Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528725
MD5:	c5a7597174f34e5bfef4ca063a024e36
SHA1:	54ec58de428ef39d723d3db0469e57354bf56c3f
SHA256:	44e5a671bc74a505710ddec45ec0aae9f6709d70c1193fd83a6f4f452ed194db
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	92
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Detected Mirai

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Mirai

Contains symbols with names commonly found in malware

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Detected TCP or UDP traffic on non-standard ports

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528725
Start date and time:	2024-10-08 09:55:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal92.spre.troj.linELF@0/0@12/0

Runtime Messages

Command:	/tmp/na.elf
PID:	5529
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	listening to tun0
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 5529, Parent: 5453, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/na.elf

na.elf New Fork (PID: 5531, Parent: 5529)

na.elf New Fork (PID: 5533, Parent: 5529)

udisksd New Fork (PID: 5539, Parent: 803)

dumpe2fs (PID: 5539, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

gnome-session-binary New Fork (PID: 5595, Parent: 1498)

sh (PID: 5595, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing

gsd-sharing (PID: 5595, Parent: 1498, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing

systemd New Fork (PID: 5615, Parent: 1)

upowerd (PID: 5615, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

gnome-session-binary New Fork (PID: 5633, Parent: 1498)

sh (PID: 5633, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom

gsd-wacom (PID: 5633, Parent: 1498, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom

gnome-session-binary New Fork (PID: 5662, Parent: 1498)

sh (PID: 5662, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard

gsd-keyboard (PID: 5662, Parent: 1498, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard

gvfsd-fuse New Fork (PID: 5663, Parent: 3210)

fusermount (PID: 5663, Parent: 3210, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

xfce4-panel New Fork (PID: 5664, Parent: 3235)

wrapper-2.0 (PID: 5664, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

udisksd New Fork (PID: 5665, Parent: 803)

dumpe2fs (PID: 5665, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

gnome-session-binary New Fork (PID: 5666, Parent: 1498)

sh (PID: 5666, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications

gsd-print-notifications (PID: 5666, Parent: 1498, MD5: 71539698aa691718cee775d6b9450ae2) Arguments: /usr/libexec/gsd-print-notifications

xfce4-panel New Fork (PID: 5668, Parent: 3235)

wrapper-2.0 (PID: 5668, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

gnome-session-binary New Fork (PID: 5670, Parent: 1498)

sh (PID: 5670, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill

gsd-rfkill (PID: 5670, Parent: 1498, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill

xfce4-panel New Fork (PID: 5671, Parent: 3235)

wrapper-2.0 (PID: 5671, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

xfce4-panel New Fork (PID: 5674, Parent: 3235)

wrapper-2.0 (PID: 5674, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

gnome-session-binary New Fork (PID: 5677, Parent: 1498)

sh (PID: 5677, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard

gsd-smartcard (PID: 5677, Parent: 1498, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard

gnome-session-binary New Fork (PID: 5683, Parent: 1498)

sh (PID: 5683, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime

xfce4-panel New Fork (PID: 5684, Parent: 3235)

wrapper-2.0 (PID: 5684, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

xfce4-panel New Fork (PID: 5685, Parent: 3235)

wrapper-2.0 (PID: 5685, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

gnome-session-binary New Fork (PID: 5686, Parent: 1498)

sh (PID: 5686, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys

gsd-media-keys (PID: 5686, Parent: 1498, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys

systemd New Fork (PID: 5687, Parent: 1)

upowerd (PID: 5687, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

gnome-session-binary New Fork (PID: 5725, Parent: 1498)

sh (PID: 5725, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy

gsd-screensaver-proxy (PID: 5725, Parent: 1498, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy

gnome-session-binary New Fork (PID: 5726, Parent: 1498)

sh (PID: 5726, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings

gsd-a11y-settings (PID: 5726, Parent: 1498, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings

udisksd New Fork (PID: 5728, Parent: 803)

dumpe2fs (PID: 5728, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

gnome-session-binary New Fork (PID: 5731, Parent: 1498)

sh (PID: 5731, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound

gsd-sound (PID: 5731, Parent: 1498, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound

gnome-session-binary New Fork (PID: 5732, Parent: 1498)

sh (PID: 5732, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping

gsd-housekeeping (PID: 5732, Parent: 1498, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping

gnome-session-binary New Fork (PID: 5733, Parent: 1498)

sh (PID: 5733, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power

gsd-power (PID: 5733, Parent: 1498, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power

systemd New Fork (PID: 5734, Parent: 1)

upowerd (PID: 5734, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

gnome-session-binary New Fork (PID: 5772, Parent: 1498)

sh (PID: 5772, Parent: 1498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color

gsd-color (PID: 5772, Parent: 1498, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color

systemd New Fork (PID: 5778, Parent: 1)

upowerd (PID: 5778, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

systemd New Fork (PID: 5818, Parent: 1)

upowerd (PID: 5818, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
na.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Suricata Signatures

ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-08T09:56:39.668238+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36304	93.123.39.116	51511	TCP
2024-10-08T09:56:45.177987+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36306	93.123.39.116	51511	TCP
2024-10-08T09:57:10.600135+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36308	93.123.39.116	51511	TCP
2024-10-08T09:57:40.126580+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36310	93.123.39.116	51511	TCP
2024-10-08T09:58:09.529122+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36312	93.123.39.116	51511	TCP
2024-10-08T09:58:33.927356+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36314	93.123.39.116	51511	TCP
2024-10-08T09:58:56.326387+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36316	93.123.39.116	51511	TCP
2024-10-08T09:59:20.728063+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36318	93.123.39.116	51511	TCP
2024-10-08T09:59:43.710136+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36320	93.123.39.116	51511	TCP
2024-10-08T10:00:12.208505+0200	2030490	1	Malware Command and Control Activity Detected	192.168.2.15	36322	93.123.39.116	51511	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf	Virustotal: Detection: 71%			Perma Link
Source: na.elf	ReversingLabs: Detection: 57%

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36306 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36304 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36308 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36316 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36312 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36322 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36310 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36320 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36314 -> 93.123.39.116:51511
Source: Network traffic	Suricata IDS: 2030490 - Severity 1 - ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) : 192.168.2.15:36318 -> 93.123.39.116:51511

Source: global traffic

TCP traffic: 192.168.2.15:36304 -> 93.123.39.116:51511

Source: /tmp/na.elf (PID: 5529)

Socket: 127.0.0.1:6628

Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: fdh32fsdfhs.shop
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: attack.c
Source: ELF static info symbol of initial sample	Name: attack_get_opt_int
Source: ELF static info symbol of initial sample	Name: attack_get_opt_ip
Source: ELF static info symbol of initial sample	Name: attack_gre_ip
Source: ELF static info symbol of initial sample	Name: attack_init
Source: ELF static info symbol of initial sample	Name: attack_parse
Source: ELF static info symbol of initial sample	Name: attack_start
Source: ELF static info symbol of initial sample	Name: attack_tcp_ack
Source: ELF static info symbol of initial sample	Name: attack_tcp_bypass
Source: ELF static info symbol of initial sample	Name: attack_tcp_syn

