Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report LHzj8KWDB1

Overview

General Information

Sample Name:LHzj8KWDB1
Analysis ID:325000
MD5:d899f236c3a41a8cc6fa1837e93f2125
SHA1:120c338026947ef834b2bb4cee9f58892bd37892
SHA256:1c484e24d1e62d390fe2c3951ceaa804c34ac662e73b7f3d1b21604953133507

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Creates hidden files and/or directories
Executes the "grep" command used to find patterns in files or piped streams
Executes the "mkdir" command used to create folders
Executes the "mktemp" command used to create a temporary unique file name
Executes the "rm" command used to delete files or directories
Executes the "sleep" command used to delay execution and potentially evade sandboxes
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Startup

  • system is lnxubuntu1
  • dash New Fork (PID: 3192, Parent: 3191)
  • sed (PID: 3192, Parent: 3191, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3193, Parent: 3191)
  • sort (PID: 3193, Parent: 3191, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3200, Parent: 2524)
  • sleep (PID: 3200, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3222, Parent: 3221)
  • sed (PID: 3222, Parent: 3221, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3223, Parent: 3221)
  • sort (PID: 3223, Parent: 3221, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3224, Parent: 2524)
  • sleep (PID: 3224, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3250, Parent: 3249)
  • sed (PID: 3250, Parent: 3249, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3251, Parent: 3249)
  • sort (PID: 3251, Parent: 3249, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3252, Parent: 2524)
  • sleep (PID: 3252, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3278, Parent: 3277)
  • sed (PID: 3278, Parent: 3277, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3279, Parent: 3277)
  • sort (PID: 3279, Parent: 3277, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3284, Parent: 2524)
  • sleep (PID: 3284, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3306, Parent: 3305)
  • sed (PID: 3306, Parent: 3305, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3307, Parent: 3305)
  • sort (PID: 3307, Parent: 3305, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3313, Parent: 2524)
  • sleep (PID: 3313, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3334, Parent: 3333)
  • sed (PID: 3334, Parent: 3333, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3335, Parent: 3333)
  • sort (PID: 3335, Parent: 3333, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3336, Parent: 2524)
  • sleep (PID: 3336, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3362, Parent: 3361)
  • sed (PID: 3362, Parent: 3361, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3363, Parent: 3361)
  • sort (PID: 3363, Parent: 3361, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3375, Parent: 2524)
  • sleep (PID: 3375, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3390, Parent: 3389)
  • sed (PID: 3390, Parent: 3389, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3391, Parent: 3389)
  • sort (PID: 3391, Parent: 3389, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3403, Parent: 2524)
  • sleep (PID: 3403, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3418, Parent: 3417)
  • sed (PID: 3418, Parent: 3417, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3419, Parent: 3417)
  • sort (PID: 3419, Parent: 3417, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3428, Parent: 2524)
  • sleep (PID: 3428, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3446, Parent: 3445)
  • sed (PID: 3446, Parent: 3445, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3447, Parent: 3445)
  • sort (PID: 3447, Parent: 3445, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3448, Parent: 2524)
  • sleep (PID: 3448, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • LHzj8KWDB1 (PID: 3483, Parent: 3136, MD5: d899f236c3a41a8cc6fa1837e93f2125) Arguments: /tmp/LHzj8KWDB1
  • dash New Fork (PID: 3516, Parent: 3515)
  • sed (PID: 3516, Parent: 3515, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3517, Parent: 3515)
  • sort (PID: 3517, Parent: 3515, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3530, Parent: 2524)
  • sleep (PID: 3530, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3544, Parent: 3543)
  • sed (PID: 3544, Parent: 3543, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3545, Parent: 3543)
  • sort (PID: 3545, Parent: 3543, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3561, Parent: 2524)
  • sleep (PID: 3561, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3572, Parent: 3571)
  • sed (PID: 3572, Parent: 3571, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
  • dash New Fork (PID: 3573, Parent: 3571)
  • sort (PID: 3573, Parent: 3571, MD5: fb4c334af5810c835b37ec2ec14a35bd) Arguments: sort -u
  • dash New Fork (PID: 3587, Parent: 2524)
  • sleep (PID: 3587, Parent: 2524, MD5: e9887f1d8cae3dc50b4cbac09435a162) Arguments: sleep 1
  • dash New Fork (PID: 3599, Parent: 2524)
  • sed (PID: 3599, Parent: 2524, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -n "/^DOMAINS=/ { s/^.*=/search /; p}" /run/systemd/netif/state
  • dash New Fork (PID: 3600, Parent: 2524)
  • resolvconf (PID: 3600, Parent: 2524, MD5: 4e4ff2bfda7a6d18405a462937b63a2e) Arguments: /bin/sh /sbin/resolvconf -a networkd
    • mkdir (PID: 3601, Parent: 3600, MD5: a97f666f21c85ec62ea47d022263ef41) Arguments: mkdir -p /run/resolvconf/interface
    • resolvconf New Fork (PID: 3602, Parent: 3600)
      • sed (PID: 3603, Parent: 3602, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -e s/#.*$// -e s/[[:blank:]]\\+$// -e s/^[[:blank:]]\\+// -e "s/[[:blank:]]\\+/ /g" -e "/^nameserver/!b ENDOFCYCLE" -e "s/$/ /" -e "s/\\([:. ]\\)0\\+/\\10/g" -e "s/\\([:. ]\\)0\\([123456789abcdefABCDEF][[:xdigit:]]*\\)/\\1\\2/g" -e "/::/b ENDOFCYCLE; s/ \\(0[: ]\\)\\+/ ::/" -e "/::/b ENDOFCYCLE; s/:\\(0[: ]\\)\\+/::/" -e ": ENDOFCYCLE" -
      • sed (PID: 3604, Parent: 3602, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -e s/[[:blank:]]\\+$// -e /^$/d
  • dash New Fork (PID: 3650, Parent: 2079)
  • mkdir (PID: 3650, Parent: 2079, MD5: a97f666f21c85ec62ea47d022263ef41) Arguments: mkdir -p /home/user/.cache/logrotate
  • dash New Fork (PID: 3651, Parent: 2079)
  • mkdir (PID: 3651, Parent: 2079, MD5: a97f666f21c85ec62ea47d022263ef41) Arguments: mkdir -p /home/user/.cache/upstart
  • dash New Fork (PID: 3653, Parent: 2079)
  • egrep (PID: 3653, Parent: 2079, MD5: ef55d1537377114cc24cdc398fbdd930) Arguments: /bin/sh /bin/egrep [^[:print:]] /home/user/.cache/logrotate/status
  • grep (PID: 3653, Parent: 2079, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -E [^[:print:]] /home/user/.cache/logrotate/status
  • dash New Fork (PID: 3705, Parent: 2079)
  • mktemp (PID: 3705, Parent: 2079, MD5: 91cf2e2a84f3b49fdecdd8b631902009) Arguments: mktemp
  • dash New Fork (PID: 3706, Parent: 2079)
  • cat (PID: 3706, Parent: 2079, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat
  • dash New Fork (PID: 3707, Parent: 2079)
  • logrotate (PID: 3707, Parent: 2079, MD5: d0eaf9942936032d217478b93e9cd4b1) Arguments: logrotate -s /home/user/.cache/logrotate/status /tmp/tmp.oaij5EOXjf
    • gzip (PID: 3709, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3749, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3750, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3751, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3752, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3753, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
    • gzip (PID: 3755, Parent: 3707, MD5: 25ea567880cec4ac02e7a77ad304e3c6) Arguments: /bin/gzip
  • dash New Fork (PID: 3764, Parent: 2079)
  • rm (PID: 3764, Parent: 2079, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -f /tmp/tmp.oaij5EOXjf
  • cleanup

