBJECT<unknown>HIDDEN13
                                            __nedf2.symtab0x18240132FUNC<unknown>HIDDEN2
                                            __open_etc_hosts.symtab0x174b448FUNC<unknown>HIDDEN2
                                            __open_nameservers.symtab0x168cc1116FUNC<unknown>HIDDEN2
                                            __pagesize.symtab0x2a6244OBJECT<unknown>DEFAULT13
                                            __preinit_array_end.symtab0x240040NOTYPE<unknown>HIDDENSHN_ABS
                                            __preinit_array_start.symtab0x240040NOTYPE<unknown>HIDDENSHN_ABS
                                            __progname.symtab0x243d44OBJECT<unknown>DEFAULT12
                                            __progname_full.symtab0x243d84OBJECT<unknown>DEFAULT12
                                            __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __pthread_mutex_init.symtab0x111e48FUNC<unknown>DEFAULT2
                                            __pthread_mutex_lock.symtab0x111dc8FUNC<unknown>DEFAULT2
                                            __pthread_mutex_trylock.symtab0x111dc8FUNC<unknown>DEFAULT2
                                            __pthread_mutex_unlock.symtab0x111dc8FUNC<unknown>DEFAULT2
                                            __pthread_return_0.symtab0x111dc8FUNC<unknown>DEFAULT2
                                            __read_etc_hosts_r.symtab0x174e4516FUNC<unknown>HIDDEN2
                                            __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                            __res_sync.symtab0x2aa404OBJECT<unknown>HIDDEN13
                                            __resolv_attempts.symtab0x243e71OBJECT<unknown>HIDDEN12
                                            __resolv_lock.symtab0x2a64024OBJECT<unknown>DEFAULT13
                                            __resolv_timeout.symtab0x243e61OBJECT<unknown>HIDDEN12
                                            __rtld_fini.symtab0x2a62c4OBJECT<unknown>HIDDEN13
                                            __searchdomain.symtab0x2aa444OBJECT<unknown>HIDDEN13
                                            __searchdomains.symtab0x2aa504OBJECT<unknown>HIDDEN13
                                            __sigaddset.symtab0xf16836FUNC<unknown>DEFAULT2
                                            __sigdelset.symtab0xf18c36FUNC<unknown>DEFAULT2
                                            __sigismember.symtab0xf14436FUNC<unknown>DEFAULT2
                                            __stdin.symtab0x241dc4OBJECT<unknown>DEFAULT12
                                            __stdio_READ.symtab0x1566c88FUNC<unknown>HIDDEN2
                                            __stdio_WRITE.symtab0x12634180FUNC<unknown>HIDDEN2
                                            __stdio_adjust_position.symtab0x156c4196FUNC<unknown>HIDDEN2
                                            __stdio_fwrite.symtab0x129f0320FUNC<unknown>HIDDEN2
                                            __stdio_init_mutex.symtab0xd38452FUNC<unknown>HIDDEN2
                                            __stdio_mutex_initializer.4636.symtab0x1a76424OBJECT<unknown>DEFAULT4
                                            __stdio_rfill.symtab0x1578848FUNC<unknown>HIDDEN2
                                            __stdio_seek.symtab0x1585060FUNC<unknown>HIDDEN2
                                            __stdio_trans2r_o.symtab0x157b8152FUNC<unknown>HIDDEN2
                                            __stdio_trans2w_o.symtab0x12b30208FUNC<unknown>HIDDEN2
                                            __stdio_wcommit.symtab0xd48c48FUNC<unknown>HIDDEN2
                                            __stdout.symtab0x241e04OBJECT<unknown>DEFAULT12
                                            __subdf3.symtab0x17980788FUNC<unknown>HIDDEN2
                                            __syscall_error.symtab0x1505832FUNC<unknown>HIDDEN2
                                            __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __syscall_rt_sigaction.symtab0x11b1452FUNC<unknown>DEFAULT2
                                            __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __uClibc_fini.symtab0x11220124FUNC<unknown>DEFAULT2
                                            __uClibc_init.symtab0x112f0108FUNC<unknown>DEFAULT2
                                            __uClibc_main.symtab0x1135c724FUNC<unknown>DEFAULT2
                                            __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __uclibc_progname.symtab0x243d04OBJECT<unknown>HIDDEN12
                                            __udivsi3.symtab0xcba4252FUNC<unknown>HIDDEN2
                                            __vfork.symtab0x118a064FUNC<unknown>HIDDEN2
                                            __xpg_strerror_r.symtab0xeaf0256FUNC<unknown>DEFAULT2
                                            __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            __xstat32_conv.symtab0x15210172FUNC<unknown>HIDDEN2
                                            __xstat64_conv.symtab0x15144204FUNC<unknown>HIDDEN2
                                            __xstat_conv.symtab0x152bc184FUNC<unknown>HIDDEN2
                                            _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _bss_custom_printf_spec.symtab0x2a42810OBJECT<unknown>DEFAULT13