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 794, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1445, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1479, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1484, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1486, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1498, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1509, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1588, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1591, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1595, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1603, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1615, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1623, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1659, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1660, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1666, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1669, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1679, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1690, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1691, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1692, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1695, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1701, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1704, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1729, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1730, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1732, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1762, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1806, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1867, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3027, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3062, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3064, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3192, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3205, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3210, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3249, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3250, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3251, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3252, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3253, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3255, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3272, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3274, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3298, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3303, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3316, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3332, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3379, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3399, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3419, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3440, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3488, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3711, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5595, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5615, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5633, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5662, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5664, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5668, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5671, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5666, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5670, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5674, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5677, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5683, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5684, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5685, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5687, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5686, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5725, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5726, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5731, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5734, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5732, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5733, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5772, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5778, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5818, result: successful	Jump to behavior

Source: na.elf

ELF static info symbol of initial sample: __gnu_unwind_execute

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: //proc/self/exe/bin/busybox/proc/%d/etc/systmp.d/proc//exe%s/lib/systemd/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-server/usr/lib/openssh/sftp-server/sys/system/dvr/main/usr/mnt/mtd/org/userfs/home/process/net_process/var/tmp/sonia/usr/sbin/usr/bin/mnt/gm/bin/var/Sofia/usr/sbin/sshd/usr/sbin/ntpd/usr/sbin/cupsd/usr/lib/apt/methods/http/usr/sbin/crond/usr/sbin/rsyslogd/usr/sbin/inetd/usr/sbin/dnsmasq/usr/bin/DVRServer/usr/bin/DVRShell/usr/bin/DVRControl/usr/bin/DVRRemoteAgent/usr/bin/DVRNetService

Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 794, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1445, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1479, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1484, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1486, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1498, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1509, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1588, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1591, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1595, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1603, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1615, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1623, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1659, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1660, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1666, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1669, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1679, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1690, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1691, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1692, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1695, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1701, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1704, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1729, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1730, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1732, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1762, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1806, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 1867, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3027, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3062, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3064, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3192, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3205, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3210, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3249, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3250, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3251, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3252, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3253, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3255, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3272, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3274, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3298, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3303, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3316, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3332, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3368, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3379, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3394, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3399, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3419, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3440, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3456, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3461, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3465, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3469, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3475, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3488, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 3711, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5595, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5615, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5633, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5662, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5664, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5668, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5671, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5666, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5670, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5674, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5677, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5683, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5684, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5685, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5687, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5686, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5725, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5726, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5731, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5734, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5732, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5733, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5772, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5778, result: successful	Jump to behavior
Source: /tmp/na.elf (PID: 5531)	SIGKILL sent: pid: 5818, result: successful	Jump to behavior

Source: classification engine

Classification label: mal92.spre.troj.linELF@0/0@12/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /bin/fusermount (PID: 5663)

File: /proc/5663/mounts

Jump to behavior

Source: /tmp/na.elf (PID: 5529)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/na.elf (PID: 5533)	Queries kernel information via 'uname':			Jump to behavior

Source: na.elf, 5529.1.00007ffd2a84b000.00007ffd2a86c000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5529.1.000055c3a8ae0000.000055c3a8c32000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: na.elf, 5529.1.000055c3a8ae0000.000055c3a8c32000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: na.elf, 5529.1.00007ffd2a84b000.00007ffd2a86c000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: na.elf, type: SAMPLE

Remote Access Functionality

Detected Mirai

Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)
Source: Traffic	Suricata IDS: ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)

Yara detected Mirai

Source: Yara match

File source: na.elf, type: SAMPLE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	71%	Virustotal		Browse
na.elf	58%	ReversingLabs	Linux.Backdoor.Mirai
na.elf	100%	Avira	LINUX/Mirai.bonb

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
daisy.ubuntu.com	0%	Virustotal		Browse
fdh32fsdfhs.shop	15%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false	0%, Virustotal, Browse	unknown
fdh32fsdfhs.shop	93.123.39.116	true	true	15%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
93.123.39.116	fdh32fsdfhs.shop	Bulgaria		43561	NET1-ASBG	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
93.123.39.116	na.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	na.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	na.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
fdh32fsdfhs.shop	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	i586.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	i686.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	i686nk.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	mips.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	mipsel.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	mipselnk.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	mipsnk.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	x86_64.elf	Get hash	malicious	Mirai	Browse	185.196.9.5
	arm6.elf	Get hash	malicious	Mirai	Browse	185.196.9.5

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	arm7.elf	Get hash	malicious	Mirai	Browse	93.123.39.105
	x86.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	k4STQvJ6rV.vbs	Get hash	malicious	XWorm	Browse	93.123.39.76
	https://swissquotech.com/swissquote-2024.zip	Get hash	malicious	Phisher	Browse	87.121.45.6
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	93.123.85.166
	arm7.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	93.123.85.166
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse	93.123.85.166
	x86_64.nn.elf	Get hash	malicious	Okiru	Browse	93.123.85.166
	mips.nn.elf	Get hash	malicious	Okiru	Browse	93.123.85.166

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	5.94731023914569
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	135'037 bytes
MD5:	c5a7597174f34e5bfef4ca063a024e36
SHA1:	54ec58de428ef39d723d3db0469e57354bf56c3f
SHA256:	44e5a671bc74a505710ddec45ec0aae9f6709d70c1193fd83a6f4f452ed194db
SHA512:	d03316dbca1bc1f79d30ff1ee143bac4a7a650f4b4ea4e3f7658d3f05b3b2603210c47fce2239f5d1a87fa94c73e9f110d8dc1babb8b1270dd1cfb9526e518ea
SSDEEP:	3072:LO9sTZtmaqWH6AnE+96ntKOyXHK4K6xVRRtn:LosNtmaqWH6An79TdHK4K6xVhn
TLSH:	9CD33B46E7408B13C4D61775BAEB42053323AB5493EB73069928BFF43F86BAE0E27505
File Content Preview:	.ELF..............(.........4...........4. ...(........p0%..0...0...................................H&..H&..............H&..H&..H&......`4..............L&..L&..L&..................Q.td..................................-...L..................@-.,@...0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8194
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	102816
Section Header Size:	40
Number of Section Headers:	29
Header String Table Index:	26