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: LHzj8KWDB1Virustotal: Detection: 28%Perma Link
Source: LHzj8KWDB1ReversingLabs: Detection: 31%
Machine Learning detection for sampleShow sources
Source: LHzj8KWDB1Joe Sandbox ML: detected
Source: classification engineClassification label: mal52.lin@0/9@0/0
Source: /bin/mkdir (PID: 3650)Directory: .cache
Source: /bin/mkdir (PID: 3651)Directory: .cache
Source: /bin/egrep (PID: 3653)Grep executable: /bin/grep -> grep -E [^[:print:]] /home/user/.cache/logrotate/status
Source: /sbin/resolvconf (PID: 3601)Mkdir executable: /bin/mkdir -> mkdir -p /run/resolvconf/interface
Source: /bin/dash (PID: 3650)Mkdir executable: /bin/mkdir -> mkdir -p /home/user/.cache/logrotate
Source: /bin/dash (PID: 3651)Mkdir executable: /bin/mkdir -> mkdir -p /home/user/.cache/upstart
Source: /bin/dash (PID: 3705)Mktemp executable: /bin/mktemp -> mktemp
Source: /bin/dash (PID: 3764)Rm executable: /bin/rm -> rm -f /tmp/tmp.oaij5EOXjf
Source: /bin/dash (PID: 3200)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3224)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3252)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3284)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3313)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3336)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3375)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3403)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3428)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3448)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3530)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3561)Sleep executable: /bin/sleep -> sleep 1
Source: /bin/dash (PID: 3587)Sleep executable: /bin/sleep -> sleep 1
Source: /tmp/LHzj8KWDB1 (PID: 3512)Queries kernel information via 'uname':

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionHidden Files and Directories1OS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsFile Deletion1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 325000 Sample: LHzj8KWDB1 Startdate: 01/12/2020 Architecture: LINUX Score: 52 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 7 dash logrotate 2->7         started        9 dash resolvconf 2->9         started        11 dash sleep LHzj8KWDB1 2->11         started        13 45 other processes 2->13 process3 process4 15 logrotate gzip 7->15         started        17 logrotate gzip 7->17         started        19 logrotate gzip 7->19         started        27 4 other processes 7->27 21 resolvconf 9->21         started        23 resolvconf mkdir 9->23         started        25 LHzj8KWDB1 11->25         started        process5 29 resolvconf sed 21->29         started        31 resolvconf sed 21->31         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LHzj8KWDB129%VirustotalBrowse
LHzj8KWDB131%ReversingLabsLinux.Trojan.WinNti
LHzj8KWDB1100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Red Diamond
Analysis ID:325000
Start date:01.12.2020
Start time:07:23:10
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:LHzj8KWDB1
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Detection:MAL
Classification:mal52.lin@0/9@0/0