                                            _bss_end__.symtab0x2aa540NOTYPE<unknown>DEFAULTSHN_ABS
                                            _call_via_fp.symtab0x80fd4FUNC<unknown>HIDDEN2
                                            _call_via_ip.symtab0x81014FUNC<unknown>HIDDEN2
                                            _call_via_lr.symtab0x81094FUNC<unknown>HIDDEN2
                                            _call_via_r0.symtab0x80d14FUNC<unknown>HIDDEN2
                                            _call_via_r1.symtab0x80d54FUNC<unknown>HIDDEN2
                                            _call_via_r2.symtab0x80d94FUNC<unknown>HIDDEN2
                                            _call_via_r3.symtab0x80dd4FUNC<unknown>HIDDEN2
                                            _call_via_r4.symtab0x80e14FUNC<unknown>HIDDEN2
                                            _call_via_r5.symtab0x80e54FUNC<unknown>HIDDEN2
                                            _call_via_r6.symtab0x80e94FUNC<unknown>HIDDEN2
                                            _call_via_r7.symtab0x80ed4FUNC<unknown>HIDDEN2
                                            _call_via_r8.symtab0x80f14FUNC<unknown>HIDDEN2
                                            _call_via_r9.symtab0x80f54FUNC<unknown>HIDDEN2
                                            _call_via_sl.symtab0x80f94FUNC<unknown>HIDDEN2
                                            _call_via_sp.symtab0x81054FUNC<unknown>HIDDEN2
                                            _charpad.symtab0xd4bc84FUNC<unknown>DEFAULT2
                                            _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _custom_printf_arginfo.symtab0x2a66840OBJECT<unknown>HIDDEN13
                                            _custom_printf_handler.symtab0x2a69040OBJECT<unknown>HIDDEN13
                                            _custom_printf_spec.symtab0x242d84OBJECT<unknown>HIDDEN12
                                            _dl_aux_init.symtab0x14fd456FUNC<unknown>DEFAULT2
                                            _dl_phdr.symtab0x2aa384OBJECT<unknown>DEFAULT13
                                            _dl_phnum.symtab0x2aa3c4OBJECT<unknown>DEFAULT13
                                            _edata.symtab0x243e80NOTYPE<unknown>DEFAULTSHN_ABS
                                            _end.symtab0x2aa540NOTYPE<unknown>DEFAULTSHN_ABS
                                            _errno.symtab0x2a6304OBJECT<unknown>DEFAULT13
                                            _exit.symtab0xd12c44FUNC<unknown>DEFAULT2
                                            _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fini.symtab0x183c40FUNC<unknown>DEFAULT3
                                            _fixed_buffers.symtab0x284288192OBJECT<unknown>DEFAULT13
                                            _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fp_out_narrow.symtab0xd510132FUNC<unknown>DEFAULT2
                                            _fpmaxtostr.symtab0x12df82036FUNC<unknown>HIDDEN2
                                            _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _h_errno.symtab0x2a6344OBJECT<unknown>DEFAULT13
                                            _init.symtab0x80b40FUNC<unknown>DEFAULT1
                                            _load_inttype.symtab0x12c00112FUNC<unknown>HIDDEN2
                                            _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _memcpy.symtab0x13cf00FUNC<unknown>HIDDEN2
                                            _ppfs_init.symtab0xdc7c160FUNC<unknown>HIDDEN2
                                            _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_parsespec.symtab0xdf641392FUNC<unknown>HIDDEN2
                                            _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_prepargs.symtab0xdd1c68FUNC<unknown>HIDDEN2
                                            _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _ppfs_setargs.symtab0xdd60432FUNC<unknown>HIDDEN2
                                            _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _promoted_size.symtab0xdf1084FUNC<unknown>DEFAULT2
                                            _pthread_cleanup_pop_restore.symtab0x111f444FUNC<unknown>DEFAULT2
                                            _pthread_cleanup_push_defer.symtab0x111ec8FUNC<unknown>DEFAULT2
                                            _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _sigintr.symtab0x2a6b88OBJECT<unknown>HIDDEN13
                                            _start.symtab0x81b00FUNC<unknown>DEFAULT2
                                            _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _stdio_fopen.symtab0x126e8776FUNC<unknown>HIDDEN2
                                            _stdio_init.symtab0xd31c104FUNC<unknown>HIDDEN2
                                            _stdio_openlist.symtab0x241e44OBJECT<unknown>DEFAULT12
                                            _stdio_openlist_add_lock.symtab0x2419c24OBJECT<unknown>DEFAULT12
                                            _stdio_openlist_dec_use.symtab0x13784392FUNC<unknown>HIDDEN2
                                            _stdio_openlist_del_count.symtab0x284244OBJECT<unknown>DEFAULT13
                                            _stdio_openlist_del_lock.symtab0x241b424OBJECT<unknown>DEFAULT12