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80f0	0xf0	0x109bc	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x18aac	0x10aac	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x18ac0	0x10ac0	0x1a58	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x1a518	0x12518	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x1a530	0x12530	0x118	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x22648	0x12648	0x4	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x2264c	0x1264c	0x8	0x0	0x403	WAT	0	0	4
.init_array	INIT_ARRAY	0x2264c	0x1264c	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x22650	0x12650	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x22654	0x12654	0x4	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x22658	0x12658	0xa8	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x22700	0x12700	0x250	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x22950	0x12950	0x3158	0x0	0x3	WA	0	0	8
.comment	PROGBITS	0x0	0x12950	0xbc2	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x13518	0x140	0x0	0x0		0	0	8
.debug_pubnames	PROGBITS	0x0	0x13658	0x213	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x1386b	0x2043	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x158ae	0x6e2	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x15f90	0xe76	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x16e08	0x2b8	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x170c0	0x8ca	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x1798a	0x118f	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x18b19	0x558	0x0	0x0		0	0	1
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x19071	0x16	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x19087	0x117	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x19628	0x50c0	0x10	0x0		28	739	4
.strtab	STRTAB	0x0	0x1e6e8	0x2895	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x12530	0x1a530	0x1a530	0x118	0x118	4.4496	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x12648	0x12648	6.1539	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x12648	0x22648	0x22648	0x308	0x3460	4.0896	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
TLS	0x1264c	0x2264c	0x2264c	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80f0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x18aac	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x18ac0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x1a518	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x1a530	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x22648	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x2264c	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x2264c	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x22650	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x22654	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x22658	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x22700	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x22950	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
$a	.symtab	0x80d4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x18aac	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80e0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x18ab8	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8134	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8194	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x82cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x84e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8554	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x85c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8770	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8da0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x905c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9758	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9eb8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa20c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa25c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa300	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa34c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa3a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa3c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa6e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa774	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa78c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa8e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa968	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb180	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb238	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb294	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb2fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb3d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb400	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb908	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb92c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb9cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xba6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc354	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc37c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc3c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc3e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc40c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc548	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc5dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc6f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc704	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc79c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc890	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc8a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc984	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc9bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc9fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xca40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xca84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcac4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcb30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcb74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcbf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcc38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xccc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcd28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcd58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcd94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcdd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xcf4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd05c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd12c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd1f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd2a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd388	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd430	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd484	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd7b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd7d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd804	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd8d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdd34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xddb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdf18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdf48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe714	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe7b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe7f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe9a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe9fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xef6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf21c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf5c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf600	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf780	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf7a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf800	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf828	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf8f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf9f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfa08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfbb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfbdc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfcd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfdd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfea0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xffe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10024	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10094	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x100e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10168	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x101b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x101f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10244	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10258	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1031c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10388	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10d38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10e78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11238	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x116d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11718	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11840	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11858	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x118fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x119b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11a74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ba8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11c80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11d78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11e84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11ea0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12078	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1213c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12288	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12cc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12da8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12e98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1302c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13034	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13064	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1314c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13184	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x131e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13298	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13434	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13488	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x134e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x138cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13924	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x139cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13c90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ca4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ccc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13d04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13d44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13d58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13d98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ddc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13e1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13e5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ed0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13fbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14360	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x143b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x143d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14494	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14570	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x146b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1478c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14800	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1482c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14988	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1517c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x152c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15508	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15a40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15fe8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16060	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1631c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16328	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16360	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1650c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16530	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16748	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16810	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16840	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x168e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16960	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x169d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16b14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1750c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17560	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17600	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17604	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17630	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1763c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17648	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17868	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x179b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x179d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17a34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17aa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17b58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17b78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17cbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18204	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1820c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18214	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1821c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x182d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1831c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18a30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18a78	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8128	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22650	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x8180	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2264c	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x81c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x82c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8754	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8d9c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9754	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9eb4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa348	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa398	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa3c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa6c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa76c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18d24	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xa784	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa8d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa960	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb130	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22700	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x22704	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x22708	