Runtime Messages

Command:/tmp/LHzj8KWDB1
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/home/user/.cache/logrotate/status.tmp
Process:/usr/sbin/logrotate
File Type:ASCII text
Category:dropped
Size (bytes):1073
Entropy (8bit):4.860811096230358
Encrypted:false
SSDEEP:24:fOeWfnS8JWfnrxwLWfnw7WfnDvVTLbnMHtW8MF8iQlLwWfnRvP:2elIs0nXHtWbFLLs3
MD5:1B24E2657C4F363E367D89E4977A76EF
SHA1:9BC179E6DD7494A3B5E1B701E71D0D77DF298794
SHA-256:F0160AC234828FFBA89B6ECF8A34962EA4D25B85F800D190394C9DB7CC17777A
SHA-512:738E81AA8D359A204EFB01A2E3236AB0BC35148D89467F25C3B473CAAB2496864163BD5F3080CE317EF844AA2705AA1F884AEF66EFF77827382637419723D569
Malicious:false
Reputation:low
Preview: logrotate state -- version 2."/home/user/.cache/upstart/indicator-application.log" 2018-5-7-11:38:22."/home/user/.cache/upstart/indicator-sound.log" 2018-5-7-10:33:19."/home/user/.cache/upstart/indicator-session.log" 2018-5-7-11:38:22."/home/user/.cache/upstart/dbus.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/gnome-keyring-ssh.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/indicator-bluetooth.log" 2018-5-7-11:38:22."/home/user/.cache/upstart/indicator-datetime.log" 2018-5-7-11:38:22."/home/user/.cache/upstart/startxfce4.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/update-notifier-release.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/ssh-agent.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log" 2018-5-7-10:33:19."/home/user/.cache/upstart/indicator-keyboard.log" 2018-5-7-10:33:19."/home/user/.cache/upstart/upstart-event-bridge.log" 2020-12-1-8:23:57."/home/user/.cache/upstart/indicator-power.log" 2018-
/home/user/.cache/upstart/dbus.log.1.gz
Process:/bin/gzip
File Type:Tue Dec 1 06:23:15 2020, from Unix
Category:dropped
Size (bytes):267
Entropy (8bit):7.191585937359256
Encrypted:false
SSDEEP:6:Xl/82YlQuom0gW0F46ASWpC8t0BEP80ryEbjL+swraiuWRGI:XlU2/nLT0F48WUTBEEAJPyROi0I
MD5:E4DFEF59B4B4B04595B0ADA82EE0242A
SHA1:A19869DEB023AB7798078A9347BC571C13B6BF6D
SHA-256:3CC942D71A6A8BEEC829DACC0723F401387A4F94F42D17DFACAB5A8F03041056
SHA-512:0850B78E4DE379535334020161352BED572D1DFAC5708D8F0BB5C963B71AFFD8248A232CC9501949ACC0B215C97A8699D555043F88726E94C2FF95CE7CAB16A0
Malicious:false
Reputation:low
Preview: ....S.._.....N.0...H.Co.E*w.E.8.MbL....EMc.;...3........._~..?.....i....=./(...,........9[....p,......!..p..ANb.e..0....(.y...K...N..<.x..i."+.j=.tfpl..=Ee...."....|`..zb*..KKQ.|Yz..nK!......'"T..f=G=.....s.#.N...eOD....s...u....h@..+...j...P.......A.S.....
/home/user/.cache/upstart/gnome-keyring-ssh.log.1.gz
Process:/bin/gzip
File Type:Mon Jul 27 09:05:22 2020, from Unix
Category:dropped
Size (bytes):99
Entropy (8bit):6.129257882662173
Encrypted:false
SSDEEP:3:FtPaGuofByOJ9+JbgcpuvfIMGddoffEwZW/l:XPa25NrQbgYuoMBfMsGl
MD5:2B8D9549C00943FB9FFC73FD80E6AC1A
SHA1:E6348E8BB25396F0542E7E74AE30AF03F48E237E
SHA-256:606AE477FACBE88A7BF8C1718AE0259E50487BB5F98B80F0E2895DD799BBE858
SHA-512:C2CA8D2DFC0B0E28FDB3E94EF2BE74D7D663E9943EE55D03F9F8C8E1425AC4C0C07391020DEE0931EC9967185BDD75BDA438BC413DDBC6AB18D2EF28388C9D59
Malicious:false
Reputation:moderate, very likely benign file
Preview: ......_....... ....;t...!.@....-.....+B..X.%.J.>..`..jA....:-i.8...i7..f..+....@jB.X.y.OK..Y...
/home/user/.cache/upstart/gpg-agent.log.1.gz
Process:/bin/gzip
File Type:Mon Jul 27 09:05:26 2020, from Unix
Category:dropped
Size (bytes):109
Entropy (8bit):6.285347714840308
Encrypted:false
SSDEEP:3:Ft+KspyDBmKyr7JtqZioTFBkdMl/:X+KspyDB94JtYPk+
MD5:13A3054AF030A536BDA784F022481B4C
SHA1:062CEC7C61E642887CE10970A7353066C4283DFD
SHA-256:0D9475D2511F0A2C555242326C2D4EB69E4456726BDDB84913B95EC59F8FDCF6
SHA-512:EB0A9DDC9D084934F42DF3AC9FE92CE534A841B38F6008774F29788EEFEC4FD22BFE12570B30558A351755347E92742C867B3B65E0616294146C390FB60A3388
Malicious:false
Reputation:moderate, very likely benign file
Preview: ......_.......0....=l...E.C....p&.....fX.L..Wt...)*.*...e.X.......).Fj+.,."E..5f......X.K..w...........
/home/user/.cache/upstart/ssh-agent.log.1.gz
Process:/bin/gzip
File Type:Mon Jul 27 09:05:22 2020, from Unix
Category:dropped
Size (bytes):60
Entropy (8bit):5.121567004295788
Encrypted:false
SSDEEP:3:FtPa5qBO0YYLB0trI1mlwdn:XPa5W2Yt02g6n
MD5:32CF70DC61DECD8DFBC64EB2F2529FAC
SHA1:DAC70D15E4E11407299DC63AAA6774A2393C2316
SHA-256:5F46EF0AAB4AD28F5384537011EDB096F22592BE4EA83194C1A52A11ECAD51D5
SHA-512:D89B691D4403CB3B836F4B50795046DE26AC588D2C03020EC9B944B97259DD7ED759509229E92B601C5050F2A43DCAFA0D098E2EE5E324A56F69E1EE4BB35E87
Malicious:false
Reputation:moderate, very likely benign file
Preview: ......_..+...MLO.+Q(.././(J.-.I,*.Q((.ON-.V024.......["(...
/home/user/.cache/upstart/startxfce4.log.1.gz
Process:/bin/gzip
File Type:Tue Dec 1 07:23:40 2020, from Unix
Category:dropped
Size (bytes):1151
Entropy (8bit):7.839556167257718
Encrypted:false
SSDEEP:24:Xm+BojMnJnBU5Lk9eIEtZHE9LYIOzgczACtLQ1vzKpDk/aR:Xm+iI9u5LCEtFE9LBOzjACEKQA
MD5:E2E6086F5D9E0EA724C732125F13A140
SHA1:E227CFE1AFBE5C431EA916DAAC49BEB7843E06AF
SHA-256:4FE91F0CDD0FB4BB1799CB9830D634BDC33B52908BEDB6DAA3E8793B42ECC83E
SHA-512:F67DCB4FEFBE36B9949D41D8FC793CB0107A383C745D05716C4548E505BC9ED6FAB198560DA86701F55116856D694DA095637D84E4576B636C38ECF0CAD4D4BF
Malicious:false
Reputation:low
Preview: ....|.._...V.n.8....?....d;.M.t#....i'...@Ke..D...V.~....9...s. ..W.{E...7.u}..?.~:J...<.3...w..t...)L..`.....R..z.T.fi...g....%7...s......1\...`%......T.._.e.Ln.}.0.......y.@K...$us...;A..jH..`.gt2."1.i..I_.X....h'....(.Q.k........oW..Z1.g...n...U.....B..-......k.$..t.K.v.`.c...~..nKU&.,"J]X..:.-.n.#j..uoq........Y%Y.=G.O..w...?.]@..U...$.Y....7..7s......u:8.K.....pc..-.g)c..KH@.j.m...9._X.S..4...).O.-.k>...&.....N....L.L.:3.W5.f(^...v.~......}.3bE.O......5......<.4y..4.{..3q.R*u..5b'..e+.'.....R.5... X.[..%...}k..kf@H.J../...!r5...*P..$...p..R..a<HG..w..n.$..r.....f,_V.\.x:g.N$f.4.?p3"y.y.).......m....]...x.i..1....3...^.Z....6}......\...A(y..#.g..a...@........Rc.....8Z..f..tHf.^"%........(i...[..Q....6.t4......+"..l.E!..9..$..V.S..h.H..F....BF..Q..d.y.<a..H..../..U.I.]0.9.h...c.J.;....p;.<.I6k....Y.:..9..>......^...w.4..e..K..u...i.DPIg.........rP.....;....>..).(.+*.....E.p..W$....<;..vE\P..*.l.^S....e.>.1|.v.K...EK.B....;...uZPG.8.:J.&.....@
/home/user/.cache/upstart/update-notifier-release.log.1.gz
Process:/bin/gzip
File Type:Mon Jul 27 09:05:22 2020, from Unix
Category:dropped
Size (bytes):73
Entropy (8bit):5.311208593298957
Encrypted:false
SSDEEP:3:FtPacK82rsFX+TP4P2gt:XPacf2rNWt
MD5:6B9C8B79E6508C02BCACF1C11363D3BC
SHA1:F450E69D5A258FCF4D89E7CDB1FBD7EEC5E19A77
SHA-256:735DFDFE533A05589BFDC9044627395F29312064CFBA09CCB60E010AEC692411
SHA-512:AAE4EF554245D1419335B80EA6ED0E357FCC7032BF991D4808B8A2E09F671BA318B7EF0A8824FA334D6B51EF7104351461814D1EE096D357305914A83380CC35
Malicious:false
Reputation:moderate, very likely benign file
Preview: ......_.....S.*.Q02W04.20.22Rpv..Q0202P.K-W(J.IM,NUH,K..IL.I.......5...
/home/user/.cache/upstart/upstart-event-bridge.log.1.gz
Process:/bin/gzip
File Type:Mon Jul 27 09:05:22 2020, from Unix
Category:dropped
Size (bytes):68
Entropy (8bit):5.395998870534845
Encrypted:false
SSDEEP:3:FtPa5wG0BMPWNLPgXseOBMky:XPa5wG+OQP4OBMV
MD5:1395D405968C76307CBA75C5DDC9CA19
SHA1:C36CEE03E5DF12FBFB57A5EBCEAE329B41AFA1F7
SHA-256:33785027CEE82E878434593B532FE1DF25D46676379757272C1E15C9AADD3B1F
SHA-512:09CAB8DFF495DA9ED715C94E9F24B0C5C40CF0BC8C1B0DEEFB90C54081020AD80AF51636ADCBA368980E2C69119697A65E2E4AC5B834E0F08F88AEA52EFDA257
Malicious:false
Reputation:moderate, very likely benign file
Preview: ......_..+-(.I,*.M-K.+.M*.LIOU(.././(J....(...'...+..X..r......3...
/tmp/tmp.oaij5EOXjf
Process:/bin/cat
File Type:ASCII text
Category:dropped
Size (bytes):141
Entropy (8bit):3.7760909131289533
Encrypted:false
SSDEEP:3:PgWA0uU95y/1aF/g2FFXwyyVDoGeRqcOAvC:PgWl195y9aF/g2FFgfNepvK
MD5:46261223A62EF65D03C70F15EE935267
SHA1:E9102D8808BA6E171405F1830BD7C6B8179C9BF2
SHA-256:DFECC8990014230F50FBAD269AD523A74D16CFB455065EC8D9041764D684C239
SHA-512:380CFA479D6DB2361DCE6A52A516ECBA4D5CCE647299A87C3C3ED5887DB929C81A0F970097E6CF02C11440BCE87299D611B01CE56CF9AF09DCFBBA14249E9AF9
Malicious:false
Reputation:moderate, very likely benign file
Preview: "/home/user/.cache/upstart/*.log" {. hourly. missingok. rotate 7. compress. notifempty. nocreate.}.