                                            _stdio_openlist_use_count.symtab0x284204OBJECT<unknown>DEFAULT13
                                            _stdio_streams.symtab0x241e8240OBJECT<unknown>DEFAULT12
                                            _stdio_term.symtab0xd3b8212FUNC<unknown>HIDDEN2
                                            _stdio_user_locking.symtab0x241cc4OBJECT<unknown>DEFAULT12
                                            _stdlib_strto_l.symtab0x10794448FUNC<unknown>HIDDEN2
                                            _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _store_inttype.symtab0x12c7044FUNC<unknown>HIDDEN2
                                            _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _string_syserrmsgs.symtab0x1a8342906OBJECT<unknown>HIDDEN4
                                            _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _uintmaxtostr.symtab0x12c9c348FUNC<unknown>HIDDEN2
                                            _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _vfprintf_internal.symtab0xd5941768FUNC<unknown>HIDDEN2
                                            _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            abort.symtab0x10028296FUNC<unknown>DEFAULT2
                                            abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            access.symtab0xcedc52FUNC<unknown>DEFAULT2
                                            access.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            advance_telstate.symtab0x8720116FUNC<unknown>DEFAULT2
                                            aeabi_unwind_cpp_pr1.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            atoi.symtab0x1075832FUNC<unknown>DEFAULT2
                                            atol.symtab0x1075832FUNC<unknown>DEFAULT2
                                            atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            bcopy.symtab0xe6c016FUNC<unknown>DEFAULT2
                                            been_there_done_that.symtab0x2a6144OBJECT<unknown>DEFAULT13
                                            brk.symtab0x1500c76FUNC<unknown>DEFAULT2
                                            brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            bsd_signal.symtab0xf08c184FUNC<unknown>DEFAULT2
                                            buf.2975.symtab0x2a43816OBJECT<unknown>DEFAULT13
                                            buf.5444.symtab0x2a448440OBJECT<unknown>DEFAULT13
                                            bzero.symtab0xe70012FUNC<unknown>DEFAULT2
                                            c.symtab0x241844OBJECT<unknown>DEFAULT12
                                            calloc.symtab0x14a40308FUNC<unknown>DEFAULT2
                                            calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            chdir.symtab0xcf5052FUNC<unknown>DEFAULT2
                                            chdir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            clock_getres.symtab0x1195052FUNC<unknown>DEFAULT2
                                            clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            close.symtab0xd18c52FUNC<unknown>DEFAULT2
                                            close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            closedir.symtab0x11b80248FUNC<unknown>DEFAULT2
                                            closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            closenameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            commServer.symtab0x240904OBJECT<unknown>DEFAULT12
                                            completed.4959.symtab0x243e81OBJECT<unknown>DEFAULT13
                                            connect.symtab0xeec856FUNC<unknown>DEFAULT2
                                            connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            connectTimeout.symtab0x97e8628FUNC<unknown>DEFAULT2
                                            contains_string.symtab0x842c220FUNC<unknown>DEFAULT2
                                            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            csum.symtab0x9f6c340FUNC<unknown>DEFAULT2
                                            currentServer.symtab0x241804OBJECT<unknown>DEFAULT12
                                            data_start.symtab0x2408c0NOTYPE<unknown>DEFAULT12
                                            decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            environ.symtab0x2a6204OBJECT<unknown>DEFAULT13
                                            errno.symtab0x2a6304OBJECT<unknown>DEFAULT13
                                            errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            execl.symtab0x14f28172FUNC<unknown>DEFAULT2
                                            execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            execve.symtab0x1508452FUNC<unknown>DEFAULT2
                                            execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            exit.symtab0x10954184FUNC<unknown>DEFAULT2
                                            exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            exp10_table.symtab0x1b75072OBJECT<unknown>DEFAULT4
                                            fclose.symtab0x12460436FUNC<unknown>DEFAULT2
