Edit tour

Linux Analysis Report
yakuza.arm7.elf

Overview

General Information

Sample name:	yakuza.arm7.elf
Analysis ID:	1541837
MD5:	fa8bae6bbcf9a658fa25b7f2a4faaf04
SHA1:	912ff68ca48b9d60ac0acf7ea30c877c406bbbf2
SHA256:	1007f5613a91a5d4170f28e24bfa704c8a63d95a2b4d033ff2bff7e2fe3dcffe
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses IRC for communication with a C&C

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541837
Start date and time:	2024-10-25 08:28:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	yakuza.arm7.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@2/0

Warnings

Report size exceeded maximum capacity and may have missing behavior information.
VT rate limit hit for: yakuza.arm7.elf

Runtime Messages

Command:	/tmp/yakuza.arm7.elf
PID:	5428
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	CAPSAICIN
Standard Error:

Process Tree

system is lnxubuntu20

yakuza.arm7.elf (PID: 5428, Parent: 5353, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/yakuza.arm7.elf

yakuza.arm7.elf New Fork (PID: 5430, Parent: 5428)

yakuza.arm7.elf New Fork (PID: 5432, Parent: 5430)

yakuza.arm7.elf New Fork (PID: 5433, Parent: 5430)

yakuza.arm7.elf New Fork (PID: 5462, Parent: 5433)

yakuza.arm7.elf New Fork (PID: 5435, Parent: 5430)

sh (PID: 5435, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 902i13 || busybox pkill -9 902i13"

sh New Fork (PID: 5438, Parent: 5435)

pkill (PID: 5438, Parent: 5435, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 902i13

sh New Fork (PID: 5472, Parent: 5435)

busybox (PID: 5472, Parent: 5435, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 902i13

yakuza.arm7.elf New Fork (PID: 5477, Parent: 5430)

sh (PID: 5477, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"

sh New Fork (PID: 5481, Parent: 5477)

pkill (PID: 5481, Parent: 5477, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 BzSxLxBxeY

sh New Fork (PID: 5486, Parent: 5477)

busybox (PID: 5486, Parent: 5477, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 BzSxLxBxeY

yakuza.arm7.elf New Fork (PID: 5487, Parent: 5430)

sh (PID: 5487, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"

sh New Fork (PID: 5492, Parent: 5487)

pkill (PID: 5492, Parent: 5487, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-LUGO7

sh New Fork (PID: 5493, Parent: 5487)

busybox (PID: 5493, Parent: 5487, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-LUGO7

yakuza.arm7.elf New Fork (PID: 5494, Parent: 5430)

sh (PID: 5494, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"

sh New Fork (PID: 5500, Parent: 5494)

pkill (PID: 5500, Parent: 5494, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-U79OL

sh New Fork (PID: 5501, Parent: 5494)

busybox (PID: 5501, Parent: 5494, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-U79OL

yakuza.arm7.elf New Fork (PID: 5502, Parent: 5430)

sh (PID: 5502, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"

sh New Fork (PID: 5504, Parent: 5502)

pkill (PID: 5504, Parent: 5502, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 JuYfouyf87

sh New Fork (PID: 5505, Parent: 5502)

busybox (PID: 5505, Parent: 5502, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 JuYfouyf87

yakuza.arm7.elf New Fork (PID: 5506, Parent: 5430)

sh (PID: 5506, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5509, Parent: 5506)

pkill (PID: 5509, Parent: 5506, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5510, Parent: 5506)

busybox (PID: 5510, Parent: 5506, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm7.elf New Fork (PID: 5511, Parent: 5430)

sh (PID: 5511, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"

sh New Fork (PID: 5513, Parent: 5511)

pkill (PID: 5513, Parent: 5511, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SO190Ij1X

sh New Fork (PID: 5537, Parent: 5511)

busybox (PID: 5537, Parent: 5511, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SO190Ij1X

yakuza.arm7.elf New Fork (PID: 5538, Parent: 5430)

sh (PID: 5538, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"

sh New Fork (PID: 5540, Parent: 5538)

pkill (PID: 5540, Parent: 5538, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 LOLKIKEEEDDE

sh New Fork (PID: 5543, Parent: 5538)

busybox (PID: 5543, Parent: 5538, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 LOLKIKEEEDDE

yakuza.arm7.elf New Fork (PID: 5544, Parent: 5430)

sh (PID: 5544, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"

sh New Fork (PID: 5546, Parent: 5544)

pkill (PID: 5546, Parent: 5544, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ekjheory98e

sh New Fork (PID: 5547, Parent: 5544)

busybox (PID: 5547, Parent: 5544, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ekjheory98e

yakuza.arm7.elf New Fork (PID: 5548, Parent: 5430)

sh (PID: 5548, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"

sh New Fork (PID: 5554, Parent: 5548)

pkill (PID: 5554, Parent: 5548, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scansh4

sh New Fork (PID: 5557, Parent: 5548)

busybox (PID: 5557, Parent: 5548, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scansh4

yakuza.arm7.elf New Fork (PID: 5558, Parent: 5430)

sh (PID: 5558, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"

sh New Fork (PID: 5560, Parent: 5558)

pkill (PID: 5560, Parent: 5558, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MDMA

sh New Fork (PID: 5561, Parent: 5558)

busybox (PID: 5561, Parent: 5558, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MDMA

yakuza.arm7.elf New Fork (PID: 5562, Parent: 5430)

sh (PID: 5562, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"

sh New Fork (PID: 5564, Parent: 5562)

pkill (PID: 5564, Parent: 5562, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 fdevalvex

sh New Fork (PID: 5567, Parent: 5562)

busybox (PID: 5567, Parent: 5562, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 fdevalvex

yakuza.arm7.elf New Fork (PID: 5568, Parent: 5430)

sh (PID: 5568, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"

sh New Fork (PID: 5570, Parent: 5568)

pkill (PID: 5570, Parent: 5568, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanspc

sh New Fork (PID: 5571, Parent: 5568)

busybox (PID: 5571, Parent: 5568, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanspc

yakuza.arm7.elf New Fork (PID: 5572, Parent: 5430)

sh (PID: 5572, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"

sh New Fork (PID: 5574, Parent: 5572)

pkill (PID: 5574, Parent: 5572, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MELTEDNINJAREALZ

sh New Fork (PID: 5577, Parent: 5572)

busybox (PID: 5577, Parent: 5572, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MELTEDNINJAREALZ

yakuza.arm7.elf New Fork (PID: 5578, Parent: 5430)

sh (PID: 5578, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"

sh New Fork (PID: 5580, Parent: 5578)

pkill (PID: 5580, Parent: 5578, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 flexsonskids

sh New Fork (PID: 5581, Parent: 5578)

busybox (PID: 5581, Parent: 5578, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 flexsonskids

yakuza.arm7.elf New Fork (PID: 5582, Parent: 5430)

sh (PID: 5582, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"

sh New Fork (PID: 5584, Parent: 5582)

pkill (PID: 5584, Parent: 5582, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanx86

sh New Fork (PID: 5587, Parent: 5582)

busybox (PID: 5587, Parent: 5582, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanx86

yakuza.arm7.elf New Fork (PID: 5588, Parent: 5430)

sh (PID: 5588, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"

sh New Fork (PID: 5590, Parent: 5588)

pkill (PID: 5590, Parent: 5588, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MISAKI-U79OL

sh New Fork (PID: 5591, Parent: 5588)

busybox (PID: 5591, Parent: 5588, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MISAKI-U79OL

yakuza.arm7.elf New Fork (PID: 5592, Parent: 5430)

sh (PID: 5592, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"

sh New Fork (PID: 5598, Parent: 5592)

pkill (PID: 5598, Parent: 5592, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 foAxi102kxe

sh New Fork (PID: 5601, Parent: 5592)

busybox (PID: 5601, Parent: 5592, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 foAxi102kxe

yakuza.arm7.elf New Fork (PID: 5602, Parent: 5430)

sh (PID: 5602, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"

sh New Fork (PID: 5607, Parent: 5602)

pkill (PID: 5607, Parent: 5602, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 swodjwodjwoj

sh New Fork (PID: 5609, Parent: 5602)

busybox (PID: 5609, Parent: 5602, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 swodjwodjwoj

yakuza.arm7.elf New Fork (PID: 5612, Parent: 5430)

sh (PID: 5612, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"

sh New Fork (PID: 5614, Parent: 5612)

pkill (PID: 5614, Parent: 5612, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MmKiy7f87l

sh New Fork (PID: 5617, Parent: 5612)

busybox (PID: 5617, Parent: 5612, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MmKiy7f87l

yakuza.arm7.elf New Fork (PID: 5618, Parent: 5430)

sh (PID: 5618, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"

sh New Fork (PID: 5624, Parent: 5618)

pkill (PID: 5624, Parent: 5618, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 freecookiex86

sh New Fork (PID: 5625, Parent: 5618)

busybox (PID: 5625, Parent: 5618, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 freecookiex86

yakuza.arm7.elf New Fork (PID: 5626, Parent: 5430)

sh (PID: 5626, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"

sh New Fork (PID: 5631, Parent: 5626)

pkill (PID: 5631, Parent: 5626, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysgpu

sh New Fork (PID: 5634, Parent: 5626)

busybox (PID: 5634, Parent: 5626, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysgpu

yakuza.arm7.elf New Fork (PID: 5635, Parent: 5430)

sh (PID: 5635, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5637, Parent: 5635)

pkill (PID: 5637, Parent: 5635, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5638, Parent: 5635)

busybox (PID: 5638, Parent: 5635, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm7.elf New Fork (PID: 5639, Parent: 5430)

sh (PID: 5639, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 frgege || busybox pkill -9 frgege"

sh New Fork (PID: 5644, Parent: 5639)

pkill (PID: 5644, Parent: 5639, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgege

sh New Fork (PID: 5645, Parent: 5639)

busybox (PID: 5645, Parent: 5639, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgege

yakuza.arm7.elf New Fork (PID: 5648, Parent: 5430)

sh (PID: 5648, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"

sh New Fork (PID: 5653, Parent: 5648)

pkill (PID: 5653, Parent: 5648, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysupdater

sh New Fork (PID: 5654, Parent: 5648)

busybox (PID: 5654, Parent: 5648, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysupdater

yakuza.arm7.elf New Fork (PID: 5655, Parent: 5430)

sh (PID: 5655, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"

sh New Fork (PID: 5660, Parent: 5655)

pkill (PID: 5660, Parent: 5655, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0DnAzepd

sh New Fork (PID: 5661, Parent: 5655)

busybox (PID: 5661, Parent: 5655, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0DnAzepd

yakuza.arm7.elf New Fork (PID: 5662, Parent: 5430)

sh (PID: 5662, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"

sh New Fork (PID: 5668, Parent: 5662)

pkill (PID: 5668, Parent: 5662, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRD0nks69

sh New Fork (PID: 5671, Parent: 5662)

busybox (PID: 5671, Parent: 5662, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRD0nks69

yakuza.arm7.elf New Fork (PID: 5672, Parent: 5430)

sh (PID: 5672, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"

sh New Fork (PID: 5674, Parent: 5672)

pkill (PID: 5674, Parent: 5672, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgreu

sh New Fork (PID: 5675, Parent: 5672)

busybox (PID: 5675, Parent: 5672, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgreu

yakuza.arm7.elf New Fork (PID: 5678, Parent: 5430)

sh (PID: 5678, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"

sh New Fork (PID: 5680, Parent: 5678)

pkill (PID: 5680, Parent: 5678, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 telnetd

sh New Fork (PID: 5681, Parent: 5678)

busybox (PID: 5681, Parent: 5678, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 telnetd

yakuza.arm7.elf New Fork (PID: 5682, Parent: 5430)

sh (PID: 5682, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"

sh New Fork (PID: 5687, Parent: 5682)

pkill (PID: 5687, Parent: 5682, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0x766f6964

sh New Fork (PID: 5688, Parent: 5682)

busybox (PID: 5688, Parent: 5682, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0x766f6964

yakuza.arm7.elf New Fork (PID: 5691, Parent: 5430)

sh (PID: 5691, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"

sh New Fork (PID: 5696, Parent: 5691)

pkill (PID: 5696, Parent: 5691, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRd0nks1337

sh New Fork (PID: 5697, Parent: 5691)

busybox (PID: 5697, Parent: 5691, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRd0nks1337

yakuza.arm7.elf New Fork (PID: 5698, Parent: 5430)

sh (PID: 5698, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 gaft || busybox pkill -9 gaft"

sh New Fork (PID: 5703, Parent: 5698)

pkill (PID: 5703, Parent: 5698, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 gaft

sh New Fork (PID: 5705, Parent: 5698)

busybox (PID: 5705, Parent: 5698, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 gaft

yakuza.arm7.elf New Fork (PID: 5706, Parent: 5430)

sh (PID: 5706, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"

sh New Fork (PID: 5708, Parent: 5706)

pkill (PID: 5708, Parent: 5706, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 urasgbsigboa

sh New Fork (PID: 5711, Parent: 5706)

busybox (PID: 5711, Parent: 5706, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 urasgbsigboa

yakuza.arm7.elf New Fork (PID: 5712, Parent: 5430)

sh (PID: 5712, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"

sh New Fork (PID: 5714, Parent: 5712)

pkill (PID: 5714, Parent: 5712, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 120i3UI49

sh New Fork (PID: 5715, Parent: 5712)

busybox (PID: 5715, Parent: 5712, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 120i3UI49

yakuza.arm7.elf New Fork (PID: 5716, Parent: 5430)

sh (PID: 5716, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"

sh New Fork (PID: 5720, Parent: 5716)

pkill (PID: 5720, Parent: 5716, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OaF3

sh New Fork (PID: 5723, Parent: 5716)

busybox (PID: 5723, Parent: 5716, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OaF3

yakuza.arm7.elf New Fork (PID: 5726, Parent: 5430)

sh (PID: 5726, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 geae || busybox pkill -9 geae"

sh New Fork (PID: 5731, Parent: 5726)

pkill (PID: 5731, Parent: 5726, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 geae

sh New Fork (PID: 5732, Parent: 5726)

busybox (PID: 5732, Parent: 5726, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 geae

yakuza.arm7.elf New Fork (PID: 5733, Parent: 5430)

sh (PID: 5733, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"

sh New Fork (PID: 5735, Parent: 5733)

pkill (PID: 5735, Parent: 5733, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 vaiolmao

sh New Fork (PID: 5736, Parent: 5733)

busybox (PID: 5736, Parent: 5733, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 vaiolmao

yakuza.arm7.elf New Fork (PID: 5739, Parent: 5430)

sh (PID: 5739, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 123123a || busybox pkill -9 123123a"

sh New Fork (PID: 5744, Parent: 5739)

pkill (PID: 5744, Parent: 5739, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 123123a

sh New Fork (PID: 5745, Parent: 5739)

busybox (PID: 5745, Parent: 5739, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 123123a

yakuza.arm7.elf New Fork (PID: 5746, Parent: 5430)

sh (PID: 5746, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"

sh New Fork (PID: 5751, Parent: 5746)

pkill (PID: 5751, Parent: 5746, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 Ofurain0n4H34D

sh New Fork (PID: 5752, Parent: 5746)

busybox (PID: 5752, Parent: 5746, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 Ofurain0n4H34D

yakuza.arm7.elf New Fork (PID: 5753, Parent: 5430)

sh (PID: 5753, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"

sh New Fork (PID: 5759, Parent: 5753)

pkill (PID: 5759, Parent: 5753, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggTrex

sh New Fork (PID: 5762, Parent: 5753)

busybox (PID: 5762, Parent: 5753, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggTrex

yakuza.arm7.elf New Fork (PID: 5763, Parent: 5430)

sh (PID: 5763, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 wasads || busybox pkill -9 wasads"

sh New Fork (PID: 5765, Parent: 5763)

pkill (PID: 5765, Parent: 5763, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wasads

sh New Fork (PID: 5766, Parent: 5763)

busybox (PID: 5766, Parent: 5763, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wasads

yakuza.arm7.elf New Fork (PID: 5767, Parent: 5430)

sh (PID: 5767, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"

sh New Fork (PID: 5769, Parent: 5767)

pkill (PID: 5769, Parent: 5767, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1293194hjXD

sh New Fork (PID: 5772, Parent: 5767)

busybox (PID: 5772, Parent: 5767, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1293194hjXD

yakuza.arm7.elf New Fork (PID: 5773, Parent: 5430)

sh (PID: 5773, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"

sh New Fork (PID: 5775, Parent: 5773)

pkill (PID: 5775, Parent: 5773, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OthLaLosn

sh New Fork (PID: 5776, Parent: 5773)

busybox (PID: 5776, Parent: 5773, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OthLaLosn

yakuza.arm7.elf New Fork (PID: 5777, Parent: 5430)

sh (PID: 5777, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggt || busybox pkill -9 ggt"

sh New Fork (PID: 5779, Parent: 5777)

pkill (PID: 5779, Parent: 5777, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggt

sh New Fork (PID: 5782, Parent: 5777)

busybox (PID: 5782, Parent: 5777, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggt

yakuza.arm7.elf New Fork (PID: 5783, Parent: 5430)

sh (PID: 5783, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"

sh New Fork (PID: 5787, Parent: 5783)

pkill (PID: 5787, Parent: 5783, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wget-log

sh New Fork (PID: 5789, Parent: 5783)

busybox (PID: 5789, Parent: 5783, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wget-log

yakuza.arm7.elf New Fork (PID: 5793, Parent: 5430)

sh (PID: 5793, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"

sh New Fork (PID: 5799, Parent: 5793)

pkill (PID: 5799, Parent: 5793, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1337SoraLOADER

sh New Fork (PID: 5800, Parent: 5793)

busybox (PID: 5800, Parent: 5793, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1337SoraLOADER

yakuza.arm7.elf New Fork (PID: 5803, Parent: 5430)

sh (PID: 5803, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"

sh New Fork (PID: 5807, Parent: 5803)

pkill (PID: 5807, Parent: 5803, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKINA

sh New Fork (PID: 5809, Parent: 5803)

busybox (PID: 5809, Parent: 5803, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKINA

yakuza.arm7.elf New Fork (PID: 5810, Parent: 5430)

sh (PID: 5810, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"

sh New Fork (PID: 5815, Parent: 5810)

pkill (PID: 5815, Parent: 5810, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtq

sh New Fork (PID: 5816, Parent: 5810)

busybox (PID: 5816, Parent: 5810, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtq

yakuza.arm7.elf New Fork (PID: 5817, Parent: 5430)

sh (PID: 5817, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"

sh New Fork (PID: 5822, Parent: 5817)

pkill (PID: 5822, Parent: 5817, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1378bfp919GRB1Q2

sh New Fork (PID: 5825, Parent: 5817)

busybox (PID: 5825, Parent: 5817, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1378bfp919GRB1Q2

yakuza.arm7.elf New Fork (PID: 5826, Parent: 5430)

sh (PID: 5826, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"

sh New Fork (PID: 5831, Parent: 5826)

pkill (PID: 5831, Parent: 5826, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKUSO

sh New Fork (PID: 5832, Parent: 5826)

busybox (PID: 5832, Parent: 5826, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKUSO

yakuza.arm7.elf New Fork (PID: 5833, Parent: 5430)

sh (PID: 5833, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"

sh New Fork (PID: 5838, Parent: 5833)

pkill (PID: 5838, Parent: 5833, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtr

sh New Fork (PID: 5839, Parent: 5833)

busybox (PID: 5839, Parent: 5833, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtr

yakuza.arm7.elf New Fork (PID: 5842, Parent: 5430)

sh (PID: 5842, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 14Fa || busybox pkill -9 14Fa"

sh New Fork (PID: 5847, Parent: 5842)

pkill (PID: 5847, Parent: 5842, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 14Fa

sh New Fork (PID: 5848, Parent: 5842)

busybox (PID: 5848, Parent: 5842, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 14Fa

yakuza.arm7.elf New Fork (PID: 5849, Parent: 5430)

sh (PID: 5849, Parent: 5430, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"

sh New Fork (PID: 5854, Parent: 5849)

pkill (PID: 5854, Parent: 5849, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SEXSLAVE1337

sh New Fork (PID: 5855, Parent: 5849)

busybox (PID: 5855, Parent: 5849, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SEXSLAVE1337

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
yakuza.arm7.elf	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
yakuza.arm7.elf	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
yakuza.arm7.elf	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1e861:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1eef5:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20

Memory Dumps

Source	Rule	Description	Author	Strings
5428.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x20576:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x20576:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1e861:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1eef5:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x20576:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1e861:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1eef5:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x436:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x346:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1e861:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1eef5:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm7.elf PID: 5428	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1544d:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1555f:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x15b3e:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm7.elf PID: 5432	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x12cd4:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x12de6:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x133c5:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm7.elf PID: 5462	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x6d1a:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x6e2c:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x740b:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Click to see the 10 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: yakuza.arm7.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: yakuza.arm7.elf

ReversingLabs: Detection: 57%

Source: /usr/bin/pkill (PID: 5438)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5481)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5492)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5500)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5504)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5509)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5540)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5546)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5554)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5564)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5570)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5574)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5584)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5590)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5598)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5614)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5624)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5631)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5637)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5644)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5653)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5660)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5674)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5680)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5687)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5696)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5703)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5708)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5714)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5720)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5731)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5744)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5751)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5759)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5765)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5769)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5775)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5779)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5807)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5815)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5822)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5831)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5838)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5847)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5854)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking

Uses IRC for communication with a C&C

Source: unknown

IRC traffic detected: 192.168.2.13:57852 -> 194.110.247.46:5060 NICK [OSX|ARM4T]0qsITxh USER 0qsITxh localhost localhost :0qsITxh

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 57852 -> 5060
Source: unknown	Network traffic detected: IRC traffic on port 57852 -> 5060

Source: global traffic

TCP traffic: 192.168.2.13:57852 -> 194.110.247.46:5060

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: yakuza.arm7.elf	String found in binary or memory: http://87.10.220.221/yak.sh;
Source: yakuza.arm7.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQ
Source: yakuza.arm7.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQNever

System Summary

Malicious sample detected (through community Yara rule)

Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5428.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm7.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm7.elf PID: 5462, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown

Source: yakuza.arm7.elf

ELF static info symbol of initial sample: __gnu_unwind_execute

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: 902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreutelnetd0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QTjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismDeportedXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0Gb
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %s
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %shistory -c;history -wcd /root;rm -f .bash_historycd /var/tmp; rm -f *NOTICE %s :MOVE <server>

Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: yakuza.arm7.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5428.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5462.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5428.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5432.1.00007f43e0017000.00007f43e0039000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm7.elf PID: 5428, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm7.elf PID: 5462, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.troj.linELF@0/0@2/0

Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/110/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/110/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/111/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/111/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/112/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/112/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/113/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/113/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/114/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/114/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/115/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/115/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/116/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/116/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/117/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/117/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/238/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/238/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/118/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/118/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/239/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/239/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/119/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/119/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3633/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3633/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/914/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/914/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/10/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/10/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/917/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/917/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/11/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/11/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/12/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/12/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/13/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/13/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/14/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/14/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/15/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/15/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/16/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/16/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/17/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/17/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/18/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/18/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/19/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/19/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/240/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/240/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3095/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3095/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/5270/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/5270/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/120/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/120/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/241/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/241/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/121/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/121/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/242/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/242/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/1/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/1/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/122/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/122/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/2/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/2/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/123/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/123/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/244/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/244/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/3/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/124/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/124/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/245/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/245/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/1588/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/1588/cmdline
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/125/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/125/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/4/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/4/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/246/status
Source: /usr/bin/pkill (PID: 5580)	File opened: /proc/246/cmdline

Source: /tmp/yakuza.arm7.elf (PID: 5435)	Shell command executed: /bin/sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5477)	Shell command executed: /bin/sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5487)	Shell command executed: /bin/sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5494)	Shell command executed: /bin/sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5502)	Shell command executed: /bin/sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5506)	Shell command executed: /bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5511)	Shell command executed: /bin/sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5538)	Shell command executed: /bin/sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5544)	Shell command executed: /bin/sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5548)	Shell command executed: /bin/sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5558)	Shell command executed: /bin/sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5562)	Shell command executed: /bin/sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5568)	Shell command executed: /bin/sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5572)	Shell command executed: /bin/sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5578)	Shell command executed: /bin/sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"	Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5582)	Shell command executed: /bin/sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
Source: /tmp/yakuza.arm7.elf (PID: 5588)	Shell command executed: /bin/sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
Source: /tmp/yakuza.arm7.elf (PID: 5592)	Shell command executed: /bin/sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
Source: /tmp/yakuza.arm7.elf (PID: 5602)	Shell command executed: /bin/sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
Source: /tmp/yakuza.arm7.elf (PID: 5612)	Shell command executed: /bin/sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
Source: /tmp/yakuza.arm7.elf (PID: 5618)	Shell command executed: /bin/sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
Source: /tmp/yakuza.arm7.elf (PID: 5626)	Shell command executed: /bin/sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
Source: /tmp/yakuza.arm7.elf (PID: 5635)	Shell command executed: /bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
Source: /tmp/yakuza.arm7.elf (PID: 5639)	Shell command executed: /bin/sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
Source: /tmp/yakuza.arm7.elf (PID: 5648)	Shell command executed: /bin/sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
Source: /tmp/yakuza.arm7.elf (PID: 5655)	Shell command executed: /bin/sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
Source: /tmp/yakuza.arm7.elf (PID: 5662)	Shell command executed: /bin/sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
Source: /tmp/yakuza.arm7.elf (PID: 5672)	Shell command executed: /bin/sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
Source: /tmp/yakuza.arm7.elf (PID: 5678)	Shell command executed: /bin/sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
Source: /tmp/yakuza.arm7.elf (PID: 5682)	Shell command executed: /bin/sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
Source: /tmp/yakuza.arm7.elf (PID: 5691)	Shell command executed: /bin/sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
Source: /tmp/yakuza.arm7.elf (PID: 5698)	Shell command executed: /bin/sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
Source: /tmp/yakuza.arm7.elf (PID: 5706)	Shell command executed: /bin/sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
Source: /tmp/yakuza.arm7.elf (PID: 5712)	Shell command executed: /bin/sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
Source: /tmp/yakuza.arm7.elf (PID: 5716)	Shell command executed: /bin/sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
Source: /tmp/yakuza.arm7.elf (PID: 5726)	Shell command executed: /bin/sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
Source: /tmp/yakuza.arm7.elf (PID: 5733)	Shell command executed: /bin/sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
Source: /tmp/yakuza.arm7.elf (PID: 5739)	Shell command executed: /bin/sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
Source: /tmp/yakuza.arm7.elf (PID: 5746)	Shell command executed: /bin/sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
Source: /tmp/yakuza.arm7.elf (PID: 5753)	Shell command executed: /bin/sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
Source: /tmp/yakuza.arm7.elf (PID: 5763)	Shell command executed: /bin/sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
Source: /tmp/yakuza.arm7.elf (PID: 5767)	Shell command executed: /bin/sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
Source: /tmp/yakuza.arm7.elf (PID: 5773)	Shell command executed: /bin/sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
Source: /tmp/yakuza.arm7.elf (PID: 5777)	Shell command executed: /bin/sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
Source: /tmp/yakuza.arm7.elf (PID: 5783)	Shell command executed: /bin/sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
Source: /tmp/yakuza.arm7.elf (PID: 5793)	Shell command executed: /bin/sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
Source: /tmp/yakuza.arm7.elf (PID: 5803)	Shell command executed: /bin/sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
Source: /tmp/yakuza.arm7.elf (PID: 5810)	Shell command executed: /bin/sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
Source: /tmp/yakuza.arm7.elf (PID: 5817)	Shell command executed: /bin/sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"
Source: /tmp/yakuza.arm7.elf (PID: 5826)	Shell command executed: /bin/sh -c "pkill -9 SAIAKUSO \|\| busybox pkill -9 SAIAKUSO"
Source: /tmp/yakuza.arm7.elf (PID: 5833)	Shell command executed: /bin/sh -c "pkill -9 ggtr \|\| busybox pkill -9 ggtr"
Source: /tmp/yakuza.arm7.elf (PID: 5842)	Shell command executed: /bin/sh -c "pkill -9 14Fa \|\| busybox pkill -9 14Fa"
Source: /tmp/yakuza.arm7.elf (PID: 5849)	Shell command executed: /bin/sh -c "pkill -9 SEXSLAVE1337 \|\| busybox pkill -9 SEXSLAVE1337"

Source: /bin/sh (PID: 5438)	Pkill executable: /usr/bin/pkill -> pkill -9 902i13	Jump to behavior
Source: /bin/sh (PID: 5481)	Pkill executable: /usr/bin/pkill -> pkill -9 BzSxLxBxeY	Jump to behavior
Source: /bin/sh (PID: 5492)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-LUGO7	Jump to behavior
Source: /bin/sh (PID: 5500)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-U79OL	Jump to behavior
Source: /bin/sh (PID: 5504)	Pkill executable: /usr/bin/pkill -> pkill -9 JuYfouyf87	Jump to behavior
Source: /bin/sh (PID: 5509)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd	Jump to behavior
Source: /bin/sh (PID: 5513)	Pkill executable: /usr/bin/pkill -> pkill -9 SO190Ij1X	Jump to behavior
Source: /bin/sh (PID: 5540)	Pkill executable: /usr/bin/pkill -> pkill -9 LOLKIKEEEDDE	Jump to behavior
Source: /bin/sh (PID: 5546)	Pkill executable: /usr/bin/pkill -> pkill -9 ekjheory98e	Jump to behavior
Source: /bin/sh (PID: 5554)	Pkill executable: /usr/bin/pkill -> pkill -9 scansh4	Jump to behavior
Source: /bin/sh (PID: 5560)	Pkill executable: /usr/bin/pkill -> pkill -9 MDMA	Jump to behavior
Source: /bin/sh (PID: 5564)	Pkill executable: /usr/bin/pkill -> pkill -9 fdevalvex	Jump to behavior
Source: /bin/sh (PID: 5570)	Pkill executable: /usr/bin/pkill -> pkill -9 scanspc	Jump to behavior
Source: /bin/sh (PID: 5574)	Pkill executable: /usr/bin/pkill -> pkill -9 MELTEDNINJAREALZ	Jump to behavior
Source: /bin/sh (PID: 5580)	Pkill executable: /usr/bin/pkill -> pkill -9 flexsonskids	Jump to behavior
Source: /bin/sh (PID: 5584)	Pkill executable: /usr/bin/pkill -> pkill -9 scanx86
Source: /bin/sh (PID: 5590)	Pkill executable: /usr/bin/pkill -> pkill -9 MISAKI-U79OL
Source: /bin/sh (PID: 5598)	Pkill executable: /usr/bin/pkill -> pkill -9 foAxi102kxe
Source: /bin/sh (PID: 5607)	Pkill executable: /usr/bin/pkill -> pkill -9 swodjwodjwoj
Source: /bin/sh (PID: 5614)	Pkill executable: /usr/bin/pkill -> pkill -9 MmKiy7f87l
Source: /bin/sh (PID: 5624)	Pkill executable: /usr/bin/pkill -> pkill -9 freecookiex86
Source: /bin/sh (PID: 5631)	Pkill executable: /usr/bin/pkill -> pkill -9 sysgpu
Source: /bin/sh (PID: 5637)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
Source: /bin/sh (PID: 5644)	Pkill executable: /usr/bin/pkill -> pkill -9 frgege
Source: /bin/sh (PID: 5653)	Pkill executable: /usr/bin/pkill -> pkill -9 sysupdater
Source: /bin/sh (PID: 5660)	Pkill executable: /usr/bin/pkill -> pkill -9 0DnAzepd
Source: /bin/sh (PID: 5668)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRD0nks69
Source: /bin/sh (PID: 5674)	Pkill executable: /usr/bin/pkill -> pkill -9 frgreu
Source: /bin/sh (PID: 5680)	Pkill executable: /usr/bin/pkill -> pkill -9 telnetd
Source: /bin/sh (PID: 5687)	Pkill executable: /usr/bin/pkill -> pkill -9 0x766f6964
Source: /bin/sh (PID: 5696)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRd0nks1337
Source: /bin/sh (PID: 5703)	Pkill executable: /usr/bin/pkill -> pkill -9 gaft
Source: /bin/sh (PID: 5708)	Pkill executable: /usr/bin/pkill -> pkill -9 urasgbsigboa
Source: /bin/sh (PID: 5714)	Pkill executable: /usr/bin/pkill -> pkill -9 120i3UI49
Source: /bin/sh (PID: 5720)	Pkill executable: /usr/bin/pkill -> pkill -9 OaF3
Source: /bin/sh (PID: 5731)	Pkill executable: /usr/bin/pkill -> pkill -9 geae
Source: /bin/sh (PID: 5735)	Pkill executable: /usr/bin/pkill -> pkill -9 vaiolmao
Source: /bin/sh (PID: 5744)	Pkill executable: /usr/bin/pkill -> pkill -9 123123a
Source: /bin/sh (PID: 5751)	Pkill executable: /usr/bin/pkill -> pkill -9 Ofurain0n4H34D
Source: /bin/sh (PID: 5759)	Pkill executable: /usr/bin/pkill -> pkill -9 ggTrex
Source: /bin/sh (PID: 5765)	Pkill executable: /usr/bin/pkill -> pkill -9 wasads
Source: /bin/sh (PID: 5769)	Pkill executable: /usr/bin/pkill -> pkill -9 1293194hjXD
Source: /bin/sh (PID: 5775)	Pkill executable: /usr/bin/pkill -> pkill -9 OthLaLosn
Source: /bin/sh (PID: 5779)	Pkill executable: /usr/bin/pkill -> pkill -9 ggt
Source: /bin/sh (PID: 5787)	Pkill executable: /usr/bin/pkill -> pkill -9 wget-log
Source: /bin/sh (PID: 5799)	Pkill executable: /usr/bin/pkill -> pkill -9 1337SoraLOADER
Source: /bin/sh (PID: 5807)	Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKINA
Source: /bin/sh (PID: 5815)	Pkill executable: /usr/bin/pkill -> pkill -9 ggtq
Source: /bin/sh (PID: 5822)	Pkill executable: /usr/bin/pkill -> pkill -9 1378bfp919GRB1Q2
Source: /bin/sh (PID: 5831)	Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKUSO
Source: /bin/sh (PID: 5838)	Pkill executable: /usr/bin/pkill -> pkill -9 ggtr
Source: /bin/sh (PID: 5847)	Pkill executable: /usr/bin/pkill -> pkill -9 14Fa
Source: /bin/sh (PID: 5854)	Pkill executable: /usr/bin/pkill -> pkill -9 SEXSLAVE1337