Static File Info

General

File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=9aea470313720a07140d2496d5befb203be1324b, not stripped
Entropy (8bit):5.202279012322809
TrID:
  • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
  • ELF Executable and Linkable format (generic) (4004/1) 49.46%
  • Lumena CEL bitmap (63/63) 0.78%
File name:LHzj8KWDB1
File size:49560
MD5:d899f236c3a41a8cc6fa1837e93f2125
SHA1:120c338026947ef834b2bb4cee9f58892bd37892
SHA256:1c484e24d1e62d390fe2c3951ceaa804c34ac662e73b7f3d1b21604953133507
SHA512:bc44ed2dd8fe6d4374302ebe140499574cbbc204724dc5add956ef334913a49a1d794a64961c42dbb4b1b68d7bd4471ace39d306b940626c9e8cd336ed063f51
SSDEEP:768:42sfv8gK0joeWzBP2W/ABt+bplz5SXDd0KY0R90x5:Dgrjo/lBoBtyltYmKT0
File Content Preview:.ELF..............>..... .@.....@...................@.8...@.............@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@....................... .......................`....

Static ELF Info

ELF header

Class:ELF64
Data:2's complement, little endian
Version:1 (current)
Machine:Advanced Micro Devices X86-64
Version Number:0x1
Type:EXEC (Executable file)
OS/ABI:UNIX - System V
ABI Version:0
Entry Point Address:0x401d20
Flags:0x0
ELF Header Size:64
Program Header Offset:64
Program Header Size:56
Number of Program Headers:9
Section Header Offset:47640
Section Header Size:64
Number of Section Headers:30
Header String Table Index:29

Sections

NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
NULL0x00x00x00x00x0000
.interpPROGBITS0x4002380x2380x1c0x00x2A001
.note.ABI-tagNOTE0x4002540x2540x200x00x2A004
.note.gnu.build-idNOTE0x4002740x2740x240x00x2A004
.gnu.hashGNU_HASH0x4002980x2980x240x00x2A508
.dynsymDYNSYM0x4002c00x2c00x8580x180x2A618
.dynstrSTRTAB0x400b180xb180x2e40x00x2A001
.gnu.versionVERSYM0x400dfc0xdfc0xb20x20x2A502
.gnu.version_rVERNEED0x400eb00xeb00x600x00x2A628
.rela.dynRELA0x400f100xf100x180x180x2A508
.rela.pltRELA0x400f280xf280x8400x180x42AI5238
.initPROGBITS0x4017680x17680x1a0x00x6AX004
.pltPROGBITS0x4017900x17900x5900x100x6AX0016
.textPROGBITS0x401d200x1d200x5fc00x00x6AX0016
.finiPROGBITS0x407ce00x7ce00x90x00x6AX004
.rodataPROGBITS0x407cf00x7cf00x5b20x00x2A008
.eh_frame_hdrPROGBITS0x4082a40x82a40x2240x00x2A004
.eh_framePROGBITS0x4084c80x84c80x9340x00x2A008
.init_arrayINIT_ARRAY0x608e000x8e000x80x80x3WA008
.fini_arrayFINI_ARRAY0x608e080x8e080x80x80x3WA008
.jcrPROGBITS0x608e100x8e100x80x00x3WA008
.dynamicDYNAMIC0x608e180x8e180x1e00x100x3WA608
.gotPROGBITS0x608ff80x8ff80x80x80x3WA008
.got.pltPROGBITS0x6090000x90000x2d80x80x3WA008
.dataPROGBITS0x6092e00x92e00x3e00x00x3WA0032
.bssNOBITS0x6096c00x96c00x5600x00x3WA0032
.commentPROGBITS0x00x96c00x2d0x10x30MS001
.symtabSYMTAB0x00x96f00x16500x180x028598
.strtabSTRTAB0x00xad400xbca0x00x0001
.shstrtabSTRTAB0x00xb90a0x1080x00x0001

Program Segments

TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeFlagsFlags DescriptionAlignProg InterpreterSection Mappings
PHDR0x400x4000400x4000400x1f80x1f80x5R E0x8
INTERP0x2380x4002380x4002380x1c0x1c0x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
LOAD0x00x4000000x4000000x8dfc0x8dfc0x5R E0x200000.interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
LOAD0x8e000x608e000x608e000x8c00xe200x6RW 0x200000.init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
DYNAMIC0x8e180x608e180x608e180x1e00x1e00x6RW 0x8.dynamic
NOTE0x2540x4002540x4002540x440x440x4R 0x4.note.ABI-tag .note.gnu.build-id
GNU_EH_FRAME0x82a40x4082a40x4082a40x2240x2240x4R 0x4.eh_frame_hdr
GNU_STACK0x00x00x00x00x00x6RW 0x10
GNU_RELRO0x8e000x608e000x608e000x2000x2000x4R 0x1.init_array .fini_array .jcr .dynamic .got

Dynamic Tags

TypeMetaValueTag
DT_NEEDEDsharedliblibpthread.so.00x1
DT_NEEDEDsharedliblibc.so.60x1
DT_INITvalue0x4017680xc
DT_FINIvalue0x407ce00xd
DT_INIT_ARRAYvalue0x608e000x19
DT_INIT_ARRAYSZbytes80x1b
DT_FINI_ARRAYvalue0x608e080x1a
DT_FINI_ARRAYSZbytes80x1c
DT_GNU_HASHvalue0x4002980x6ffffef5
DT_STRTABvalue0x400b180x5
DT_SYMTABvalue0x4002c00x6
DT_STRSZbytes7400xa
DT_SYMENTbytes240xb
DT_DEBUGvalue0x00x15
DT_PLTGOTvalue0x6090000x3
DT_PLTRELSZbytes21120x2
DT_PLTRELpltrelDT_RELA0x14
DT_JMPRELvalue0x400f280x17
DT_RELAvalue0x400f100x7
DT_RELASZbytes240x8
DT_RELAENTbytes240x9
DT_VERNEEDvalue0x400eb00x6ffffffe
DT_VERNEEDNUMvalue20x6fffffff
DT_VERSYMvalue0x400dfc0x6ffffff0
DT_NULLvalue0x00x0