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2270c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x22754	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xb234	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb284	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb2ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb3c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb928	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb9c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xba64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc270	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22758	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x26	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0xc794	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc974	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc9b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc9f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xca3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xca80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcac0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcb28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcb70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcbf0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcc34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xccc0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcd24	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcd90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xcdd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd040	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd124	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd1e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd298	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x194bc	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xd374	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd41c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd44c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd480	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd7a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd8cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdd00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdda4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdefc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22760	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2275c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xe6f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1952c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xe9a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe9f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xef3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22844	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x19534	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xf200	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf5b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf8ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfb04	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x195b8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xfbb0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfcd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfdcc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe98	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff54	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xffd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1001c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1008c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x100d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10160	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x101a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x101ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10240	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10310	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10d14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22848	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x10e5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11218	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x116bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11710	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1182c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22860	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x118e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11998	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11a58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11afc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22878	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x22910	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x11ba4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11c74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11d68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11e58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a124	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x12068	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1211c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22924	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x12264	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x128f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12ca0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12e8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12fb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12fd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13060	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x130f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13180	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1336c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13420	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13480	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x134d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2293c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x13918	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13998	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x139c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13acc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b98	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13c38	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13cc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13d00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13d40	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13d94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13dd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13e18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13e58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13eb4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13fa8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14358	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14490	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1456c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1515c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a4d0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x15500	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15b28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15c2c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15d1c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15e08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fe0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16048	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x160b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x162f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16354	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16504	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x166ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1680c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x168e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x169cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x4c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x53	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x1784c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x181f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x58	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x23c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0xe39	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x22948	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1a1b6	0	NOTYPE	<unknown>	DEFAULT	4
C.11.5548	.symtab	0x1a194	12	OBJECT	<unknown>	DEFAULT	4
C.2.4963	.symtab	0x18d24	132	OBJECT	<unknown>	DEFAULT	4
C.5.5083	.symtab	0x194bc	24	OBJECT	<unknown>	DEFAULT	4
C.7.5370	.symtab	0x1a1a0	12	OBJECT	<unknown>	DEFAULT	4
C.7.6078	.symtab	0x194d4	12	OBJECT	<unknown>	DEFAULT	4
C.7.6109	.symtab	0x19504	12	OBJECT	<unknown>	DEFAULT	4
C.7.6182	.symtab	0x194e0	12	OBJECT	<unknown>	DEFAULT	4
C.8.6110	.symtab	0x194f8	12	OBJECT	<unknown>	DEFAULT	4
C.9.6119	.symtab	0x194ec	12	OBJECT	<unknown>	DEFAULT	4
LOCAL_ADDR	.symtab	0x254b8	4	OBJECT	<unknown>	DEFAULT	14
Laligned	.symtab	0xf7c8	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0xf7e4	0	NOTYPE	<unknown>	DEFAULT	2
_Exit	.symtab	0x13ad0	104	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x22658	0	OBJECT	<unknown>	HIDDEN	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_Unwind_Complete	.symtab	0x17600	4	FUNC	<unknown>	HIDDEN	2
_Unwind_DeleteException	.symtab	0x17604	44	FUNC	<unknown>	HIDDEN	2
_Unwind_ForcedUnwind	.symtab	0x182b4	36	FUNC	<unknown>	HIDDEN	2
_Unwind_GetCFA	.symtab	0x175f8	8	FUNC	<unknown>	HIDDEN	2
_Unwind_GetDataRelBase	.symtab	0x1763c	12	FUNC	<unknown>	HIDDEN	2
_Unwind_GetLanguageSpecificData	.symtab	0x182d8	68	FUNC	<unknown>	HIDDEN	2
_Unwind_GetRegionStart	.symtab	0x18a78	52	FUNC	<unknown>	HIDDEN	2
_Unwind_GetTextRelBase	.symtab	0x17630	12	FUNC	<unknown>	HIDDEN	2
_Unwind_RaiseException	.symtab	0x18248	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume	.symtab	0x1826c	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume_or_Rethrow	.symtab	0x18290	36	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Get	.symtab	0x17560	76	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Pop	.symtab	0x17b78	324	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Set	.symtab	0x175ac	76	FUNC	<unknown>	HIDDEN	2
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x22948	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x1a1b6	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x22648	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x22648	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x22948	4	OBJECT	<unknown>	HIDDEN	13
__GI___close	.symtab	0x12ff0	100	FUNC	<unknown>	HIDDEN	2
__GI___close_nocancel	.symtab	0x12fd4	24	FUNC	<unknown>	HIDDEN	2
__GI___ctype_b	.symtab	0x2294c	4	OBJECT	<unknown>	HIDDEN	13
__GI___errno_location	.symtab	0xd430	32	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0xc704	152	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0xf9f0	24	FUNC	<unknown>	HIDDEN	2
__GI___libc_close	.symtab	0x12ff0	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0xc79c	244	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x13080	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_read	.symtab	0x131a0	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_write	.symtab	0x13110	100	FUNC	<unknown>	HIDDEN	2
__GI___open	.symtab	0x13080	100	FUNC	<unknown>	HIDDEN	2
__GI___open_nocancel	.symtab	0x13064	24	FUNC	<unknown>	HIDDEN	2
__GI___read	.symtab	0x131a0	100	FUNC	<unknown>	HIDDEN	2
__GI___read_nocancel	.symtab	0x13184	24	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x10340	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x10364	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x1031c	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x133b8	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x13488	88	FUNC	<unknown>	HIDDEN	2
__GI___write	.symtab	0x13110	100	FUNC	<unknown>	HIDDEN	2
__GI___write_nocancel	.symtab	0x130f4	24	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0xfa08	268	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x13ad0	104	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x11718	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0xfc20	116	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x11e64	32	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0xfc94	68	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x138cc	88	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x12ff0	100	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0xcf4c	272	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x142e4	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x14318	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x13fbc	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0xfd1c	116	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x12078	196	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0xd484	816	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0xc79c	244	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0xf21c	940	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x1517c	324	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x152c0	284	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x15508	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0xd7b4	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x128fc	972	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0xf5c8	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x1650c	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x16530	448	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x13b38	100	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0xf600	188	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x13c3c	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x13c68	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x13c7c	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x13c90	20	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x13ca4	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x12d60	72	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x13ccc	56	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0xfd90	68	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x13d04	64	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x13d44	20	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0xfbb4	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x15ef0	248	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x11c80	248	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0xc8a4	224	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0xfb14	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0xc984	56	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0xfe1c	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x13d58	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x16960	112	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x15a40	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0xf6c0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0xf6d0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x15b30	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x15b54	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0xf6e0	156	FUNC	<unknown>	HIDDEN	2
__GI_mkdir	.symtab	0xc9bc	64	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x13924	124	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x13d98	68	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x13ddc	64	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x13e5c	96	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x13080	100	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0xd12c	196	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x12da8	240	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x11858	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x11b18	144	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x131a0	100	FUNC	<unknown>	HIDDEN	2
__GI_readdir	.symtab	0xd2a0	232	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x13ed0	236	FUNC	<unknown>	HIDDEN	2
__GI_readlink	.symtab	0xca84	64	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0xfea0	112	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0xff58	