Source: /tmp/yakuza.arm7.elf (PID: 5433)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/yakuza.arm7.elf (PID: 5462)	Reads from proc file: /proc/stat			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 57852 -> 5060
Source: unknown	Network traffic detected: IRC traffic on port 57852 -> 5060

Source: /usr/bin/pkill (PID: 5438)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5481)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5492)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5500)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5504)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5509)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5513)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5540)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5546)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5554)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5560)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5564)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5570)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5574)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5580)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5584)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5590)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5598)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5614)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5624)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5631)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5637)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5644)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5653)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5660)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5674)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5680)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5687)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5696)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5703)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5708)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5714)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5720)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5731)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5744)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5751)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5759)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5765)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5769)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5775)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5779)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5807)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5815)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5822)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5831)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5838)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5847)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5854)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /tmp/yakuza.arm7.elf (PID: 5428)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5472)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5486)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5493)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5501)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5505)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5510)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5537)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5543)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5557)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5561)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5567)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5571)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5577)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5581)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5587)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5591)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5601)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5609)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5617)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5625)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5634)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5638)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5645)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5654)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5661)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5671)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5675)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5681)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5688)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5697)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5705)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5711)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5715)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5723)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5732)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5736)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5745)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5752)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5762)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5766)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5772)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5776)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5782)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5789)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5800)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5809)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5816)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5825)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5832)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5839)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5848)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5855)	Queries kernel information via 'uname':

Source: yakuza.arm7.elf, 5428.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp, yakuza.arm7.elf, 5432.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp, yakuza.arm7.elf, 5462.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: yakuza.arm7.elf, 5428.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, yakuza.arm7.elf, 5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, yakuza.arm7.elf, 5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/yakuza.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yakuza.arm7.elf
Source: yakuza.arm7.elf, 5428.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp, yakuza.arm7.elf, 5432.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp, yakuza.arm7.elf, 5462.1.000055f3f9393000.000055f3f94c1000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: yakuza.arm7.elf, 5428.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, yakuza.arm7.elf, 5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, yakuza.arm7.elf, 5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: yakuza.arm7.elf, 5432.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp, yakuza.arm7.elf, 5462.1.00007ffda4a70000.00007ffda4a91000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sample	User agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
yakuza.arm7.elf	58%	ReversingLabs	Linux.Trojan.Gafgyt
yakuza.arm7.elf	100%	Avira	ANDROID/AVE.Gafgyt.pjrke

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://youtu.be/dQw4w9WgXcQ	yakuza.arm7.elf	false	unknown
https://youtu.be/dQw4w9WgXcQNever	yakuza.arm7.elf	false	unknown
http://87.10.220.221/yak.sh;	yakuza.arm7.elf	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.110.247.46	unknown	unknown		41108	FIRSTROOT-ASDE	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
194.110.247.46	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse
	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse
	yakuza.arm6.elf	Get hash	malicious	Unknown	Browse
	yakuza.i586.elf	Get hash	malicious	Unknown	Browse
	yakuza.i686.elf	Get hash	malicious	Unknown	Browse
	yakuza.mipsel.elf	Get hash	malicious	Unknown	Browse
	yakuza.mips.elf	Get hash	malicious	Unknown	Browse
	yakuza.x86.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	c0r0n4x.x86.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	armv7l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	la.bot.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FIRSTROOT-ASDE	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	3kloOVp5iW.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Mirai	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse	194.110.247.46

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	5.997852801272192
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	yakuza.arm7.elf
File size:	212'217 bytes
MD5:	fa8bae6bbcf9a658fa25b7f2a4faaf04
SHA1:	912ff68ca48b9d60ac0acf7ea30c877c406bbbf2
SHA256:	1007f5613a91a5d4170f28e24bfa704c8a63d95a2b4d033ff2bff7e2fe3dcffe
SHA512:	60c3b3a0e701bb5ca71da59b1e5692ac3a0f2bc7bf19667fa8a869a516fba208870e6168f18bd61d04be17b55cc22006493ee339b032e4cc9afd6d2acdb940a7
SSDEEP:	6144:AhYGa/AaqzosIYPikWmWlnRiDDt+M/9Zmr2nBPNg2:aYGa/KzosI+iNflRiNP/zmr2nBPNg2
TLSH:	A9243B09DA509B67C1E23BFBF79B828A33234B54A7D7331945285BF03BC2B5D5E26106
File Content Preview:	.ELF..............(.........4...........4. ...(........p............ ... ...........................,...,................ ... ... ..$.................... ... ... ..................Q.td..................................-...L..................G.F.G.F.G.F.G.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x81d0
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	168948
Section Header Size:	40
Number of Section Headers:	30
Header String Table Index:	27