Symbols

NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
__errno_locationGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
__gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
__libc_start_mainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
__xstat64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
acceptGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
alphasort64GLIBC_2.2.5libc.so.6.dynsym0x401c700FUNC<unknown>DEFAULTSHN_UNDEF
asctimeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
bindGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
bzeroGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
chdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
closeGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
closedirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
connectGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
daemonGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
dup2GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
execveGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fcloseGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fcntlGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fgetsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fopen64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
forkGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
freadGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
freeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fseekGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
getgrgidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
gethostbynameGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
getpidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
getpwuidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
getsockoptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
grantptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
htonsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_addrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_atonGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_ntoaGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_ptonGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
ioctlGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
killGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
lchownGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
listenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
localtimeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
memcpyGLIBC_2.14libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
memmoveGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
mkdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
ntohsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
open64GLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
opendirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
pauseGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
perrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_createGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_detachGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_selfGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_sigmaskGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
randGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
readGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
readdir64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
reallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
realpathGLIBC_2.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
recvfromGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
removeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
rmdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
scandir64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
selectGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
sendtoGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
setsidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
setsockoptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
sigaddsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
sigemptysetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
sleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
snprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
socketGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
sprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
srandGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strcatGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strchrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strcmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strcpyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strncpyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
strtokGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
unameGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
unlockptGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
waitGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
writeGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
GLIBC_2.2.5libc.so.6.symtab0x4002380SECTION<unknown>DEFAULT1
GLIBC_2.2.5libpthread.so.0.symtab0x4002540SECTION<unknown>DEFAULT2
GLIBC_2.2.5libpthread.so.0.symtab0x4002740SECTION<unknown>DEFAULT3
GLIBC_2.2.5libpthread.so.0.symtab0x4002980SECTION<unknown>DEFAULT4
GLIBC_2.2.5libc.so.6.symtab0x4002c00SECTION<unknown>DEFAULT5
GLIBC_2.2.5libpthread.so.0.symtab0x400b180SECTION<unknown>DEFAULT6
GLIBC_2.2.5libc.so.6.symtab0x400dfc0SECTION<unknown>DEFAULT7
GLIBC_2.2.5libc.so.6.symtab0x400eb00SECTION<unknown>DEFAULT8
GLIBC_2.2.5libc.so.6.symtab0x400f100SECTION<unknown>DEFAULT9
GLIBC_2.2.5libc.so.6.symtab0x400f280SECTION<unknown>DEFAULT10
GLIBC_2.2.5libc.so.6.symtab0x4017680SECTION<unknown>DEFAULT11
GLIBC_2.2.5libc.so.6.symtab0x4017900SECTION<unknown>DEFAULT12
GLIBC_2.2.5libpthread.so.0.symtab0x401d200SECTION<unknown>DEFAULT13
GLIBC_2.2.5libpthread.so.0.symtab0x407ce00SECTION<unknown>DEFAULT14
GLIBC_2.2.5libc.so.6.symtab0x407cf00SECTION<unknown>DEFAULT15
GLIBC_2.2.5libc.so.6.symtab0x4082a40SECTION<unknown>DEFAULT16
GLIBC_2.2.5libc.so.6.symtab0x4084c80SECTION<unknown>DEFAULT17
GLIBC_2.2.5libc.so.6.symtab0x608e000SECTION<unknown>DEFAULT18
GLIBC_2.2.5libc.so.6.symtab0x608e080SECTION<unknown>DEFAULT19
GLIBC_2.2.5libc.so.6.symtab0x608e100SECTION<unknown>DEFAULT20
GLIBC_2.2.5libc.so.6.symtab0x608e180SECTION<unknown>DEFAULT21
GLIBC_2.2.5libc.so.6.symtab0x608ff80SECTION<unknown>DEFAULT22
GLIBC_2.2.5libc.so.6.symtab0x6090000SECTION<unknown>DEFAULT23
GLIBC_2.2.5libc.so.6.symtab0x6092e00SECTION<unknown>DEFAULT24
GLIBC_2.2.5libc.so.6.symtab0x6096c00SECTION<unknown>DEFAULT25
GLIBC_2.2.5libc.so.6.symtab0x00SECTION<unknown>DEFAULT26
GLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
AddDNS.symtab0x4030f7554FUNC<unknown>DEFAULT13
CalcCrc32.symtab0x4073ba82FUNC<unknown>DEFAULT13
CalcHeaderCrcGLIBC_2.2.5libc.so.6.symtab0x40740c28FUNC<unknown>DEFAULT13
CalcUdpHeaderCrc.symtab0x40742848FUNC<unknown>DEFAULT13
CanConnect.symtab0x6097f04OBJECT<unknown>DEFAULT25
CheckLKM.symtab0x402c53109FUNC<unknown>DEFAULT13
DNS_ADDR.symtab0x6096b016OBJECT<unknown>DEFAULT24
DNS_PORT.symtab0x40829c4OBJECT<unknown>DEFAULT15
DecRemoteIP.symtab0x6093a0768OBJECT<unknown>DEFAULT24
DecRemotePort.symtab0x6096a012OBJECT<unknown>DEFAULT24
DelDNS.symtab0x403321315FUNC<unknown>DEFAULT13
Del_dirs.symtab0x4027dc251FUNC<unknown>DEFAULT13
DownFile.symtab0x401e0d575FUNC<unknown>DEFAULT13
DownThread.symtab0x40204c461FUNC<unknown>DEFAULT13
FileThread.symtab0x402999698FUNC<unknown>DEFAULT13
Forwarding.symtab0x404aed717FUNC<unknown>DEFAULT13
Get_AllIP.symtab0x4069e0370FUNC<unknown>DEFAULT13
Hide.symtab0x40345c344FUNC<unknown>DEFAULT13
HideFile.symtab0x402db4141FUNC<unknown>DEFAULT13
HidePidPort.symtab0x402d3a122FUNC<unknown>DEFAULT13
HideThread.symtab0x4035b4466FUNC<unknown>DEFAULT13
Loop.symtab0x404a65136FUNC<unknown>DEFAULT13
LoopData.symtab0x40558b694FUNC<unknown>DEFAULT13
MAGIC.symtab0x6096e0255OBJECT<unknown>DEFAULT25
MainThread.symtab0x403f231643FUNC<unknown>DEFAULT13
MakeDir.symtab0x4028d7194FUNC<unknown>DEFAULT13
PortMapThread.symtab0x4051ff661FUNC<unknown>DEFAULT13
PortforwardThread.symtab0x404dba721FUNC<unknown>DEFAULT13
PtyShell.symtab0x405841492FUNC<unknown>DEFAULT13
PtyThreadGLIBC_2.2.5libc.so.6.symtab0x405a2d461FUNC<unknown>DEFAULT13
ReConnect.symtab0x4037861260FUNC<unknown>DEFAULT13
ReadReConnConf.symtab0x403c72689FUNC<unknown>DEFAULT13
RecvFile.symtab0x406ee2685FUNC<unknown>DEFAULT13
Transmit.symtab0x40508b372FUNC<unknown>DEFAULT13
TransmitData.symtab0x406752654FUNC<unknown>DEFAULT13
UdpConnectIPGLIBC_2.2.5libpthread.so.0.symtab0x6097f88OBJECT<unknown>DEFAULT25
UdpConnectPort.symtab0x6098004OBJECT<unknown>DEFAULT25
UdpThreadGLIBC_2.2.5libc.so.6.symtab0x406b52912FUNC<unknown>DEFAULT13
Unknown.symtab0x6093008OBJECT<unknown>DEFAULT24
UpThread.symtab0x40718f461FUNC<unknown>DEFAULT13
_DYNAMICGLIBC_2.2.5libc.so.6.symtab0x608e180OBJECT<unknown>DEFAULT21
_GLOBAL_OFFSET_TABLE_GLIBC_2.2.5libc.so.6.symtab0x6090000OBJECT<unknown>DEFAULT23
_IO_stdin_used.symtab0x407cf04OBJECT<unknown>DEFAULT15