                                            fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fcntl.symtab0xd020108FUNC<unknown>DEFAULT2
                                            fd_to_DIR.symtab0x11c78208FUNC<unknown>DEFAULT2
                                            fdopendir.symtab0x11df4152FUNC<unknown>DEFAULT2
                                            fflush_unlocked.symtab0x1390c524FUNC<unknown>DEFAULT2
                                            fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgetc.symtab0x135ec220FUNC<unknown>DEFAULT2
                                            fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgetc_unlocked.symtab0x13b18300FUNC<unknown>DEFAULT2
                                            fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgets.symtab0x136c8188FUNC<unknown>DEFAULT2
                                            fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fgets_unlocked.symtab0x13c44160FUNC<unknown>DEFAULT2
                                            fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fmt.symtab0x1b73820OBJECT<unknown>DEFAULT4
                                            fopen.symtab0x1261432FUNC<unknown>DEFAULT2
                                            fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fork.symtab0xce5852FUNC<unknown>DEFAULT2
                                            fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fputs_unlocked.symtab0xe4d456FUNC<unknown>DEFAULT2
                                            fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            frame_dummy.symtab0x81500FUNC<unknown>DEFAULT2
                                            free.symtab0xfdac572FUNC<unknown>DEFAULT2
                                            free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fseek.symtab0x154f836FUNC<unknown>DEFAULT2
                                            fseeko.symtab0x154f836FUNC<unknown>DEFAULT2
                                            fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fseeko64.symtab0x1551c336FUNC<unknown>DEFAULT2
                                            fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fstat.symtab0x150ec88FUNC<unknown>DEFAULT2
                                            fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            fwrite_unlocked.symtab0xe50c176FUNC<unknown>DEFAULT2
                                            fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getBuild.symtab0x81ec36FUNC<unknown>DEFAULT2
                                            getEndianness.symtab0xc170280FUNC<unknown>DEFAULT2
                                            getHost.symtab0x93f0104FUNC<unknown>DEFAULT2
                                            getRandomIP.symtab0x9f08100FUNC<unknown>DEFAULT2
                                            get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            get_telstate_host.symtab0x86e460FUNC<unknown>DEFAULT2
                                            getc.symtab0x135ec220FUNC<unknown>DEFAULT2
                                            getc_unlocked.symtab0x13b18300FUNC<unknown>DEFAULT2
                                            getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getdtablesize.symtab0x11a2c44FUNC<unknown>DEFAULT2
                                            getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getegid.symtab0x1198420FUNC<unknown>DEFAULT2
                                            getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            geteuid.symtab0x1199820FUNC<unknown>DEFAULT2
                                            geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getgid.symtab0x11a1820FUNC<unknown>DEFAULT2
                                            getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname.symtab0xee4428FUNC<unknown>DEFAULT2
                                            gethostbyname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname2.symtab0xee60104FUNC<unknown>DEFAULT2
                                            gethostbyname2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname2_r.symtab0x147a0672FUNC<unknown>DEFAULT2
                                            gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostbyname_r.symtab0x16e0c760FUNC<unknown>DEFAULT2
                                            gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gethostname.symtab0x17138120FUNC<unknown>DEFAULT2
                                            gethostname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getpagesize.symtab0x1191440FUNC<unknown>DEFAULT2
                                            getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getpid.symtab0xcda020FUNC<unknown>DEFAULT2
                                            getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getrlimit.symtab0x150b852FUNC<unknown>DEFAULT2
                                            getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getsockopt.symtab0xef0068FUNC<unknown>DEFAULT2
                                            getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            gettimeofday.symtab0xcfec52FUNC<unknown>DEFAULT2
                                            gettimeofday.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            getuid.symtab0x1193c20FUNC<unknown>DEFAULT2