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80f0	0xf0	0x1c2b4	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x243a4	0x1c3a4	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x243b8	0x1c3b8	0x523c	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x295f4	0x215f4	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x2960c	0x2160c	0x120	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x32000	0x22000	0x4	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x32004	0x22004	0x8	0x0	0x403	WAT	0	0	4
.init_array	INIT_ARRAY	0x32004	0x22004	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x32008	0x22008	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x3200c	0x2200c	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x32010	0x22010	0x18	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x32028	0x22028	0xb8	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x320e0	0x220e0	0x844	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x32924	0x22924	0x85f4	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x22924	0xe38	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x23760	0x140	0x0	0x0		0	0	8
.debug_pubnames	PROGBITS	0x0	0x238a0	0x213	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x23ab3	0x2043	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x25af6	0x6e2	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x261d8	0xe76	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x27050	0x2b8	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x27308	0x8ca	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x27bd2	0x118f	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x28d61	0x558	0x0	0x0		0	0	1
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x292b9	0x16	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x292cf	0x124	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x298a4	0x6e40	0x10	0x0		29	986	4
.strtab	STRTAB	0x0	0x306e4	0x3615	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x2160c	0x2960c	0x2960c	0x120	0x120	4.4898	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x2172c	0x2172c	6.1976	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x22000	0x32000	0x32000	0x924	0x8f18	4.5826	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .jcr .data.rel.ro .got .data .bss
TLS	0x22004	0x32004	0x32004	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80f0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x243a4	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x243b8	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x295f4	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x2960c	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x32000	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x32004	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x32004	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x32008	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x3200c	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x32010	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x32028	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x320e0	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x32924	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	26
$a	.symtab	0x80d4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x243a4	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80e0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x243b0	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x812c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8170	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x820c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8230	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x86a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8840	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8c10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8e68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x945c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9598	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x95d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9798	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x98d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x99f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9abc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9b94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9cd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9fa4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa070	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa3c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa874	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xaba8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xacf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb320	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb9b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbaf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc684	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xce5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd3bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd660	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd8e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdca0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf39c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf49c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf64c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf728	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf7bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10df0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10e98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10ed4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10f5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1106c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x113c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11494	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12004	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1225c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12270	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12308	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x123fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12434	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12560	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12588	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1259c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x125d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1272c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x127a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x127e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12868	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x128d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1299c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x129cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x129ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12d3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12db0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12f88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12fbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13044	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13114	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13534	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13994	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13a14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ba8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13cec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x144b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14558	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1459c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1474c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x147a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15084	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x151a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x157fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1589c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15aa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ac0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15be0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15c04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15d14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15eb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15fc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1602c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16114	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16138	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x161b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16214	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16e80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x171ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x174a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x175f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17890	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17938	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17960	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17c4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17fd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1801c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18060	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1811c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1815c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x181a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x182c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18310	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x183e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18dd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19194	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19634	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19674	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1979c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x197b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19858	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19910	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x199d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19a74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19bdc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19cd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19dc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19de0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19dfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19e18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ff0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a0b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a160	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a2ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a8d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a920	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a990	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1adf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1afe0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b028	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b2e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b33c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b344	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b3cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b3d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b400	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b488	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b564	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b624	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b678	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b6d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1babc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bc10	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c15c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c1e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c25c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c288	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c310	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c318	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c324	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c330	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c340	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c380	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c3e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c428	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c468	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c47c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c53c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c57c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c5bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c61c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c65c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c6c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c754	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c78c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c89c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c96c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ca30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cbcc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cf70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cfc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cfe8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d1bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d2fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d3d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d44c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d478	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d5d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ddc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1df0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e040	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e4d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e5c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e5e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e6c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e7b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e8a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e8e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e934	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e980	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e9f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eb40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ec0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ed90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ef08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f050	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f0b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f100	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f1ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f224	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f4bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f504	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f9fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1faf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1fbec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x203fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x204a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20904	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2099c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20a34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20a80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20dc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20e08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20e4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20ec0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20ef8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21038	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x210b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21118	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2136c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21378	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x213b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21408	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21460	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2146c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x214d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21554	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x215b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x215f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21770	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x218b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x218dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21a9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21af4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21bbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21bec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21c90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21cd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21ce0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21d90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21ebc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21f70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21fd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22000	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22218	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x222f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22360	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2240c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22828	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22cc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22e04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22e58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22ef8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22efc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x22f40	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23160	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x232b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x232cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2332c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23398	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23470	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x235b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23afc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23b14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23bd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x23c14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x24328	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x24370	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8164	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32008	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x81bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32004	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x320e4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x8200	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x320e8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x822c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8530	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x883c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8c08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8e64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x944c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9584	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x95d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9688	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x978c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x98b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x99d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9ab0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9b8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9ccc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x25eb9	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x9f90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa06c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa3b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa860	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xab94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xacf0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb318	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb9ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbaec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc35c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc678	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xce58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd3b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd65c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd694	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd8dc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdc80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf354	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf498	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf61c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf71c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf7b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfad4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc78	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10138	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10d90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10e7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10ed0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10f58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11068	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x113ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11490	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11f94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x26	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x2c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x4c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x53	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x12300	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x123ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12430	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1252c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x125d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x126a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x126e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12728	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12798	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x127e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12860	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x128a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1291c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12994	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x129c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x326fc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x27e54	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x129e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12d0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12da0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12efc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1310c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13240	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13508	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13960	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13a04	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32708	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x32704	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x14494	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x281c8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x14748	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14794	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14ce0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327ec	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x281d0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x15434	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x157e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15a94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15e94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fb0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x28254	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x16024	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x160a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1610c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x161b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16e4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17198	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32010	0	NOTYPE	<unknown>	DEFAULT	12
$d	.symtab	0x28dc0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17494	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x175f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1787c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x28e0c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17930	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17c3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f0c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17fd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18014	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18058	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x180cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18114	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18158	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18198	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1824c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x182bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18308	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18390	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x183d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1841c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18db0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x327f0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x19174	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19618	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1966c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32808	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1983c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x198f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x199b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19a58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32820	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x328b8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x19b00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19bd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19cc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19db4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x28e4c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x19fe0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a094	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x328cc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1a158	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a288	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a8a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a91c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ad34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ae50	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1afd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b10c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b238	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b250	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b2e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b370	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b55c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b610	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b670	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b6c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ba70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x328e4	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1bbf8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c118	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c1d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c254	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c284	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c304	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c37c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c3e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c424	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c464	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c4e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c538	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c578	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c5b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c614	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c658	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c6c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c750	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c788	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x328f0	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x28ee8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x328f8	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x291e8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1c880	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c964	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ca24	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cad8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x294e8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1cbb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cf68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d0a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d1b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d3d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1dda8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x29518	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1e030	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e5b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e6bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e7ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e898	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ea7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eb20	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ebe8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ed64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ee88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eefc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f034	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f0a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f0f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32900	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1f1a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f220	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f4b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f4fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f9e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32918	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1faec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x203b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x3291c	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x20448	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x204a0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x208bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x3291e	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x295c4	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x20984	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20dac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e00	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20e44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x20eb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2101c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21098	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21108	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21344	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x213a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x32920	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x21454	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x214cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21550	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x215b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x215f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x218b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21a98	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21bb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21c8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21d88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21ff8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22260	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2235c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23144	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23aec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x58	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	24
$d	.symtab	0x23c	0	NOTYPE	<unknown>	DEFAULT	22
$d	.symtab	0xe39	0	NOTYPE	<unknown>	DEFAULT	24
$t	.symtab	0x80f0	0	NOTYPE	<unknown>	DEFAULT	2
C.11.5548	.symtab	0x28ebc	12	OBJECT	<unknown>	DEFAULT	4
C.5.5083	.symtab	0x294e8	24	OBJECT	<unknown>	DEFAULT	4
C.7.5370	.symtab	0x28ec8	12	OBJECT	<unknown>	DEFAULT	4
C.7.6078	.symtab	0x28160	12	OBJECT	<unknown>	DEFAULT	4
C.7.6109	.symtab	0x281a0	12	OBJECT	<unknown>	DEFAULT	4
C.7.6182	.symtab	0x2817c	12	OBJECT	<unknown>	DEFAULT	4
C.72.5941	.symtab	0x25eb9	36	OBJECT	<unknown>	DEFAULT	4
C.8.6110	.symtab	0x28194	12	OBJECT	<unknown>	DEFAULT	4
C.9.6119	.symtab	0x28188	12	OBJECT	<unknown>	DEFAULT	4
C.90.6159	.symtab	0x26534	312	OBJECT	<unknown>	DEFAULT	4
C.96.6253	.symtab	0x266e0	12	OBJECT	<unknown>	DEFAULT	4
ClearHistory	.symtab	0xf6ec	60	FUNC	<unknown>	DEFAULT	2
HTTP	.symtab	0xaba8	336	FUNC	<unknown>	DEFAULT	2
Laligned	.symtab	0x15ba8	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x15bc4	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x32d5c	16384	OBJECT	<unknown>	DEFAULT	15
Send	.symtab	0x84cc	104	FUNC	<unknown>	DEFAULT	2
UserAgents	.symtab	0x32408	144	OBJECT	<unknown>	DEFAULT	14
_352	.symtab	0x10ed4	40	FUNC	<unknown>	DEFAULT	2
_376	.symtab	0x10df0	168	FUNC	<unknown>	DEFAULT	2
_433	.symtab	0x10efc	96	FUNC	<unknown>	DEFAULT	2
_Exit	.symtab	0x1c380	104	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x32028	0	OBJECT	<unknown>	HIDDEN	13
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_NICK	.symtab	0x10f5c	272	FUNC	<unknown>	DEFAULT	2
_PING	.symtab	0x10e98	60	FUNC	<unknown>	DEFAULT	2
_PRIVMSG	.symtab	0x10154	3228	FUNC	<unknown>	DEFAULT	2
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_Unwind_Complete	.symtab	0x22ef8	4	FUNC	<unknown>	HIDDEN	2
_Unwind_DeleteException	.symtab	0x22efc	44	FUNC	<unknown>	HIDDEN	2
_Unwind_ForcedUnwind	.symtab	0x23bac	36	FUNC	<unknown>	HIDDEN	2
_Unwind_GetCFA	.symtab	0x22ef0	8	FUNC	<unknown>	HIDDEN	2
_Unwind_GetDataRelBase	.symtab	0x22f34	12	FUNC	<unknown>	HIDDEN	2
_Unwind_GetLanguageSpecificData	.symtab	0x23bd0	68	FUNC	<unknown>	HIDDEN	2
_Unwind_GetRegionStart	.symtab	0x24370	52	FUNC	<unknown>	HIDDEN	2
_Unwind_GetTextRelBase	.symtab	0x22f28	12	FUNC	<unknown>	HIDDEN	2
_Unwind_RaiseException	.symtab	0x23b40	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume	.symtab	0x23b64	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume_or_Rethrow	.symtab	0x23b88	36	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Get	.symtab	0x22e58	76	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Pop	.symtab	0x23470	324	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Set	.symtab	0x22ea4	76	FUNC	<unknown>	HIDDEN	2
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x328f0	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x28ee8	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x328f8	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x291e8	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x326fc	4	OBJECT	<unknown>	DEFAULT	14
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x27e54	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x32000	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x32000	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x328f0	4	OBJECT	<unknown>	HIDDEN	14
__GI___C_ctype_tolower	.symtab	0x328f8	4	OBJECT	<unknown>	HIDDEN	14
__GI___C_ctype_toupper	.symtab	0x326fc	4	OBJECT	<unknown>	HIDDEN	14
__GI___close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI___close_nocancel	.symtab	0x1b254	24	FUNC	<unknown>	HIDDEN	2
__GI___ctype_b	.symtab	0x328f4	4	OBJECT	<unknown>	HIDDEN	14
__GI___ctype_tolower	.symtab	0x328fc	4	OBJECT	<unknown>	HIDDEN	14
__GI___ctype_toupper	.symtab	0x32700	4	OBJECT	<unknown>	HIDDEN	14
__GI___errno_location	.symtab	0x129cc	32	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x12270	152	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI___fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x15e9c	24	FUNC	<unknown>	HIDDEN	2
__GI___libc_close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x12308	244	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__GI___open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI___open_nocancel	.symtab	0x1b2e4	24	FUNC	<unknown>	HIDDEN	2
__GI___read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI___read_nocancel	.symtab	0x22264	24	FUNC	<unknown>	HIDDEN	2
__GI___register_atfork	.symtab	0x1ae58	392	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x1b5a8	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x1b678	88	FUNC	<unknown>	HIDDEN	2
__GI___write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__GI___write_nocancel	.symtab	0x1b374	24	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x15eb4	268	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x1c380	104	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x19674	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0x17f64	116	FUNC	<unknown>	HIDDEN	2
__GI_asprintf	.symtab	0x12f58	48	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x19dc0	32	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x17fd8	68	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x21408	88	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x123fc	56	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x1b270	100	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x1c78c	272	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x1cef4	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x1cf28	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x1cbcc	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x18060	116	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x1c3e8	64	FUNC	<unknown>	HIDDEN	2
__GI_endservent	.symtab	0x1ea84	188	FUNC	<unknown>	HIDDEN	2
__GI_execl	.symtab	0x1a0b4	172	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x1c428	64	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x19ff0	196	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x129ec	816	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x12308	244	FUNC	<unknown>	HIDDEN	2
__GI_fdopen	.symtab	0x1d0a4	60	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x15450	940	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x1ddc8	324	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x14e14	284	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x157fc	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x12d1c	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x1a990	972	FUNC	<unknown>	HIDDEN	2
__GI_fprintf	.symtab	0x12f28	48	FUNC	<unknown>	HIDDEN	2
__GI_fputc	.symtab	0x14f30	340	FUNC	<unknown>	HIDDEN	2
__GI_fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI_fputs	.symtab	0x15084	284	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x159a4	56	FUNC	<unknown>	HIDDEN	2
__GI_freeaddrinfo	.symtab	0x16e80	36	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x218b8	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x218dc	448	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x2146c	100	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x159dc	188	FUNC	<unknown>	HIDDEN	2
__GI_getaddrinfo	.symtab	0x16ea4	776	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	HIDDEN	2
__GI_getcwd	.symtab	0x12434	256	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x12534	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x1c468	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x1c47c	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x1c490	20	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyaddr_r	.symtab	0x17960	748	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x17c4c	724	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x20a80	836	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x214d0	132	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x12560	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x1afe0	72	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x1259c	56	FUNC	<unknown>	HIDDEN	2
__GI_getservbyname_r	.symtab	0x1ef08	328	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport	.symtab	0x1eea4	100	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport_r	.symtab	0x1ed90	276	FUNC	<unknown>	HIDDEN	2
__GI_getservent_r	.symtab	0x1ec0c	388	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x20dc4	68	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x1c4a4	64	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1c4e4	20	FUNC	<unknown>	HIDDEN	2
__GI_htonl	.symtab	0x161c4	32	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x161b4	16	FUNC	<unknown>	HIDDEN	2
__GI_if_freenameindex	.symtab	0x1f224	72	FUNC	<unknown>	HIDDEN	2
__GI_if_nameindex	.symtab	0x1f26c	592	FUNC	<unknown>	HIDDEN	2
__GI_if_nametoindex	.symtab	0x1f1ac	120	FUNC	<unknown>	HIDDEN	2
__GI_in6addr_loopback	.symtab	0x28e0c	16	OBJECT	<unknown>	HIDDEN	4
__GI_inet_addr	.symtab	0x17938	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x1f9fc	248	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x1791c	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x17890	140	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x175f4	668	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x1727c	552	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x19bdc	248	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x125d4	224	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x16114	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x126b4	56	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x1811c	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x222f0	112	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x1e4d0	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x15ab0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x21cd0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x1e5c0	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x1e5e4	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x15ac0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x1c1e0	124	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x1c4f8	68	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x1c53c	64	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x1c5bc	96	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x161f4	32	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x161e4	16	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x1b300	100	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x1c96c	196	FUNC	<unknown>	HIDDEN	2
__GI_perror	.symtab	0x12d3c	116	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x1c61c	64	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x1272c	116	FUNC	<unknown>	HIDDEN	2
__GI_putc	.symtab	0x14f30	340	FUNC	<unknown>	HIDDEN	2
__GI_putc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x1b028	240	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x197b4	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x19a74	144	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x21ce0	176	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x22280	100	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x1cae0	236	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x181a0	112	FUNC	<unknown>	HIDDEN	2
__GI_recvmsg	.symtab	0x20e4c	116	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x1c65c	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x127e4	132	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x18254	112	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x18310	136	FUNC	<unknown>	HIDDEN	2
__GI_setservent	.symtab	0x1eb40	204	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x12868	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x18398	72	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x19cd4	236	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x1c288	136	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x1c6c8	140	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x1b118	300	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x183e0	68	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x12f88	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x19b04	216	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x21554	100	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x15fc0	108	FUNC	<unknown>	HIDDEN	2
__GI_strcasestr	.symtab	0x1602c	132	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x1e6c4	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x1e7b4	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x15b60	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x15b60	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x15be0	36	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x1e8a0	68	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x160b0	52	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x15b80	96	FUNC	<unknown>	HIDDEN	2
__GI_strncmp	.symtab	0x15c04	272	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x15d14	188	FUNC	<unknown>	HIDDEN	2
__GI_strndup	.symtab	0x21d90	64	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x15dd0	204	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x1e9f8	64	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x1e8e4	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x1e934	76	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x160e4	48	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x1e980	120	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x19de0	28	FUNC	<unknown>	HIDDEN	2
__GI_strtoul	.symtab	0x19dfc	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x1a2ac	1572	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x16138	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x128a8	48	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x1299c	48	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x215b8	64	FUNC	<unknown>	HIDDEN	2
__GI_vasprintf	.symtab	0x12fbc	136	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x1a920	112	FUNC	<unknown>	HIDDEN	2
__GI_vfprintf	.symtab	0x13ba8	324	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x13044	208	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x1c754	56	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x12920	124	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x1cf70	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x1cfe8	188	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x1cfc4	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x1b390	100	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x3200c	0	OBJECT	<unknown>	DEFAULT	11
__JCR_LIST__	.symtab	0x3200c	0	OBJECT	<unknown>	DEFAULT	11
___Unwind_ForcedUnwind	.symtab	0x23bac	36	FUNC	<unknown>	HIDDEN	2
___Unwind_RaiseException	.symtab	0x23b40	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume	.symtab	0x23b64	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume_or_Rethrow	.symtab	0x23b88	36	FUNC	<unknown>	HIDDEN	2
__adddf3	.symtab	0x22418	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x22d74	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x22d74	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x22d58	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x22e04	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x22418	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x22d8c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x22dd4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x22dec	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x22dbc	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x22da4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x22ab8	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x22828	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x2240c	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x22414	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x22774	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x2274c	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x12118	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x12244	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x227c8	96	FUNC	<unknown>	HIDDEN	2
__aeabi_read_tp	.symtab	0x1c330	8	FUNC	<unknown>	DEFAULT	2
__aeabi_ui2d	.symtab	0x22728	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x12004	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x12100	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x227b4	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x23b0c	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr1	.symtab	0x23b04	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr2	.symtab	0x23afc	8	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x39314	4	OBJECT	<unknown>	HIDDEN	15
__atexit_lock	.symtab	0x328cc	24	OBJECT	<unknown>	DEFAULT	14
__bss_end__	.symtab	0x3af18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x32924	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x32924	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x1b624	84	FUNC	<unknown>	DEFAULT	2
__close	.symtab	0x1b270	100	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x20904	152	FUNC	<unknown>	HIDDEN	2
__close_nocancel	.symtab	0x1b254	24	FUNC	<unknown>	DEFAULT	2
__cmpdf2	.symtab	0x22cd4	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x328f4	4	OBJECT	<unknown>	DEFAULT	14
__ctype_tolower	.symtab	0x328fc	4	OBJECT	<unknown>	DEFAULT	14
__ctype_toupper	.symtab	0x32700	4	OBJECT	<unknown>	DEFAULT	14
__curbrk	.symtab	0x398c4	4	OBJECT	<unknown>	HIDDEN	15
__cxa_begin_cleanup	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_call_unexpected	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_type_match	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__data_start	.symtab	0x320e0	0	NOTYPE	<unknown>	DEFAULT	14
__decode_dotted	.symtab	0x1faf4	248	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x21ebc	180	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x1c328	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x1c31c	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x1225c	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x22ab8	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x12118	300	FUNC	<unknown>	HIDDEN	2
__dns_lookup	.symtab	0x1fbec	2064	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x812c	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x32008	0	OBJECT	<unknown>	DEFAULT	10
__dso_handle	.symtab	0x320e0	0	OBJECT	<unknown>	HIDDEN	14
__encode_dotted	.symtab	0x22360	172	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x21dd0	236	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x21f70	96	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x3af18	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x3930c	4	OBJECT	<unknown>	DEFAULT	15
__eqdf2	.symtab	0x22cd4	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x129cc	32	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x1a98c	0	NOTYPE	<unknown>	DEFAULT	2
__exidx_end	.symtab	0x2972c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x2960c	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x38dbc	4	OBJECT	<unknown>	HIDDEN	15
__extendsfdf2	.symtab	0x22774	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x12270	152	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x1df0c	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x3200c	0	NOTYPE	<unknown>	HIDDEN	10
__fini_array_start	.symtab	0x32008	0	NOTYPE	<unknown>	HIDDEN	10
__fixunsdfsi	.symtab	0x22e04	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x227c8	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x2274c	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x227b4	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x22728	36	FUNC	<unknown>	HIDDEN	2
__fork	.symtab	0x1a990	972	FUNC	<unknown>	DEFAULT	2
__fork_generation_pointer	.symtab	0x3aed0	4	OBJECT	<unknown>	HIDDEN	15
__fork_handlers	.symtab	0x3aed4	4	OBJECT	<unknown>	HIDDEN	15
__fork_lock	.symtab	0x38dc0	4	OBJECT	<unknown>	HIDDEN	15
__fputc_unlocked	.symtab	0x1589c	264	FUNC	<unknown>	DEFAULT	2
__frame_dummy_init_array_entry	.symtab	0x32004	0	OBJECT	<unknown>	DEFAULT	9
__gedf2	.symtab	0x22cc4	148	FUNC	<unknown>	HIDDEN	2
__get_hosts_byaddr_r	.symtab	0x2099c	152	FUNC	<unknown>	HIDDEN	2
__get_hosts_byname_r	.symtab	0x20a34	76	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x21770	328	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x12560	40	FUNC	<unknown>	DEFAULT	2
__getpid	.symtab	0x1afe0	72	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x15e9c	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gnu_Unwind_Find_exidx	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__gnu_Unwind_ForcedUnwind	.symtab	0x232b0	28	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_RaiseException	.symtab	0x23398	184	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Restore_VFP	.symtab	0x23b30	0	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume	.symtab	0x2332c	108	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume_or_Rethrow	.symtab	0x23450	32	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Save_VFP	.symtab	0x23b38	0	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_execute	.symtab	0x23c14	1812	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_frame	.symtab	0x24328	72	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_pr_common	.symtab	0x235b4	1352	FUNC	<unknown>	DEFAULT	2
__gtdf2	.symtab	0x22cc4	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x32008	0	NOTYPE	<unknown>	HIDDEN	9
__init_array_start	.symtab	0x32004	0	NOTYPE	<unknown>	HIDDEN	9
__initbuf	.symtab	0x1ea38	76	FUNC	<unknown>	DEFAULT	2
__ledf2	.symtab	0x22ccc	140	FUNC	<unknown>	HIDDEN	2
__libc_accept	.symtab	0x17f64	116	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x1b270	100	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x18060	116	FUNC	<unknown>	DEFAULT	2
__libc_disable_asynccancel	.symtab	0x1b400	136	FUNC	<unknown>	HIDDEN	2
__libc_enable_asynccancel	.symtab	0x1b488	220	FUNC	<unknown>	HIDDEN	2
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	8
__libc_fcntl	.symtab	0x12308	244	FUNC	<unknown>	DEFAULT	2