136	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0xcac4	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0xcb74	132	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x10024	112	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x100e0	136	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0xcbf8	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x10168	72	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x11d78	236	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x139cc	136	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x101f4	80	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x10244	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x10258	196	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0xcc38	140	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x12e98	300	FUNC	<unknown>	HIDDEN	2
__GI_snprintf	.symtab	0xd7d4	48	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x101b0	68	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x11ba8	216	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0xccc4	100	FUNC	<unknown>	HIDDEN	2
__GI_strcat	.symtab	0xf800	40	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x15c34	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x15d24	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0xf780	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0xf780	28	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x15e10	68	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0xf7a0	96	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0xf828	204	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x15e54	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x15ea4	76	FUNC	<unknown>	HIDDEN	2
__GI_strstr	.symtab	0xf8f4	252	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x11e84	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x12288	1572	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0xfb38	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0xcd28	48	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x13ebc	20	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0xcd94	64	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0xd804	208	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x14360	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x143d8	188	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x143b4	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x13110	100	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x22654	0	OBJECT	<unknown>	DEFAULT	11
__JCR_LIST__	.symtab	0x22654	0	OBJECT	<unknown>	DEFAULT	11
___Unwind_ForcedUnwind	.symtab	0x182b4	36	FUNC	<unknown>	HIDDEN	2
___Unwind_RaiseException	.symtab	0x18248	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume	.symtab	0x1826c	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume_or_Rethrow	.symtab	0x18290	36	FUNC	<unknown>	HIDDEN	2
__adddf3	.symtab	0x16b20	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x1747c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x1747c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x17460	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x1750c	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x16b20	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x17494	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x174dc	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x174f4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x174c4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x174ac	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x171c0	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x16f30	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x16b14	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x16b1c	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x16e7c	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x16e54	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x169d0	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x16afc	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x16ed0	96	FUNC	<unknown>	HIDDEN	2
__aeabi_read_tp	.symtab	0x13a80	8	FUNC	<unknown>	DEFAULT	2
__aeabi_ui2d	.symtab	0x16e30	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0xc5dc	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0xc6d8	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x16ebc	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x18214	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr1	.symtab	0x1820c	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr2	.symtab	0x18204	8	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x24f70	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x22924	24	OBJECT	<unknown>	DEFAULT	13
__bss_end__	.symtab	0x25aa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x22950	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x22950	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x13434	84	FUNC	<unknown>	DEFAULT	2
__close	.symtab	0x12ff0	100	FUNC	<unknown>	DEFAULT	2
__close_nocancel	.symtab	0x12fd4	24	FUNC	<unknown>	DEFAULT	2
__cmpdf2	.symtab	0x173dc	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x2294c	4	OBJECT	<unknown>	DEFAULT	13
__curbrk	.symtab	0x24f78	4	OBJECT	<unknown>	HIDDEN	14
__cxa_begin_cleanup	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_call_unexpected	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_type_match	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__data_start	.symtab	0x22700	0	NOTYPE	<unknown>	DEFAULT	13
__default_rt_sa_restorer	.symtab	0x13a6c	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x13a60	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0xc6f0	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x171c0	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x169d0	300	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x80f0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x22650	0	OBJECT	<unknown>	DEFAULT	10
__end__	.symtab	0x25aa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x24f68	4	OBJECT	<unknown>	DEFAULT	14
__eqdf2	.symtab	0x173dc	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0xd430	32	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exidx_end	.symtab	0x1a648	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x1a530	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x24a18	4	OBJECT	<unknown>	HIDDEN	14
__extendsfdf2	.symtab	0x16e7c	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0xc704	152	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x22654	0	NOTYPE	<unknown>	HIDDEN	10
__fini_array_start	.symtab	0x22650	0	NOTYPE	<unknown>	HIDDEN	10
__fixunsdfsi	.symtab	0x1750c	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x16ed0	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x16e54	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x16ebc	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x16e30	36	FUNC	<unknown>	HIDDEN	2
__fork	.symtab	0x128fc	972	FUNC	<unknown>	DEFAULT	2
__fork_generation_pointer	.symtab	0x25a74	4	OBJECT	<unknown>	HIDDEN	14
__fork_handlers	.symtab	0x25a78	4	OBJECT	<unknown>	HIDDEN	14
__fork_lock	.symtab	0x24a1c	4	OBJECT	<unknown>	HIDDEN	14
__frame_dummy_init_array_entry	.symtab	0x2264c	0	OBJECT	<unknown>	DEFAULT	9
__gedf2	.symtab	0x173cc	148	FUNC	<unknown>	HIDDEN	2
__getdents	.symtab	0x13b9c	160	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x163c4	328	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x13ca4	40	FUNC	<unknown>	DEFAULT	2
__getpid	.symtab	0x12d60	72	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0xf9f0	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gnu_Unwind_Find_exidx	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__gnu_Unwind_ForcedUnwind	.symtab	0x179b8	28	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_RaiseException	.symtab	0x17aa0	184	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Restore_VFP	.symtab	0x18238	0	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume	.symtab	0x17a34	108	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume_or_Rethrow	.symtab	0x17b58	32	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Save_VFP	.symtab	0x18240	0	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_execute	.symtab	0x1831c	1812	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_frame	.symtab	0x18a30	72	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_pr_common	.symtab	0x17cbc	1352	FUNC	<unknown>	DEFAULT	2
__gtdf2	.symtab	0x173cc	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x22650	0	NOTYPE	<unknown>	HIDDEN	9
__init_array_start	.symtab	0x2264c	0	NOTYPE	<unknown>	HIDDEN	9
__ledf2	.symtab	0x173d4	140	FUNC	<unknown>	HIDDEN	2
__libc_accept	.symtab	0xfc20	116	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x12ff0	100	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0xfd1c	116	FUNC	<unknown>	DEFAULT	2
__libc_disable_asynccancel	.symtab	0x13210	136	FUNC	<unknown>	HIDDEN	2
__libc_enable_asynccancel	.symtab	0x13298	220	FUNC	<unknown>	HIDDEN	2
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	8
__libc_fcntl	.symtab	0xc79c	244	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x128fc	972	FUNC	<unknown>	DEFAULT	2
__libc_h_errno	.symtab	0x4	4	TLS	<unknown>	HIDDEN	8
__libc_multiple_threads	.symtab	0x25a7c	4	OBJECT	<unknown>	HIDDEN	14
__libc_nanosleep	.symtab	0x13e5c	96	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x13080	100	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x131a0	100	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0xfea0	112	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0xff58	136	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0xcb74	132	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x10024	112	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x100e0	136	FUNC	<unknown>	DEFAULT	2
__libc_setup_tls	.symtab	0x160ec	560	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x139cc	136	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x24f64	4	OBJECT	<unknown>	DEFAULT	14
__libc_write	.symtab	0x13110	100	FUNC	<unknown>	DEFAULT	2
__lll_lock_wait_private	.symtab	0x12cc8	152	FUNC	<unknown>	HIDDEN	2
__ltdf2	.symtab	0x173d4	140	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x112e8	436	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x10388	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x22848	24	OBJECT	<unknown>	DEFAULT	13
__malloc_state	.symtab	0x256fc	888	OBJECT	<unknown>	DEFAULT	14
__malloc_trim	.symtab	0x11238	176	FUNC	<unknown>	DEFAULT	2
__muldf3	.symtab	0x16f30	656	FUNC	<unknown>	HIDDEN	2
__nedf2	.symtab	0x173dc	132	FUNC	<unknown>	HIDDEN	2
__nptl_deallocate_tsd	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__nptl_nthreads	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__open	.symtab	0x13080	100	FUNC	<unknown>	DEFAULT	2
__open_nocancel	.symtab	0x13064	24	FUNC	<unknown>	DEFAULT	2
__pagesize	.symtab	0x24f6c	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x2264c	0	NOTYPE	<unknown>	HIDDEN	8
__preinit_array_start	.symtab	0x2264c	0	NOTYPE	<unknown>	HIDDEN	8
__progname	.symtab	0x22940	4	OBJECT	<unknown>	DEFAULT	13
__progname_full	.symtab	0x22944	4	OBJECT	<unknown>	DEFAULT	13
__pthread_initialize_minimal	.symtab	0x1631c	12	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_init	.symtab	0x1337c	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x13374	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x13374	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x13374	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x13374	8	FUNC	<unknown>	DEFAULT	2
__pthread_unwind	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__read	.symtab	0x131a0	100	FUNC	<unknown>	DEFAULT	2
__read_nocancel	.symtab	0x13184	24	FUNC	<unknown>	DEFAULT	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore_core_regs	.symtab	0x1821c	28	FUNC	<unknown>	HIDDEN	2
__rtld_fini	.symtab	0x24f74	4	OBJECT	<unknown>	HIDDEN	14
__sigaddset	.symtab	0x10340	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x10364	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x1031c	36	FUNC	<unknown>	DEFAULT	2
__sigjmp_save	.symtab	0x16920	64	FUNC	<unknown>	HIDDEN	2
__sigsetjmp	.symtab	0x163b8	12	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x2276c	4	OBJECT	<unknown>	DEFAULT	13
__stdio_READ	.symtab	0x166f0	88	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x14494	220	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x16748	200	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x14570	320	FUNC	<unknown>	HIDDEN	2
__stdio_rfill	.symtab	0x16810	48	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x168e4	60	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x16840	164	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x146b0	220	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0xdf18	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x22770	4	OBJECT	<unknown>	DEFAULT	13
__subdf3	.symtab	0x16b1c	788	FUNC	<unknown>	HIDDEN	2
__sys_accept	.symtab	0xfbdc	68	FUNC	<unknown>	DEFAULT	2
__sys_connect	.symtab	0xfcd8	68	FUNC	<unknown>	DEFAULT	2
__sys_recv	.symtab	0xfe5c	68	FUNC	<unknown>	DEFAULT	2
__sys_recvfrom	.symtab	0xff10	72	FUNC	<unknown>	DEFAULT	2
__sys_send	.symtab	0xffe0	68	FUNC	<unknown>	DEFAULT	2
__sys_sendto	.symtab	0x10094	76	FUNC	<unknown>	DEFAULT	2
__syscall_error	.symtab	0x139a0	44	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_nanosleep	.symtab	0x13e1c	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction	.symtab	0x13a90	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0xcb30	68	FUNC	<unknown>	DEFAULT	2
__tls_get_addr	.symtab	0x160c8	36	FUNC	<unknown>	DEFAULT	2
__uClibc_fini	.symtab	0x133b8	124	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x13488	88	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x134e0	1004	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x2293c	4	OBJECT	<unknown>	HIDDEN	13
__udivsi3	.symtab	0xc5dc	252	FUNC	<unknown>	HIDDEN	2
__write	.symtab	0x13110	100	FUNC	<unknown>	DEFAULT	2
__write_nocancel	.symtab	0x130f4	24	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r	.symtab	0xfa08	268	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0xcea0	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0xcdd4	204	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x24a08	10	OBJECT	<unknown>	DEFAULT	14
_bss_end__	.symtab	0x25aa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0xdf48	84	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x256a4	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_handler	.symtab	0x256cc	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_spec	.symtab	0x22844	4	OBJECT	<unknown>	HIDDEN	13
_dl_aux_init	.symtab	0x16328	56	FUNC	<unknown>	DEFAULT	2
_dl_nothread_init_static_tls	.symtab	0x16360	88	FUNC	<unknown>	HIDDEN	2
_dl_phdr	.symtab	0x25aa0	4	OBJECT	<unknown>	DEFAULT	14
_dl_phnum	.symtab	0x25aa4	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_gaps	.symtab	0x25a94	1	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_slotinfo_list	.symtab	0x25a90	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_generation	.symtab	0x25a98	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_max_dtv_idx	.symtab	0x25a88	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_setup	.symtab	0x16060	104	FUNC	<unknown>	DEFAULT	2
_dl_tls_static_align	.symtab	0x25a84	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_nelem	.symtab	0x25a9c	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_size	.symtab	0x25a8c	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_used	.symtab	0x25a80	4	OBJECT	<unknown>	DEFAULT	14
_edata	.symtab	0x22950	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x25aa8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_exit	.symtab	0x13ad0	104	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x18aac	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x22a08	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0xdf9c	132	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x14988	2036	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_init	.symtab	0x80d4	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x1478c	116	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x155b0	0	FUNC	<unknown>	HIDDEN	2