__FRAME_END__GLIBC_2.14libc.so.6.symtab0x408df80OBJECT<unknown>DEFAULT17
__GNU_EH_FRAME_HDRGLIBC_2.2.5libpthread.so.0.symtab0x4082a40NOTYPE<unknown>DEFAULT16
__JCR_END__GLIBC_2.2.5libc.so.6.symtab0x608e100OBJECT<unknown>DEFAULT20
__JCR_LIST__GLIBC_2.2.5libc.so.6.symtab0x608e100OBJECT<unknown>DEFAULT20
__TMC_END__.symtab0x6096c00OBJECT<unknown>HIDDEN24
__bss_start.symtab0x6096c00NOTYPE<unknown>DEFAULT25
__data_start.symtab0x6092e00NOTYPE<unknown>DEFAULT24
__do_global_dtors_auxGLIBC_2.2.5libc.so.6.symtab0x401dc00FUNC<unknown>DEFAULT13
__do_global_dtors_aux_fini_array_entryGLIBC_2.2.5libpthread.so.0.symtab0x608e080OBJECT<unknown>DEFAULT19
__dso_handle.symtab0x407cf80OBJECT<unknown>HIDDEN15
__errno_location@@GLIBC_2.2.5GLIBC_2.2.5libpthread.so.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
__frame_dummy_init_array_entryGLIBC_2.2.5libc.so.6.symtab0x608e000OBJECT<unknown>DEFAULT18
__gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
__init_array_endGLIBC_2.2.5libc.so.6.symtab0x608e080NOTYPE<unknown>DEFAULT18
__init_array_startGLIBC_2.2.5libc.so.6.symtab0x608e000NOTYPE<unknown>DEFAULT18
__libc_csu_finiGLIBC_2.2.5libc.so.6.symtab0x407cc02FUNC<unknown>DEFAULT13
__libc_csu_init.symtab0x407c50101FUNC<unknown>DEFAULT13
__libc_start_main@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
__xstat64@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
_edata.symtab0x6096c00NOTYPE<unknown>DEFAULT24
_end.symtab0x609c200NOTYPE<unknown>DEFAULT25
_fini.symtab0x407ce00FUNC<unknown>DEFAULT14
_init.symtab0x4017680FUNC<unknown>DEFAULT11
_start.symtab0x401d200FUNC<unknown>DEFAULT13
accept@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
alphasort64@@GLIBC_2.2.5.symtab0x401c700FUNC<unknown>DEFAULTSHN_UNDEF
asctime@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
bind@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
bypass_iptables.symtab0x402cc0122FUNC<unknown>DEFAULT13
bzero@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
chdir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
close@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
closedir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
completed.6355GLIBC_2.2.5libc.so.6.symtab0x6096c01OBJECT<unknown>DEFAULT25
conf_DNS.symtab0x402fee265FUNC<unknown>DEFAULT13
conf_DelAll_DNS.symtab0x402f81109FUNC<unknown>DEFAULT13
connect@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
crc32.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
crc_table.symtab0x6098201024OBJECT<unknown>DEFAULT25
createsocketGLIBC_2.2.5libpthread.so.0.symtab0x406554144FUNC<unknown>DEFAULT13
createudpsocketGLIBC_2.2.5libc.so.6.symtab0x4065e4169FUNC<unknown>DEFAULT13
crtstuff.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
crtstuff.cGLIBC_2.3libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
daemon@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
data_startGLIBC_2.2.5libc.so.6.symtab0x6092e00NOTYPE<unknown>DEFAULT24
del_dir.symtab0x4026b2298FUNC<unknown>DEFAULT13
deregister_tm_clonesGLIBC_2.2.5libc.so.6.symtab0x401d500FUNC<unknown>DEFAULT13
dns.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
down.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
dup2@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
earg.symtab0x60932024OBJECT<unknown>DEFAULT24
encrypt.cGLIBC_2.2.5libpthread.so.0.symtab0x00FILE<unknown>DEFAULTSHN_ABS
encrypt_codeGLIBC_2.2.5libc.so.6.symtab0x40221993FUNC<unknown>DEFAULT13
encrypt_pty.symtab0x40227673FUNC<unknown>DEFAULT13
envpGLIBC_2.2.5libpthread.so.0.symtab0x60934088OBJECT<unknown>DEFAULT24
execve@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
exit@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fclose@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fcntl@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fgets@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
file.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
fix_domain.symtab0x402e41320FUNC<unknown>DEFAULT13
fopen64@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fork@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
frame_dummyGLIBC_2.2.5libpthread.so.0.symtab0x401de00FUNC<unknown>DEFAULT13
fread@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
free@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fseek@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
fwrite@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
g_in_addr.symtab0x6098044OBJECT<unknown>DEFAULT25
g_in_port.symtab0x6098084OBJECT<unknown>DEFAULT25
get_mac.symtab0x40458e791FUNC<unknown>DEFAULT13
get_randstr.symtab0x407458147FUNC<unknown>DEFAULT13
getfiles.symtab0x4022bf1011FUNC<unknown>DEFAULT13
getgrgid@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
gethostbyname@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
getpid@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
getpwuid@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
getsockopt@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
grantpt@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
hide.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
htons@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_addr@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_aton@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_ntoa@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
inet_pton@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
init_crc_table.symtab0x40735c94FUNC<unknown>DEFAULT13
ioctl@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
is_ip.symtab0x405bfa41FUNC<unknown>DEFAULT13
kill@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
lchown@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
listen@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
localtime@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
main.symtab0x4048a5448FUNC<unknown>DEFAULT13
main.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
make_network_ip.symtab0x405c23172FUNC<unknown>DEFAULT13
malloc@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
memcpy@@GLIBC_2.14.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
memmove@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
memset@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
mkdir@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
my_ptsnameGLIBC_2.2.5libpthread.so.0.symtab0x40549483FUNC<unknown>DEFAULT13
ntohs@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
open64@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
opendir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
pause@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
perror@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
pkgDNS.symtab0x4074eb810FUNC<unknown>DEFAULT13
portforward.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
portmap.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
pthread_create@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_detach@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_self@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
pthread_sigmask@@GLIBC_2.2.5GLIBC_2.2.5libpthread.so.0.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
ptmx_open.symtab0x4054e7164FUNC<unknown>DEFAULT13
pts_name.5013GLIBC_2.2.5libc.so.6.symtab0x6097e016OBJECT<unknown>DEFAULT25
pty.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
rand@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
read@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
readdir64@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
realloc@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
realpath@@GLIBC_2.3.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
recvAnalyse.symtab0x407815306FUNC<unknown>DEFAULT13
recv_.symtab0x4060b442FUNC<unknown>DEFAULT13
recv_t.symtab0x406108419FUNC<unknown>DEFAULT13
recvfrom@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
recvfromTimeOut.symtab0x407947204FUNC<unknown>DEFAULT13
register_tm_clonesGLIBC_2.2.5libc.so.6.symtab0x401d800FUNC<unknown>DEFAULT13
remove@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
resolve.symtab0x407a13563FUNC<unknown>DEFAULT13
rmdir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
saferecvGLIBC_2.2.5libc.so.6.symtab0x4062ab131FUNC<unknown>DEFAULT13
safesend.symtab0x4064d1131FUNC<unknown>DEFAULT13
scandir64@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
select@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
send_.symtab0x4060de42FUNC<unknown>DEFAULT13
send_t.symtab0x40632e419FUNC<unknown>DEFAULT13
sendto@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
sendudpGLIBC_2.2.5libc.so.6.symtab0x40668d197FUNC<unknown>DEFAULT13
set_sock_keep_alive.symtab0x405ccf351FUNC<unknown>DEFAULT13
setsid@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
setsockopt@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
sigaddset@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
sigemptyset@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
sleep@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
snprintf@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
socket.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
socket@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
sprintf@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
srand@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
stat64.symtab0x407cd016FUNC<unknown>HIDDEN13
strcat@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strchr@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strcmp@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strcpy@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strlen@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strncpy@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
strtok@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
tcp_connectGLIBC_2.2.5libpthread.so.0.symtab0x405e2e646FUNC<unknown>DEFAULT13
time@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
udp.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
uname@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
unlockpt@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
up.cGLIBC_2.2.5libc.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
wait@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
write@@GLIBC_2.2.5GLIBC_2.2.5libc.so.6.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
xorkeys.symtab0x6092f016OBJECT<unknown>DEFAULT24