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 08:28:58.329885006 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:58.335400105 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:58.335479975 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.133441925 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.133527994 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.367528915 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.367741108 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.368336916 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.373632908 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.649451971 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.649507046 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.805022955 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.805078030 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.807066917 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.812546015 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.812586069 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.817944050 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:28:59.817991972 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:28:59.823302031 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:00.088116884 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:00.088195086 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:29:00.243987083 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:00.244055986 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:29:14.496612072 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:14.496659040 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:29:24.760257006 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:24.760418892 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:29:26.112242937 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:26.112298012 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:29:29.681232929 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:29:29.681343079 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:30:33.730052948 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:30:33.730431080 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:30:33.730446100 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:30:33.730494022 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:30:33.730508089 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:30:33.730514050 CEST	57852	5060	192.168.2.13	194.110.247.46
Oct 25, 2024 08:30:33.730747938 CEST	5060	57852	194.110.247.46	192.168.2.13
Oct 25, 2024 08:30:33.733357906 CEST	57852	5060	192.168.2.13	194.110.247.46

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 08:29:00.434099913 CEST	55593	53	192.168.2.13	8.8.8.8
Oct 25, 2024 08:29:00.434099913 CEST	48026	53	192.168.2.13	8.8.8.8
Oct 25, 2024 08:29:00.441653967 CEST	53	55593	8.8.8.8	192.168.2.13
Oct 25, 2024 08:29:00.441679001 CEST	53	48026	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 08:29:00.434099913 CEST	192.168.2.13	8.8.8.8	0x891d	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 25, 2024 08:29:00.434099913 CEST	192.168.2.13	8.8.8.8	0xee7	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 08:29:00.441653967 CEST	8.8.8.8	192.168.2.13	0x891d	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Oct 25, 2024 08:29:00.441653967 CEST	8.8.8.8	192.168.2.13	0x891d	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false

IRC Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 25, 2024 08:28:59.368336916 CEST	57852	5060	192.168.2.13	194.110.247.46	NICK [OSX\|ARM4T]0qsITxh USER 0qsITxh localhost localhost :0qsITxh
Oct 25, 2024 08:28:59.812586069 CEST	57852	5060	192.168.2.13	194.110.247.46	JOIN #osx# :osx

System Behavior

Analysis Process: yakuza.arm7.elf PID: 5428, Parent PID: 5353

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	/tmp/yakuza.arm7.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5430, Parent PID: 5428

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5432, Parent PID: 5430

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5433, Parent PID: 5430

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5462, Parent PID: 5433

General

Start time (UTC):	06:28:58
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5435, Parent PID: 5430

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5435, Parent PID: 5430

General

Start time (UTC):	06:28:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5438, Parent PID: 5435

General

Start time (UTC):	06:28:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5438, Parent PID: 5435

General

Start time (UTC):	06:28:57
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 902i13
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5472, Parent PID: 5435

General

Start time (UTC):	06:29:01
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5472, Parent PID: 5435

General

Start time (UTC):	06:29:01
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 902i13
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5477, Parent PID: 5430

General

Start time (UTC):	06:29:02
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5477, Parent PID: 5430