_ppfs_init	.symtab	0xe714	160	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0xe9fc	1392	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0xe7b4	68	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0xe7f8	432	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0xe9a8	84	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x1338c	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x13384	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_setjmp	.symtab	0x13a54	8	FUNC	<unknown>	DEFAULT	2
_sigintr	.symtab	0x256f4	8	OBJECT	<unknown>	HIDDEN	14
_start	.symtab	0x8194	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0xd8d4	1120	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0xdd34	128	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x22774	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_add_lock	.symtab	0x229e8	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_dec_use	.symtab	0xef6c	688	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x22a04	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x229f4	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_use_count	.symtab	0x22a00	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x22778	204	OBJECT	<unknown>	DEFAULT	13
_stdio_term	.symtab	0xddb4	356	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x2275c	4	OBJECT	<unknown>	DEFAULT	13
_stdlib_strto_l	.symtab	0x11ea0	472	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x14800	44	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x195c8	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x1482c	348	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0xe020	1780	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x11718	296	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
accept	.symtab	0xfc20	116	FUNC	<unknown>	DEFAULT	2
accept.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
anti_gdb_entry	.symtab	0xa774	24	FUNC	<unknown>	DEFAULT	2
atoi	.symtab	0x11e64	32	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x11e64	32	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_get_opt_int	.symtab	0x8554	112	FUNC	<unknown>	DEFAULT	2
attack_get_opt_ip	.symtab	0x84e8	108	FUNC	<unknown>	DEFAULT	2
attack_gre_ip	.symtab	0x8770	1584	FUNC	<unknown>	DEFAULT	2
attack_init	.symtab	0x85c4	428	FUNC	<unknown>	DEFAULT	2
attack_parse	.symtab	0x82cc	540	FUNC	<unknown>	DEFAULT	2
attack_start	.symtab	0x81d0	252	FUNC	<unknown>	DEFAULT	2
attack_tcp_ack	.symtab	0x905c	1788	FUNC	<unknown>	DEFAULT	2
attack_tcp_bypass	.symtab	0x9eb8	852	FUNC	<unknown>	DEFAULT	2
attack_tcp_syn	.symtab	0x9758	1888	FUNC	<unknown>	DEFAULT	2
attack_udp_plain	.symtab	0x8da0	700	FUNC	<unknown>	DEFAULT	2
attacks.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
been_there_done_that	.symtab	0x24a14	4	OBJECT	<unknown>	DEFAULT	14
bind	.symtab	0xfc94	68	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
brk	.symtab	0x138cc	88	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x10258	196	FUNC	<unknown>	DEFAULT	2
calloc	.symtab	0x10d38	320	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checkDevice	.symtab	0xa6e4	144	FUNC	<unknown>	DEFAULT	2
check_real_path	.symtab	0xa3c8	272	FUNC	<unknown>	DEFAULT	2
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0xa20c	80	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0xa25c	164	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0xd450	52	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x12ff0	100	FUNC	<unknown>	DEFAULT	2
closedir	.symtab	0xcf4c	272	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.5105	.symtab	0x22950	1	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0xfd1c	116	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
dl-support.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ensure_single_instance	.symtab	0xa78c	344	FUNC	<unknown>	DEFAULT	2
entries	.symtab	0x254bc	4	OBJECT	<unknown>	DEFAULT	14
environ	.symtab	0x24f68	4	OBJECT	<unknown>	DEFAULT	14
errno	.symtab	0x0	4	TLS	<unknown>	DEFAULT	8
errno.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exit	.symtab	0x12078	196	FUNC	<unknown>	DEFAULT	2
exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
exp10_table	.symtab	0x1a4d0	72	OBJECT	<unknown>	DEFAULT	4
fclose	.symtab	0xd484	816	FUNC	<unknown>	DEFAULT	2
fclose.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fcntl	.symtab	0xc79c	244	FUNC	<unknown>	DEFAULT	2
fd_ctrl	.symtab	0x22700	4	OBJECT	<unknown>	DEFAULT	13
fd_serv	.symtab	0x22704	4	OBJECT	<unknown>	DEFAULT	13
fd_to_DIR	.symtab	0xd05c	208	FUNC	<unknown>	DEFAULT	2
fdopendir	.symtab	0xd1f0	176	FUNC	<unknown>	DEFAULT	2
fflush_unlocked	.symtab	0xf21c	940	FUNC	<unknown>	DEFAULT	2
fflush_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc	.symtab	0x1517c	324	FUNC	<unknown>	DEFAULT	2
fgetc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgetc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	DEFAULT	2
fgetc_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets	.symtab	0x152c0	284	FUNC	<unknown>	DEFAULT	2
fgets.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fgets_unlocked	.symtab	0x15508	160	FUNC	<unknown>	DEFAULT	2
fgets_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fmt	.symtab	0x1a4b8	20	OBJECT	<unknown>	DEFAULT	4
fopen	.symtab	0xd7b4	32	FUNC	<unknown>	DEFAULT	2
fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork	.symtab	0x128fc	972	FUNC	<unknown>	DEFAULT	2
fork.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fork_handler_pool	.symtab	0x24a20	1348	OBJECT	<unknown>	DEFAULT	14
fputs_unlocked	.symtab	0xf5c8	56	FUNC	<unknown>	DEFAULT	2
fputs_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
frame_dummy	.symtab	0x8134	0	FUNC	<unknown>	DEFAULT	2
free	.symtab	0x1149c	572	FUNC	<unknown>	DEFAULT	2
free.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseek	.symtab	0x1650c	36	FUNC	<unknown>	DEFAULT	2
fseeko	.symtab	0x1650c	36	FUNC	<unknown>	DEFAULT	2
fseeko.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fseeko64	.symtab	0x16530	448	FUNC	<unknown>	DEFAULT	2
fseeko64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fstat	.symtab	0x13b38	100	FUNC	<unknown>	DEFAULT	2
fstat.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
fwrite_unlocked	.symtab	0xf600	188	FUNC	<unknown>	DEFAULT	2
fwrite_unlocked.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
get_eit_entry	.symtab	0x17648	544	FUNC	<unknown>	DEFAULT	2
getc	.symtab	0x1517c	324	FUNC	<unknown>	DEFAULT	2
getc_unlocked	.symtab	0x153dc	300	FUNC	<unknown>	DEFAULT	2
getdents.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
getdents64.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-08T09:56:39.668238+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36304	93.123.39.116	51511	TCP
2024-10-08T09:56:45.177987+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36306	93.123.39.116	51511	TCP
2024-10-08T09:57:10.600135+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36308	93.123.39.116	51511	TCP
2024-10-08T09:57:40.126580+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36310	93.123.39.116	51511	TCP
2024-10-08T09:58:09.529122+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36312	93.123.39.116	51511	TCP
2024-10-08T09:58:33.927356+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36314	93.123.39.116	51511	TCP
2024-10-08T09:58:56.326387+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36316	93.123.39.116	51511	TCP
2024-10-08T09:59:20.728063+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36318	93.123.39.116	51511	TCP
2024-10-08T09:59:43.710136+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36320	93.123.39.116	51511	TCP
2024-10-08T10:00:12.208505+0200	2030490	ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1)	1	192.168.2.15	36322	93.123.39.116	51511	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 09:56:39.621680021 CEST	36304	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:39.629349947 CEST	51511	36304	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:39.629399061 CEST	36304	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:39.668237925 CEST	36304	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:39.673238993 CEST	51511	36304	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:40.151957035 CEST	51511	36304	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:40.152280092 CEST	36304	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:40.157124996 CEST	51511	36304	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:45.172123909 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:45.177115917 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:45.177175999 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:45.177987099 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:45.182944059 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:55.187833071 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:55.399100065 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:55.611011028 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:56:55.938810110 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:55.938877106 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:56:55.938904047 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:06.568418980 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:06.568763018 CEST	36306	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:06.575193882 CEST	51511	36306	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:10.594016075 CEST	36308	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:10.599263906 CEST	51511	36308	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:10.599313974 CEST	36308	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:10.600135088 CEST	36308	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:10.605098963 CEST	51511	36308	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:32.108468056 CEST	51511	36308	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:32.108839989 CEST	36308	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:32.121820927 CEST	51511	36308	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:40.120825052 CEST	36310	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:40.125732899 CEST	51511	36310	93.123.39.116	192.168.2.15
Oct 8, 2024 09:57:40.125799894 CEST	36310	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:40.126580000 CEST	36310	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:57:40.131633043 CEST	51511	36310	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:01.501801014 CEST	51511	36310	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:01.502063990 CEST	36310	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:01.507265091 CEST	51511	36310	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:09.522053003 CEST	36312	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:09.528405905 CEST	51511	36312	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:09.528470039 CEST	36312	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:09.529122114 CEST	36312	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:09.533909082 CEST	51511	36312	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:19.539045095 CEST	36312	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:19.546603918 CEST	51511	36312	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:30.910898924 CEST	51511	36312	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:30.911216021 CEST	36312	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:30.916352034 CEST	51511	36312	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:33.921159029 CEST	36314	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:33.926261902 CEST	51511	36314	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:33.926336050 CEST	36314	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:33.927356005 CEST	36314	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:33.932276964 CEST	51511	36314	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:55.308953047 CEST	51511	36314	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:55.309288025 CEST	36314	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:55.318432093 CEST	51511	36314	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:56.320328951 CEST	36316	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:56.325308084 CEST	51511	36316	93.123.39.116	192.168.2.15
Oct 8, 2024 09:58:56.325385094 CEST	36316	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:56.326386929 CEST	36316	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:58:56.331180096 CEST	51511	36316	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:17.708312988 CEST	51511	36316	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:17.708412886 CEST	36316	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:17.713733912 CEST	51511	36316	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:20.721522093 CEST	36318	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:20.726769924 CEST	51511	36318	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:20.726850986 CEST	36318	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:20.728063107 CEST	36318	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:20.733768940 CEST	51511	36318	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:30.728409052 CEST	36318	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:30.738451958 CEST	51511	36318	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:42.099209070 CEST	51511	36318	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:42.099314928 CEST	36318	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:42.104253054 CEST	51511	36318	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:43.703692913 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:43.708657980 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 09:59:43.708745956 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:43.710135937 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 09:59:43.715079069 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:05.192691088 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:05.192945957 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:05.401741028 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:05.411813021 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:05.411981106 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:05.412313938 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:05.412365913 CEST	51511	36320	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:05.412446022 CEST	36320	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:12.202256918 CEST	36322	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:12.207257032 CEST	51511	36322	93.123.39.116	192.168.2.15
Oct 8, 2024 10:00:12.207345009 CEST	36322	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:12.208504915 CEST	36322	51511	192.168.2.15	93.123.39.116
Oct 8, 2024 10:00:12.213454962 CEST	51511	36322	93.123.39.116	192.168.2.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 09:56:39.272313118 CEST	46113	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:56:39.613174915 CEST	53	46113	8.8.8.8	192.168.2.15
Oct 8, 2024 09:56:45.164313078 CEST	55853	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:56:45.171669960 CEST	53	55853	8.8.8.8	192.168.2.15
Oct 8, 2024 09:57:10.570164919 CEST	47233	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:57:10.593342066 CEST	53	47233	8.8.8.8	192.168.2.15
Oct 8, 2024 09:57:40.112442017 CEST	43850	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:57:40.120253086 CEST	53	43850	8.8.8.8	192.168.2.15
Oct 8, 2024 09:58:09.503690004 CEST	52117	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:58:09.521644115 CEST	53	52117	8.8.8.8	192.168.2.15
Oct 8, 2024 09:58:33.913326979 CEST	45621	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:58:33.920480967 CEST	53	45621	8.8.8.8	192.168.2.15
Oct 8, 2024 09:58:56.311492920 CEST	45303	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:58:56.319708109 CEST	53	45303	8.8.8.8	192.168.2.15
Oct 8, 2024 09:59:20.712306023 CEST	57087	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:59:20.720366001 CEST	53	57087	8.8.8.8	192.168.2.15
Oct 8, 2024 09:59:24.255934000 CEST	44490	53	192.168.2.15	1.1.1.1
Oct 8, 2024 09:59:24.256001949 CEST	47517	53	192.168.2.15	1.1.1.1
Oct 8, 2024 09:59:24.262800932 CEST	53	47517	1.1.1.1	192.168.2.15
Oct 8, 2024 09:59:24.263545036 CEST	53	44490	1.1.1.1	192.168.2.15
Oct 8, 2024 09:59:43.101428032 CEST	49798	53	192.168.2.15	8.8.8.8
Oct 8, 2024 09:59:43.702599049 CEST	53	49798	8.8.8.8	192.168.2.15
Oct 8, 2024 10:00:12.194647074 CEST	58090	53	192.168.2.15	8.8.8.8
Oct 8, 2024 10:00:12.201728106 CEST	53	58090	8.8.8.8	192.168.2.15