Network Behavior

No network behavior found

System Behavior

Analysis Process: dash PID: 3192 Parent PID: 3191

General

Start time:07:23:32
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3192 Parent PID: 3191

General

Start time:07:23:32
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3193 Parent PID: 3191

General

Start time:07:23:32
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3193 Parent PID: 3191

General

Start time:07:23:32
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3200 Parent PID: 2524

General

Start time:07:23:32
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3200 Parent PID: 2524

General

Start time:07:23:32
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3222 Parent PID: 3221

General

Start time:07:23:33
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3222 Parent PID: 3221

General

Start time:07:23:33
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3223 Parent PID: 3221

General

Start time:07:23:33
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3223 Parent PID: 3221

General

Start time:07:23:33
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3224 Parent PID: 2524

General

Start time:07:23:33
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3224 Parent PID: 2524

General

Start time:07:23:33
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3250 Parent PID: 3249

General

Start time:07:23:34
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3250 Parent PID: 3249

General

Start time:07:23:34
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3251 Parent PID: 3249

General

Start time:07:23:34
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3251 Parent PID: 3249

General

Start time:07:23:34
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3252 Parent PID: 2524

General

Start time:07:23:34
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3252 Parent PID: 2524

General

Start time:07:23:34
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3278 Parent PID: 3277

General

Start time:07:23:35
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3278 Parent PID: 3277

General

Start time:07:23:35
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3279 Parent PID: 3277

General

Start time:07:23:35
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3279 Parent PID: 3277

General

Start time:07:23:35
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3284 Parent PID: 2524

General

Start time:07:23:35
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3284 Parent PID: 2524

General

Start time:07:23:35
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3306 Parent PID: 3305

General

Start time:07:23:36
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3306 Parent PID: 3305

General

Start time:07:23:36
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3307 Parent PID: 3305

General

Start time:07:23:36
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3307 Parent PID: 3305

General

Start time:07:23:36
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3313 Parent PID: 2524

General

Start time:07:23:36
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3313 Parent PID: 2524

General

Start time:07:23:36
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3334 Parent PID: 3333

General

Start time:07:23:37
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3334 Parent PID: 3333

General

Start time:07:23:37
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3335 Parent PID: 3333

General

Start time:07:23:37
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3335 Parent PID: 3333

General

Start time:07:23:37
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3336 Parent PID: 2524

General

Start time:07:23:37
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3336 Parent PID: 2524

General

Start time:07:23:37
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3362 Parent PID: 3361

General

Start time:07:23:38
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3362 Parent PID: 3361

General

Start time:07:23:38
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3363 Parent PID: 3361

General

Start time:07:23:38
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3363 Parent PID: 3361

General

Start time:07:23:38
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3375 Parent PID: 2524

General

Start time:07:23:38
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3375 Parent PID: 2524

General

Start time:07:23:38
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3390 Parent PID: 3389

General

Start time:07:23:39
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3390 Parent PID: 3389

General

Start time:07:23:39
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3391 Parent PID: 3389

General

Start time:07:23:39
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3391 Parent PID: 3389

General

Start time:07:23:39
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3403 Parent PID: 2524

General

Start time:07:23:39
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3403 Parent PID: 2524

General

Start time:07:23:39
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3418 Parent PID: 3417

General

Start time:07:23:40
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3418 Parent PID: 3417

General

Start time:07:23:40
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3419 Parent PID: 3417

General

Start time:07:23:40
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3419 Parent PID: 3417

General

Start time:07:23:40
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3428 Parent PID: 2524

General

Start time:07:23:40
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3428 Parent PID: 2524

General

Start time:07:23:40
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3446 Parent PID: 3445

General

Start time:07:23:41
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3446 Parent PID: 3445

General

Start time:07:23:41
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3447 Parent PID: 3445

General

Start time:07:23:41
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3447 Parent PID: 3445

General

Start time:07:23:41
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3448 Parent PID: 2524

General

Start time:07:23:41
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3448 Parent PID: 2524

General

Start time:07:23:41
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: LHzj8KWDB1 PID: 3483 Parent PID: 3136

General

Start time:07:23:41
Start date:01/12/2020
Path:/tmp/LHzj8KWDB1
Arguments:/tmp/LHzj8KWDB1
File size:49560 bytes
MD5 hash:d899f236c3a41a8cc6fa1837e93f2125

Chronological Activities

Analysis Process: LHzj8KWDB1 PID: 3512 Parent PID: 3483

General

Start time:07:23:41
Start date:01/12/2020
Path:/tmp/LHzj8KWDB1
Arguments:n/a
File size:49560 bytes
MD5 hash:d899f236c3a41a8cc6fa1837e93f2125

Chronological Activities

Analysis Process: dash PID: 3516 Parent PID: 3515

General

Start time:07:23:42
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3516 Parent PID: 3515

General

Start time:07:23:42
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3517 Parent PID: 3515

General

Start time:07:23:42
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3517 Parent PID: 3515