                                            getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            h_errno.symtab0x2a6344OBJECT<unknown>DEFAULT13
                                            hoste.5443.symtab0x2a60020OBJECT<unknown>DEFAULT13
                                            htonl.symtab0xed2432FUNC<unknown>DEFAULT2
                                            htons.symtab0xed1416FUNC<unknown>DEFAULT2
                                            i.4768.symtab0x241884OBJECT<unknown>DEFAULT12
                                            index.symtab0xe9b8240FUNC<unknown>DEFAULT2
                                            inet_addr.symtab0xee1c40FUNC<unknown>DEFAULT2
                                            inet_aton.symtab0x146a8248FUNC<unknown>DEFAULT2
                                            inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            inet_ntoa.symtab0xee0028FUNC<unknown>DEFAULT2
                                            inet_ntoa.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            inet_ntoa_r.symtab0xed74140FUNC<unknown>DEFAULT2
                                            inet_ntop.symtab0x15cbc644FUNC<unknown>DEFAULT2
                                            inet_ntop4.symtab0x15b78324FUNC<unknown>DEFAULT2
                                            inet_pton.symtab0x1595c540FUNC<unknown>DEFAULT2
                                            inet_pton4.symtab0x1588c208FUNC<unknown>DEFAULT2
                                            initConnection.symtab0xbea4396FUNC<unknown>DEFAULT2
                                            init_rand.symtab0x8210216FUNC<unknown>DEFAULT2
                                            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            initstate.symtab0x102c4192FUNC<unknown>DEFAULT2
                                            initstate_r.symtab0x10674228FUNC<unknown>DEFAULT2
                                            ioctl.symtab0x11ac084FUNC<unknown>DEFAULT2
                                            ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            isatty.symtab0xec7436FUNC<unknown>DEFAULT2
                                            isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            isspace.symtab0xd1c040FUNC<unknown>DEFAULT2
                                            isspace.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            kill.symtab0xcfb852FUNC<unknown>DEFAULT2
                                            kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            last_id.5501.symtab0x243e42OBJECT<unknown>DEFAULT12
                                            last_ns_num.5500.symtab0x2a63c4OBJECT<unknown>DEFAULT13
                                            libc/string/arm/_memcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/bcopy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/bzero.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/memcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/memmove.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/memset.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/strcmp.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/string/arm/strlen.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/arm/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/arm/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/arm/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/arm/sigrestorer.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            libc/sysdeps/linux/arm/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            listFork.symtab0x9a5c424FUNC<unknown>DEFAULT2
                                            llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            lseek64.symtab0x17208100FUNC<unknown>DEFAULT2
                                            macAddress.symtab0x244186OBJECT<unknown>DEFAULT13
                                            main.symtab0xc2882332FUNC<unknown>DEFAULT2
                                            mainCommSock.symtab0x244084OBJECT<unknown>DEFAULT13
                                            makeIPPacket.symtab0xa194256FUNC<unknown>DEFAULT2
                                            makeRandomStr.symtab0x9458184FUNC<unknown>DEFAULT2
                                            malloc.symtab0xf2282336FUNC<unknown>DEFAULT2
                                            malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            malloc_trim.symtab0xffe864FUNC<unknown>DEFAULT2
                                            matchPrompt.symtab0x9d94372FUNC<unknown>DEFAULT2
                                            memchr.symtab0x14180240FUNC<unknown>DEFAULT2
                                            memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memcpy.symtab0xe6f04FUNC<unknown>DEFAULT2
                                            memmove.symtab0x172704FUNC<unknown>DEFAULT2
                                            mempcpy.symtab0x1455836FUNC<unknown>DEFAULT2
                                            mempcpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memrchr.symtab0x143dc224FUNC<unknown>DEFAULT2
                                            memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                            memset.symtab0xe5c0156FUNC<unknown>DEFAULT2
                                            mmap.symtab0x1178c104FUNC<unknown>DEFAULT2