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 09:56:39.272313118 CEST	192.168.2.15	8.8.8.8	0x7049	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:56:45.164313078 CEST	192.168.2.15	8.8.8.8	0xe841	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:57:10.570164919 CEST	192.168.2.15	8.8.8.8	0x521f	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:57:40.112442017 CEST	192.168.2.15	8.8.8.8	0xe611	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:09.503690004 CEST	192.168.2.15	8.8.8.8	0x5b20	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:33.913326979 CEST	192.168.2.15	8.8.8.8	0x2a52	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:56.311492920 CEST	192.168.2.15	8.8.8.8	0xd7bd	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:20.712306023 CEST	192.168.2.15	8.8.8.8	0xa00f	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:24.255934000 CEST	192.168.2.15	1.1.1.1	0xb1eb	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:24.256001949 CEST	192.168.2.15	1.1.1.1	0xe680	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false
Oct 8, 2024 09:59:43.101428032 CEST	192.168.2.15	8.8.8.8	0x1ba4	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:00:12.194647074 CEST	192.168.2.15	8.8.8.8	0xbbeb	Standard query (0)	fdh32fsdfhs.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 09:56:39.613174915 CEST	8.8.8.8	192.168.2.15	0x7049	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:56:45.171669960 CEST	8.8.8.8	192.168.2.15	0xe841	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:57:10.593342066 CEST	8.8.8.8	192.168.2.15	0x521f	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:57:40.120253086 CEST	8.8.8.8	192.168.2.15	0xe611	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:09.521644115 CEST	8.8.8.8	192.168.2.15	0x5b20	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:33.920480967 CEST	8.8.8.8	192.168.2.15	0x2a52	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:58:56.319708109 CEST	8.8.8.8	192.168.2.15	0xd7bd	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:20.720366001 CEST	8.8.8.8	192.168.2.15	0xa00f	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:24.263545036 CEST	1.1.1.1	192.168.2.15	0xb1eb	No error (0)	daisy.ubuntu.com	162.213.35.24	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:24.263545036 CEST	1.1.1.1	192.168.2.15	0xb1eb	No error (0)	daisy.ubuntu.com	162.213.35.25	A (IP address)	IN (0x0001)	false
Oct 8, 2024 09:59:43.702599049 CEST	8.8.8.8	192.168.2.15	0x1ba4	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:00:12.201728106 CEST	8.8.8.8	192.168.2.15	0xbbeb	No error (0)	fdh32fsdfhs.shop	93.123.39.116	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 5529, Parent PID: 5453