General

Start time (UTC):	06:29:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5481, Parent PID: 5477

General

Start time (UTC):	06:29:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5481, Parent PID: 5477

General

Start time (UTC):	06:29:02
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 BzSxLxBxeY
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5486, Parent PID: 5477

General

Start time (UTC):	06:29:04
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5486, Parent PID: 5477

General

Start time (UTC):	06:29:04
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 BzSxLxBxeY
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5487, Parent PID: 5430

General

Start time (UTC):	06:29:05
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5487, Parent PID: 5430

General

Start time (UTC):	06:29:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5492, Parent PID: 5487

General

Start time (UTC):	06:29:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5492, Parent PID: 5487

General

Start time (UTC):	06:29:05
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-LUGO7
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5493, Parent PID: 5487

General

Start time (UTC):	06:29:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5493, Parent PID: 5487

General

Start time (UTC):	06:29:07
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-LUGO7
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5494, Parent PID: 5430

General

Start time (UTC):	06:29:08
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5494, Parent PID: 5430

General

Start time (UTC):	06:29:08
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5500, Parent PID: 5494

General

Start time (UTC):	06:29:08
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5500, Parent PID: 5494

General

Start time (UTC):	06:29:08
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5501, Parent PID: 5494

General

Start time (UTC):	06:29:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5501, Parent PID: 5494

General

Start time (UTC):	06:29:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5502, Parent PID: 5430

General

Start time (UTC):	06:29:10
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5502, Parent PID: 5430

General

Start time (UTC):	06:29:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5504, Parent PID: 5502

General

Start time (UTC):	06:29:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5504, Parent PID: 5502

General

Start time (UTC):	06:29:10
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 JuYfouyf87
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5505, Parent PID: 5502

General

Start time (UTC):	06:29:12
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5505, Parent PID: 5502

General

Start time (UTC):	06:29:12
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 JuYfouyf87
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5506, Parent PID: 5430

General

Start time (UTC):	06:29:13
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5506, Parent PID: 5430

General

Start time (UTC):	06:29:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5509, Parent PID: 5506

General

Start time (UTC):	06:29:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5509, Parent PID: 5506

General

Start time (UTC):	06:29:13
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5510, Parent PID: 5506

General

Start time (UTC):	06:29:14
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5510, Parent PID: 5506

General

Start time (UTC):	06:29:14
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5511, Parent PID: 5430

General

Start time (UTC):	06:29:15
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5511, Parent PID: 5430

General

Start time (UTC):	06:29:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5513, Parent PID: 5511

General

Start time (UTC):	06:29:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5513, Parent PID: 5511

General

Start time (UTC):	06:29:15
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SO190Ij1X
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5537, Parent PID: 5511

General

Start time (UTC):	06:29:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5537, Parent PID: 5511

General

Start time (UTC):	06:29:16
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SO190Ij1X
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5538, Parent PID: 5430

General

Start time (UTC):	06:29:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5538, Parent PID: 5430

General

Start time (UTC):	06:29:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5540, Parent PID: 5538

General

Start time (UTC):	06:29:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5540, Parent PID: 5538

General

Start time (UTC):	06:29:17
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 LOLKIKEEEDDE
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5543, Parent PID: 5538

General

Start time (UTC):	06:29:19
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5543, Parent PID: 5538

General

Start time (UTC):	06:29:19
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 LOLKIKEEEDDE
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5544, Parent PID: 5430

General

Start time (UTC):	06:29:20
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5544, Parent PID: 5430

General

Start time (UTC):	06:29:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5546, Parent PID: 5544

General

Start time (UTC):	06:29:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5546, Parent PID: 5544

General

Start time (UTC):	06:29:20
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ekjheory98e
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5547, Parent PID: 5544

General

Start time (UTC):	06:29:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5547, Parent PID: 5544

General

Start time (UTC):	06:29:21
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ekjheory98e
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5548, Parent PID: 5430

General

Start time (UTC):	06:29:22
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5548, Parent PID: 5430

General

Start time (UTC):	06:29:22
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5554, Parent PID: 5548

General

Start time (UTC):	06:29:22
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5554, Parent PID: 5548

General

Start time (UTC):	06:29:22
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scansh4
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5557, Parent PID: 5548

General

Start time (UTC):	06:29:23
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5557, Parent PID: 5548

General

Start time (UTC):	06:29:23
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scansh4
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5558, Parent PID: 5430

General

Start time (UTC):	06:29:24
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5558, Parent PID: 5430

General

Start time (UTC):	06:29:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5560, Parent PID: 5558

General

Start time (UTC):	06:29:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5560, Parent PID: 5558

General

Start time (UTC):	06:29:24
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MDMA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5561, Parent PID: 5558

General

Start time (UTC):	06:29:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5561, Parent PID: 5558

General

Start time (UTC):	06:29:26
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MDMA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5562, Parent PID: 5430

General

Start time (UTC):	06:29:27
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5562, Parent PID: 5430

General

Start time (UTC):	06:29:27
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5564, Parent PID: 5562

General

Start time (UTC):	06:29:27
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5564, Parent PID: 5562

General

Start time (UTC):	06:29:27
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 fdevalvex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5567, Parent PID: 5562

General

Start time (UTC):	06:29:28
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5567, Parent PID: 5562

General

Start time (UTC):	06:29:28
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 fdevalvex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5568, Parent PID: 5430

General

Start time (UTC):	06:29:29
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5568, Parent PID: 5430

General

Start time (UTC):	06:29:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5570, Parent PID: 5568

General

Start time (UTC):	06:29:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5570, Parent PID: 5568

General

Start time (UTC):	06:29:29
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanspc
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5571, Parent PID: 5568

General

Start time (UTC):	06:29:31
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5571, Parent PID: 5568

General

Start time (UTC):	06:29:31
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanspc
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5572, Parent PID: 5430

General

Start time (UTC):	06:29:32
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5572, Parent PID: 5430

General

Start time (UTC):	06:29:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5574, Parent PID: 5572

General

Start time (UTC):	06:29:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5574, Parent PID: 5572

General

Start time (UTC):	06:29:32
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MELTEDNINJAREALZ
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5577, Parent PID: 5572

General

Start time (UTC):	06:29:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5577, Parent PID: 5572

General

Start time (UTC):	06:29:34
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MELTEDNINJAREALZ
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5578, Parent PID: 5430

General

Start time (UTC):	06:29:35
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5578, Parent PID: 5430

General

Start time (UTC):	06:29:35
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5580, Parent PID: 5578

General

Start time (UTC):	06:29:35
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5580, Parent PID: 5578

General

Start time (UTC):	06:29:35
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 flexsonskids
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5581, Parent PID: 5578

General

Start time (UTC):	06:29:36
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5581, Parent PID: 5578

General

Start time (UTC):	06:29:36
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 flexsonskids
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5582, Parent PID: 5430

General

Start time (UTC):	06:29:37
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5582, Parent PID: 5430

General

Start time (UTC):	06:29:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5584, Parent PID: 5582

General

Start time (UTC):	06:29:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5584, Parent PID: 5582

General

Start time (UTC):	06:29:37
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanx86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5587, Parent PID: 5582

General

Start time (UTC):	06:29:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5587, Parent PID: 5582

General

Start time (UTC):	06:29:39
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanx86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5588, Parent PID: 5430

General

Start time (UTC):	06:29:40
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5588, Parent PID: 5430

General

Start time (UTC):	06:29:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5590, Parent PID: 5588

General

Start time (UTC):	06:29:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5590, Parent PID: 5588

General

Start time (UTC):	06:29:40
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MISAKI-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5591, Parent PID: 5588

General

Start time (UTC):	06:29:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5591, Parent PID: 5588

General

Start time (UTC):	06:29:41
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MISAKI-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5592, Parent PID: 5430

General

Start time (UTC):	06:29:42
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5592, Parent PID: 5430

General

Start time (UTC):	06:29:42
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5598, Parent PID: 5592

General

Start time (UTC):	06:29:42
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5598, Parent PID: 5592

General

Start time (UTC):	06:29:42
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 foAxi102kxe
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5601, Parent PID: 5592

General

Start time (UTC):	06:29:43
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5601, Parent PID: 5592

General

Start time (UTC):	06:29:43
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 foAxi102kxe
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5602, Parent PID: 5430

General

Start time (UTC):	06:29:44
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5602, Parent PID: 5430

General

Start time (UTC):	06:29:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5607, Parent PID: 5602

General

Start time (UTC):	06:29:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5607, Parent PID: 5602

General

Start time (UTC):	06:29:44
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 swodjwodjwoj
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5609, Parent PID: 5602

General

Start time (UTC):	06:29:45
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5609, Parent PID: 5602

General

Start time (UTC):	06:29:45
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 swodjwodjwoj
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5612, Parent PID: 5430

General

Start time (UTC):	06:29:46
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5612, Parent PID: 5430

General

Start time (UTC):	06:29:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5614, Parent PID: 5612

General

Start time (UTC):	06:29:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5614, Parent PID: 5612

General

Start time (UTC):	06:29:46
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MmKiy7f87l
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5617, Parent PID: 5612

General

Start time (UTC):	06:29:48
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5617, Parent PID: 5612

General

Start time (UTC):	06:29:48
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MmKiy7f87l
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5618, Parent PID: 5430

General

Start time (UTC):	06:29:49
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5618, Parent PID: 5430

General

Start time (UTC):	06:29:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5624, Parent PID: 5618

General

Start time (UTC):	06:29:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5624, Parent PID: 5618

General

Start time (UTC):	06:29:49
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 freecookiex86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5625, Parent PID: 5618

General

Start time (UTC):	06:29:50
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5625, Parent PID: 5618

General

Start time (UTC):	06:29:50
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 freecookiex86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5626, Parent PID: 5430

General

Start time (UTC):	06:29:51
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5626, Parent PID: 5430

General

Start time (UTC):	06:29:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5631, Parent PID: 5626

General

Start time (UTC):	06:29:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5631, Parent PID: 5626

General

Start time (UTC):	06:29:51
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysgpu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5634, Parent PID: 5626

General

Start time (UTC):	06:29:53
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5634, Parent PID: 5626

General

Start time (UTC):	06:29:53
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysgpu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5635, Parent PID: 5430

General

Start time (UTC):	06:29:54
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5635, Parent PID: 5430

General

Start time (UTC):	06:29:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5637, Parent PID: 5635

General

Start time (UTC):	06:29:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5637, Parent PID: 5635

General

Start time (UTC):	06:29:54
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5638, Parent PID: 5635

General

Start time (UTC):	06:29:55
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5638, Parent PID: 5635

General

Start time (UTC):	06:29:55
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5639, Parent PID: 5430

General

Start time (UTC):	06:29:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5639, Parent PID: 5430

General

Start time (UTC):	06:29:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5644, Parent PID: 5639

General

Start time (UTC):	06:29:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5644, Parent PID: 5639

General

Start time (UTC):	06:29:56
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgege
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5645, Parent PID: 5639

General

Start time (UTC):	06:29:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5645, Parent PID: 5639

General

Start time (UTC):	06:29:57
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgege
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5648, Parent PID: 5430

General

Start time (UTC):	06:29:58
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5648, Parent PID: 5430

General

Start time (UTC):	06:29:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5653, Parent PID: 5648