                                            Network Behavior

                                            Download Network PCAP: filteredfull

                                            Network Port Distribution

                                            • Total Packets: 58
                                            • 443 (HTTPS)
                                            • 53 (DNS)
                                            • 23 (Telnet)
                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 27, 2025 23:05:15.330624104 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:16.346772909 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:17.850730896 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:18.082415104 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:18.082694054 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:18.083842993 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:18.322137117 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:18.362790108 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:19.616926908 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.616986036 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.617021084 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.617053986 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.617085934 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.617106915 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.617106915 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.617106915 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.617106915 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.617121935 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.617156982 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.617156982 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.618000984 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.842705965 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.920779943 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:19.920942068 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:19.921051025 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:20.242211103 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:20.329129934 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:20.329164028 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:20.329309940 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:20.329310894 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:20.330705881 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:20.562731028 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:20.562791109 CET4433790254.171.230.55192.168.2.14
                                            Mar 27, 2025 23:05:20.562819958 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:20.562843084 CET37902443192.168.2.1454.171.230.55
                                            Mar 27, 2025 23:05:22.458570957 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:30.650477886 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:46.777816057 CET5492223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:50.360838890 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:51.385723114 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:53.401622057 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:05:57.529357910 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:05.721295118 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:21.848963022 CET5492423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:25.374341965 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:26.392282963 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:28.408556938 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:32.600214958 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:40.791928053 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:06:56.919450998 CET5492623192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:00.409138918 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:01.431202888 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:03.446934938 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:07.671084881 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:15.862571955 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:31.990015030 CET5492823192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:35.435957909 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:36.437823057 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:38.453829050 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:42.485603094 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:07:50.677378893 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:06.804675102 CET5493023192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:10.461622953 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:11.477587938 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:13.492599010 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:17.556318045 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:25.748080969 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:41.875427008 CET5493223192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:45.499382019 CET5493423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:46.515305042 CET5493423192.168.2.1494.154.34.47
                                            Mar 27, 2025 23:08:48.531296968 CET5493423192.168.2.1494.154.34.47
                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 27, 2025 23:07:59.095937967 CET4236153192.168.2.148.8.8.8
                                            Mar 27, 2025 23:07:59.095988989 CET4315853192.168.2.148.8.8.8
                                            Mar 27, 2025 23:07:59.184546947 CET53431588.8.8.8192.168.2.14
                                            Mar 27, 2025 23:07:59.184556007 CET53423618.8.8.8192.168.2.14

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Mar 27, 2025 23:07:59.095937967 CET192.168.2.148.8.8.80x311eStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                            Mar 27, 2025 23:07:59.095988989 CET192.168.2.148.8.8.80x2731Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Mar 27, 2025 23:07:59.184556007 CET8.8.8.8192.168.2.140x311eNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                                            Mar 27, 2025 23:07:59.184556007 CET8.8.8.8192.168.2.140x311eNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                                            HTTPS Connections

                                            TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                            Mar 27, 2025 23:05:19.617121935 CET54.171.230.55443192.168.2.1437902CN=motd.ubuntu.com CN=R10, O=Let's Encrypt, C=USCN=R10, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USSat Mar 22 09:18:05 CET 2025 Wed Mar 13 01:00:00 CET 2024Fri Jun 20 10:18:04 CEST 2025 Sat Mar 13 00:59:59 CET 2027771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2fb4726d465c5f28b84cd6d14cedd13a7
                                            CN=R10, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                            System Behavior

                                            General

                                            Start time (UTC):22:05:14
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:/tmp/Okami.arm6.elf
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            File Activities

                                            Process Activities

                                            System Activities


                                            General

                                            Start time (UTC):22:05:14
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:14
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:14
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:05:49
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:06:24
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:06:59
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:07:34
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:08:09
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:08:44
                                            Start date (UTC):27/03/2025
                                            Path:/tmp/Okami.arm6.elf
                                            Arguments:-
                                            File size:4956856 bytes
                                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                            Process Activities

                                            Network Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/rm
                                            Arguments:rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3u
                                            File size:72056 bytes
                                            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/cat
                                            Arguments:cat /tmp/tmp.5EyKsbOHwQ
                                            File size:43416 bytes
                                            MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/head
                                            Arguments:head -n 10
                                            File size:47480 bytes
                                            MD5 hash:fd96a67145172477dd57131396fc9608

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/tr
                                            Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                            File size:51544 bytes
                                            MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/cut
                                            Arguments:cut -c -80
                                            File size:47480 bytes
                                            MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/cat
                                            Arguments:cat /tmp/tmp.5EyKsbOHwQ
                                            File size:43416 bytes
                                            MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/head
                                            Arguments:head -n 10
                                            File size:47480 bytes
                                            MD5 hash:fd96a67145172477dd57131396fc9608

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/tr
                                            Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
                                            File size:51544 bytes
                                            MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/cut
                                            Arguments:cut -c -80
                                            File size:47480 bytes
                                            MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

                                            File Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/dash
                                            Arguments:-
                                            File size:129816 bytes
                                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                            Process Activities


                                            General

                                            Start time (UTC):22:05:19
                                            Start date (UTC):27/03/2025
                                            Path:/usr/bin/rm
                                            Arguments:rm -f /tmp/tmp.5EyKsbOHwQ /tmp/tmp.aw3LkkQuNB /tmp/tmp.I0E0Op3b3u
                                            File size:72056 bytes
                                            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                            File Activities