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: na.elf PID: 5531, Parent PID: 5529

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: na.elf PID: 5533, Parent PID: 5529

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: udisksd PID: 5539, Parent PID: 803

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5539, Parent PID: 803

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: gnome-session-binary PID: 5595, Parent PID: 1498

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5595, Parent PID: 1498

General

Start time (UTC):	07:56:38
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sharing PID: 5595, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-sharing
Arguments:	/usr/libexec/gsd-sharing
File size:	35424 bytes
MD5 hash:	e29d9025d98590fbb69f89fdbd4438b3

Chronological Activities

Analysis Process: systemd PID: 5615, Parent PID: 1

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: upowerd PID: 5615, Parent PID: 1

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Chronological Activities

Analysis Process: gnome-session-binary PID: 5633, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5633, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-wacom PID: 5633, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-wacom
Arguments:	/usr/libexec/gsd-wacom
File size:	39520 bytes
MD5 hash:	13778dd1a23a4e94ddc17ac9caa4fcc1

Chronological Activities

Analysis Process: gnome-session-binary PID: 5662, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5662, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-keyboard PID: 5662, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-keyboard
Arguments:	/usr/libexec/gsd-keyboard
File size:	39760 bytes
MD5 hash:	8e288fd17c80bb0a1148b964b2ac2279

Chronological Activities

Analysis Process: gvfsd-fuse PID: 5663, Parent PID: 3210

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Chronological Activities

Analysis Process: fusermount PID: 5663, Parent PID: 3210

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Chronological Activities

Analysis Process: xfce4-panel PID: 5664, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5664, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: udisksd PID: 5665, Parent PID: 803

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5665, Parent PID: 803

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: gnome-session-binary PID: 5666, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5666, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-print-notifications PID: 5666, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-print-notifications
Arguments:	/usr/libexec/gsd-print-notifications
File size:	51840 bytes
MD5 hash:	71539698aa691718cee775d6b9450ae2

Chronological Activities

Analysis Process: xfce4-panel PID: 5668, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5668, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: gnome-session-binary PID: 5670, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5670, Parent PID: 1498

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-rfkill PID: 5670, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-rfkill
Arguments:	/usr/libexec/gsd-rfkill
File size:	51808 bytes
MD5 hash:	88a16a3c0aba1759358c06215ecfb5cc

Chronological Activities

Analysis Process: xfce4-panel PID: 5671, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5671, Parent PID: 3235

General

Start time (UTC):	07:56:39
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5674, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5674, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: gnome-session-binary PID: 5677, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5677, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-smartcard PID: 5677, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-smartcard
Arguments:	/usr/libexec/gsd-smartcard
File size:	109152 bytes
MD5 hash:	ea1fbd7f62e4cd0331eae2ef754ee605

Chronological Activities

Analysis Process: gnome-session-binary PID: 5683, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5683, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: xfce4-panel PID: 5684, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5684, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5685, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5685, Parent PID: 3235

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: gnome-session-binary PID: 5686, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5686, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-media-keys PID: 5686, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-media-keys
Arguments:	/usr/libexec/gsd-media-keys
File size:	232936 bytes
MD5 hash:	a425448c135afb4b8bfd79cc0b6b74da

Chronological Activities

Analysis Process: systemd PID: 5687, Parent PID: 1

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: upowerd PID: 5687, Parent PID: 1

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Chronological Activities

Analysis Process: gnome-session-binary PID: 5725, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5725, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-screensaver-proxy PID: 5725, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-screensaver-proxy
Arguments:	/usr/libexec/gsd-screensaver-proxy
File size:	27232 bytes
MD5 hash:	77e309450c87dceee43f1a9e50cc0d02

Chronological Activities

Analysis Process: gnome-session-binary PID: 5726, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5726, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-a11y-settings PID: 5726, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-a11y-settings
Arguments:	/usr/libexec/gsd-a11y-settings
File size:	23056 bytes
MD5 hash:	18e243d2cf30ecee7ea89d1462725c5c

Chronological Activities

Analysis Process: udisksd PID: 5728, Parent PID: 803

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5728, Parent PID: 803

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Chronological Activities

Analysis Process: gnome-session-binary PID: 5731, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5731, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-sound PID: 5731, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-sound
Arguments:	/usr/libexec/gsd-sound
File size:	31248 bytes
MD5 hash:	4c7d3fb993463337b4a0eb5c80c760ee

Chronological Activities

Analysis Process: gnome-session-binary PID: 5732, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5732, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-housekeeping PID: 5732, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-housekeeping
Arguments:	/usr/libexec/gsd-housekeeping
File size:	51840 bytes
MD5 hash:	b55f3394a84976ddb92a2915e5d76914

Chronological Activities

Analysis Process: gnome-session-binary PID: 5733, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5733, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-power PID: 5733, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-power
Arguments:	/usr/libexec/gsd-power
File size:	88672 bytes
MD5 hash:	28b8e1b43c3e7f1db6741ea1ecd978b7

Chronological Activities

Analysis Process: systemd PID: 5734, Parent PID: 1

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: upowerd PID: 5734, Parent PID: 1

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Chronological Activities

Analysis Process: gnome-session-binary PID: 5772, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gnome-session-binary
Arguments:	-
File size:	334664 bytes
MD5 hash:	d9b90be4f7db60cb3c2d3da6a1d31bfb

Chronological Activities

Analysis Process: sh PID: 5772, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: gsd-color PID: 5772, Parent PID: 1498

General

Start time (UTC):	07:56:40
Start date (UTC):	08/10/2024
Path:	/usr/libexec/gsd-color
Arguments:	/usr/libexec/gsd-color
File size:	92832 bytes
MD5 hash:	ac2861ad93ce047283e8e87cefef9a19

Chronological Activities

Analysis Process: systemd PID: 5778, Parent PID: 1

General

Start time (UTC):	07:56:41
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: upowerd PID: 5778, Parent PID: 1

General

Start time (UTC):	07:56:41
Start date (UTC):	08/10/2024
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Chronological Activities

Analysis Process: systemd PID: 5818, Parent PID: 1

General

Start time (UTC):	07:56:41
Start date (UTC):	08/10/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: upowerd PID: 5818, Parent PID: 1

General

Start time (UTC):	07:56:41
Start date (UTC):	08/10/2024
Path:	/usr/lib/upower/upowerd
Arguments:	/usr/lib/upower/upowerd
File size:	260328 bytes
MD5 hash:	1253eea2fe5fe4017069664284e326cd

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: na.elf PID: 5529, Parent PID: 5453

General

Chronological Activities

Analysis Process: na.elf PID: 5531, Parent PID: 5529

General

Chronological Activities

Analysis Process: na.elf PID: 5533, Parent PID: 5529

General

Chronological Activities

Analysis Process: udisksd PID: 5539, Parent PID: 803

General

Chronological Activities

Analysis Process: dumpe2fs PID: 5539, Parent PID: 803

General

Chronological Activities

Analysis Process: gnome-session-binary PID: 5595, Parent PID: 1498

Linux Analysis Report
na.elf