General

Start time:07:23:42
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3530 Parent PID: 2524

General

Start time:07:23:42
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3530 Parent PID: 2524

General

Start time:07:23:42
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3544 Parent PID: 3543

General

Start time:07:23:43
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3544 Parent PID: 3543

General

Start time:07:23:43
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3545 Parent PID: 3543

General

Start time:07:23:43
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3545 Parent PID: 3543

General

Start time:07:23:43
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3561 Parent PID: 2524

General

Start time:07:23:43
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3561 Parent PID: 2524

General

Start time:07:23:43
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3572 Parent PID: 3571

General

Start time:07:23:44
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3572 Parent PID: 3571

General

Start time:07:23:44
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DNS=/ { s/^DNS=/nameserver /; p}" /run/systemd/netif/state /run/systemd/netif/leases/*
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3573 Parent PID: 3571

General

Start time:07:23:44
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sort PID: 3573 Parent PID: 3571

General

Start time:07:23:44
Start date:01/12/2020
Path:/usr/bin/sort
Arguments:sort -u
File size:110040 bytes
MD5 hash:fb4c334af5810c835b37ec2ec14a35bd

Chronological Activities

Analysis Process: dash PID: 3587 Parent PID: 2524

General

Start time:07:23:44
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sleep PID: 3587 Parent PID: 2524

General

Start time:07:23:44
Start date:01/12/2020
Path:/bin/sleep
Arguments:sleep 1
File size:31408 bytes
MD5 hash:e9887f1d8cae3dc50b4cbac09435a162

Chronological Activities

Analysis Process: dash PID: 3599 Parent PID: 2524

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: sed PID: 3599 Parent PID: 2524

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -n "/^DOMAINS=/ { s/^.*=/search /; p}" /run/systemd/netif/state
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3600 Parent PID: 2524

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: resolvconf PID: 3600 Parent PID: 2524

General

Start time:07:23:45
Start date:01/12/2020
Path:/sbin/resolvconf
Arguments:/bin/sh /sbin/resolvconf -a networkd
File size:4590 bytes
MD5 hash:4e4ff2bfda7a6d18405a462937b63a2e

Chronological Activities

Analysis Process: resolvconf PID: 3601 Parent PID: 3600

General

Start time:07:23:45
Start date:01/12/2020
Path:/sbin/resolvconf
Arguments:n/a
File size:4590 bytes
MD5 hash:4e4ff2bfda7a6d18405a462937b63a2e

Chronological Activities

Analysis Process: mkdir PID: 3601 Parent PID: 3600

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/mkdir
Arguments:mkdir -p /run/resolvconf/interface
File size:76848 bytes
MD5 hash:a97f666f21c85ec62ea47d022263ef41

Chronological Activities

Analysis Process: resolvconf PID: 3602 Parent PID: 3600

General

Start time:07:23:45
Start date:01/12/2020
Path:/sbin/resolvconf
Arguments:n/a
File size:4590 bytes
MD5 hash:4e4ff2bfda7a6d18405a462937b63a2e

Chronological Activities

Analysis Process: resolvconf PID: 3603 Parent PID: 3602

General

Start time:07:23:45
Start date:01/12/2020
Path:/sbin/resolvconf
Arguments:n/a
File size:4590 bytes
MD5 hash:4e4ff2bfda7a6d18405a462937b63a2e

Chronological Activities

Analysis Process: sed PID: 3603 Parent PID: 3602

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -e s/#.*$// -e s/[[:blank:]]\\+$// -e s/^[[:blank:]]\\+// -e "s/[[:blank:]]\\+/ /g" -e "/^nameserver/!b ENDOFCYCLE" -e "s/$/ /" -e "s/\\([:. ]\\)0\\+/\\10/g" -e "s/\\([:. ]\\)0\\([123456789abcdefABCDEF][[:xdigit:]]*\\)/\\1\\2/g" -e "/::/b ENDOFCYCLE; s/ \\(0[: ]\\)\\+/ ::/" -e "/::/b ENDOFCYCLE; s/:\\(0[: ]\\)\\+/::/" -e ": ENDOFCYCLE" -
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: resolvconf PID: 3604 Parent PID: 3602

General

Start time:07:23:45
Start date:01/12/2020
Path:/sbin/resolvconf
Arguments:n/a
File size:4590 bytes
MD5 hash:4e4ff2bfda7a6d18405a462937b63a2e

Chronological Activities

Analysis Process: sed PID: 3604 Parent PID: 3602

General

Start time:07:23:45
Start date:01/12/2020
Path:/bin/sed
Arguments:sed -e s/[[:blank:]]\\+$// -e /^$/d
File size:73424 bytes
MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dash PID: 3650 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: mkdir PID: 3650 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/mkdir
Arguments:mkdir -p /home/user/.cache/logrotate
File size:76848 bytes
MD5 hash:a97f666f21c85ec62ea47d022263ef41

Chronological Activities

Analysis Process: dash PID: 3651 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: mkdir PID: 3651 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/mkdir
Arguments:mkdir -p /home/user/.cache/upstart
File size:76848 bytes
MD5 hash:a97f666f21c85ec62ea47d022263ef41

Chronological Activities

Analysis Process: dash PID: 3653 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: egrep PID: 3653 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/egrep
Arguments:/bin/sh /bin/egrep [^[:print:]] /home/user/.cache/logrotate/status
File size:28 bytes
MD5 hash:ef55d1537377114cc24cdc398fbdd930

Chronological Activities

Analysis Process: grep PID: 3653 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/grep
Arguments:grep -E [^[:print:]] /home/user/.cache/logrotate/status
File size:211224 bytes
MD5 hash:fc9b0a0ff848b35b3716768695bf2427

Chronological Activities

Analysis Process: dash PID: 3705 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: mktemp PID: 3705 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/mktemp
Arguments:mktemp
File size:39728 bytes
MD5 hash:91cf2e2a84f3b49fdecdd8b631902009

Chronological Activities

Analysis Process: dash PID: 3706 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: cat PID: 3706 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/cat
Arguments:cat
File size:52080 bytes
MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

Chronological Activities

Analysis Process: dash PID: 3707 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: logrotate PID: 3707 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:logrotate -s /home/user/.cache/logrotate/status /tmp/tmp.oaij5EOXjf
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: logrotate PID: 3709 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3709 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3749 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3749 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3750 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3750 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3751 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3751 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3752 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3752 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3753 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3753 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: logrotate PID: 3755 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/usr/sbin/logrotate
Arguments:n/a
File size:64624 bytes
MD5 hash:d0eaf9942936032d217478b93e9cd4b1

Chronological Activities

Analysis Process: gzip PID: 3755 Parent PID: 3707

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/gzip
Arguments:/bin/gzip
File size:98240 bytes
MD5 hash:25ea567880cec4ac02e7a77ad304e3c6

Chronological Activities

Analysis Process: dash PID: 3764 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/dash
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

Chronological Activities

Analysis Process: rm PID: 3764 Parent PID: 2079

General

Start time:07:23:57
Start date:01/12/2020
Path:/bin/rm
Arguments:rm -f /tmp/tmp.oaij5EOXjf
File size:60272 bytes
MD5 hash:b79876063d894c449856cca508ecca7f

Chronological Activities