General

Start time (UTC):	06:29:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5653, Parent PID: 5648

General

Start time (UTC):	06:29:58
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysupdater
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5654, Parent PID: 5648

General

Start time (UTC):	06:29:59
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5654, Parent PID: 5648

General

Start time (UTC):	06:29:59
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysupdater
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5655, Parent PID: 5430

General

Start time (UTC):	06:30:00
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5655, Parent PID: 5430

General

Start time (UTC):	06:30:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5660, Parent PID: 5655

General

Start time (UTC):	06:30:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5660, Parent PID: 5655

General

Start time (UTC):	06:30:00
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0DnAzepd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5661, Parent PID: 5655

General

Start time (UTC):	06:30:01
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5661, Parent PID: 5655

General

Start time (UTC):	06:30:01
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0DnAzepd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5662, Parent PID: 5430

General

Start time (UTC):	06:30:02
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5662, Parent PID: 5430

General

Start time (UTC):	06:30:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5668, Parent PID: 5662

General

Start time (UTC):	06:30:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5668, Parent PID: 5662

General

Start time (UTC):	06:30:02
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRD0nks69
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5671, Parent PID: 5662

General

Start time (UTC):	06:30:04
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5671, Parent PID: 5662

General

Start time (UTC):	06:30:04
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRD0nks69
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5672, Parent PID: 5430

General

Start time (UTC):	06:30:05
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5672, Parent PID: 5430

General

Start time (UTC):	06:30:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5674, Parent PID: 5672

General

Start time (UTC):	06:30:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5674, Parent PID: 5672

General

Start time (UTC):	06:30:05
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgreu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5675, Parent PID: 5672

General

Start time (UTC):	06:30:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5675, Parent PID: 5672

General

Start time (UTC):	06:30:07
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgreu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5678, Parent PID: 5430

General

Start time (UTC):	06:30:08
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5678, Parent PID: 5430

General

Start time (UTC):	06:30:08
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5680, Parent PID: 5678

General

Start time (UTC):	06:30:08
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5680, Parent PID: 5678

General

Start time (UTC):	06:30:08
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 telnetd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5681, Parent PID: 5678

General

Start time (UTC):	06:30:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5681, Parent PID: 5678

General

Start time (UTC):	06:30:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 telnetd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5682, Parent PID: 5430

General

Start time (UTC):	06:30:10
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5682, Parent PID: 5430

General

Start time (UTC):	06:30:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5687, Parent PID: 5682

General

Start time (UTC):	06:30:11
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5687, Parent PID: 5682

General

Start time (UTC):	06:30:11
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0x766f6964
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5688, Parent PID: 5682

General

Start time (UTC):	06:30:12
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5688, Parent PID: 5682

General

Start time (UTC):	06:30:12
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0x766f6964
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5691, Parent PID: 5430

General

Start time (UTC):	06:30:13
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5691, Parent PID: 5430

General

Start time (UTC):	06:30:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5696, Parent PID: 5691

General

Start time (UTC):	06:30:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5696, Parent PID: 5691

General

Start time (UTC):	06:30:13
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRd0nks1337
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5697, Parent PID: 5691

General

Start time (UTC):	06:30:14
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5697, Parent PID: 5691

General

Start time (UTC):	06:30:14
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRd0nks1337
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5698, Parent PID: 5430

General

Start time (UTC):	06:30:15
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5698, Parent PID: 5430

General

Start time (UTC):	06:30:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5703, Parent PID: 5698

General

Start time (UTC):	06:30:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5703, Parent PID: 5698

General

Start time (UTC):	06:30:15
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 gaft
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5705, Parent PID: 5698

General

Start time (UTC):	06:30:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5705, Parent PID: 5698

General

Start time (UTC):	06:30:16
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 gaft
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5706, Parent PID: 5430

General

Start time (UTC):	06:30:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5706, Parent PID: 5430

General

Start time (UTC):	06:30:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5708, Parent PID: 5706

General

Start time (UTC):	06:30:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5708, Parent PID: 5706

General

Start time (UTC):	06:30:17
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 urasgbsigboa
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5711, Parent PID: 5706

General

Start time (UTC):	06:30:19
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5711, Parent PID: 5706

General

Start time (UTC):	06:30:19
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 urasgbsigboa
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5712, Parent PID: 5430

General

Start time (UTC):	06:30:20
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5712, Parent PID: 5430

General

Start time (UTC):	06:30:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5714, Parent PID: 5712

General

Start time (UTC):	06:30:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5714, Parent PID: 5712

General

Start time (UTC):	06:30:20
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 120i3UI49
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5715, Parent PID: 5712

General

Start time (UTC):	06:30:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5715, Parent PID: 5712

General

Start time (UTC):	06:30:21
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 120i3UI49
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5716, Parent PID: 5430

General

Start time (UTC):	06:30:22
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5716, Parent PID: 5430

General

Start time (UTC):	06:30:22
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5720, Parent PID: 5716

General

Start time (UTC):	06:30:22
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5720, Parent PID: 5716

General

Start time (UTC):	06:30:22
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OaF3
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5723, Parent PID: 5716

General

Start time (UTC):	06:30:23
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5723, Parent PID: 5716

General

Start time (UTC):	06:30:23
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OaF3
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5726, Parent PID: 5430

General

Start time (UTC):	06:30:24
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5726, Parent PID: 5430

General

Start time (UTC):	06:30:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5731, Parent PID: 5726

General

Start time (UTC):	06:30:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5731, Parent PID: 5726

General

Start time (UTC):	06:30:24
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 geae
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5732, Parent PID: 5726

General

Start time (UTC):	06:30:25
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5732, Parent PID: 5726

General

Start time (UTC):	06:30:25
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 geae
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5733, Parent PID: 5430

General

Start time (UTC):	06:30:26
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5733, Parent PID: 5430

General

Start time (UTC):	06:30:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5735, Parent PID: 5733

General

Start time (UTC):	06:30:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5735, Parent PID: 5733

General

Start time (UTC):	06:30:26
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 vaiolmao
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5736, Parent PID: 5733

General

Start time (UTC):	06:30:27
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5736, Parent PID: 5733

General

Start time (UTC):	06:30:27
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 vaiolmao
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5739, Parent PID: 5430

General

Start time (UTC):	06:30:28
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5739, Parent PID: 5430

General

Start time (UTC):	06:30:28
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5744, Parent PID: 5739

General

Start time (UTC):	06:30:28
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5744, Parent PID: 5739

General

Start time (UTC):	06:30:28
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 123123a
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5745, Parent PID: 5739

General

Start time (UTC):	06:30:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5745, Parent PID: 5739

General

Start time (UTC):	06:30:29
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 123123a
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5746, Parent PID: 5430

General

Start time (UTC):	06:30:30
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5746, Parent PID: 5430

General

Start time (UTC):	06:30:30
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5751, Parent PID: 5746

General

Start time (UTC):	06:30:30
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5751, Parent PID: 5746

General

Start time (UTC):	06:30:30
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 Ofurain0n4H34D
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5752, Parent PID: 5746

General

Start time (UTC):	06:30:31
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5752, Parent PID: 5746

General

Start time (UTC):	06:30:31
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 Ofurain0n4H34D
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5753, Parent PID: 5430

General

Start time (UTC):	06:30:32
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5753, Parent PID: 5430

General

Start time (UTC):	06:30:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5759, Parent PID: 5753

General

Start time (UTC):	06:30:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5759, Parent PID: 5753

General

Start time (UTC):	06:30:32
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggTrex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5762, Parent PID: 5753

General

Start time (UTC):	06:30:33
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5762, Parent PID: 5753

General

Start time (UTC):	06:30:33
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggTrex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5763, Parent PID: 5430

General

Start time (UTC):	06:30:34
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5763, Parent PID: 5430

General

Start time (UTC):	06:30:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5765, Parent PID: 5763

General

Start time (UTC):	06:30:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5765, Parent PID: 5763

General

Start time (UTC):	06:30:34
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wasads
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5766, Parent PID: 5763

General

Start time (UTC):	06:30:36
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5766, Parent PID: 5763

General

Start time (UTC):	06:30:36
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wasads
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5767, Parent PID: 5430

General

Start time (UTC):	06:30:37
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5767, Parent PID: 5430

General

Start time (UTC):	06:30:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5769, Parent PID: 5767

General

Start time (UTC):	06:30:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5769, Parent PID: 5767

General

Start time (UTC):	06:30:37
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1293194hjXD
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5772, Parent PID: 5767

General

Start time (UTC):	06:30:38
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5772, Parent PID: 5767

General

Start time (UTC):	06:30:38
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1293194hjXD
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5773, Parent PID: 5430

General

Start time (UTC):	06:30:39
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5773, Parent PID: 5430

General

Start time (UTC):	06:30:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5775, Parent PID: 5773

General

Start time (UTC):	06:30:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5775, Parent PID: 5773

General

Start time (UTC):	06:30:39
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OthLaLosn
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5776, Parent PID: 5773

General

Start time (UTC):	06:30:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5776, Parent PID: 5773

General

Start time (UTC):	06:30:40
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OthLaLosn
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5777, Parent PID: 5430

General

Start time (UTC):	06:30:41
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5777, Parent PID: 5430

General

Start time (UTC):	06:30:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5779, Parent PID: 5777

General

Start time (UTC):	06:30:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5779, Parent PID: 5777

General

Start time (UTC):	06:30:41
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggt
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5782, Parent PID: 5777

General

Start time (UTC):	06:30:43
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5782, Parent PID: 5777

General

Start time (UTC):	06:30:43
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggt
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5783, Parent PID: 5430

General

Start time (UTC):	06:30:44
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5783, Parent PID: 5430

General

Start time (UTC):	06:30:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5787, Parent PID: 5783

General

Start time (UTC):	06:30:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5787, Parent PID: 5783

General

Start time (UTC):	06:30:44
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wget-log
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5789, Parent PID: 5783

General

Start time (UTC):	06:30:45
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5789, Parent PID: 5783

General

Start time (UTC):	06:30:45
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wget-log
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5793, Parent PID: 5430

General

Start time (UTC):	06:30:46
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5793, Parent PID: 5430

General

Start time (UTC):	06:30:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5799, Parent PID: 5793

General

Start time (UTC):	06:30:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5799, Parent PID: 5793

General

Start time (UTC):	06:30:46
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1337SoraLOADER
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5800, Parent PID: 5793

General

Start time (UTC):	06:30:47
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5800, Parent PID: 5793

General

Start time (UTC):	06:30:47
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1337SoraLOADER
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5803, Parent PID: 5430

General

Start time (UTC):	06:30:48
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5803, Parent PID: 5430

General

Start time (UTC):	06:30:48
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5807, Parent PID: 5803

General

Start time (UTC):	06:30:48
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5807, Parent PID: 5803

General

Start time (UTC):	06:30:48
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SAIAKINA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5809, Parent PID: 5803

General

Start time (UTC):	06:30:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5809, Parent PID: 5803

General

Start time (UTC):	06:30:49
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SAIAKINA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5810, Parent PID: 5430

General

Start time (UTC):	06:30:50
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5810, Parent PID: 5430

General

Start time (UTC):	06:30:50
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5815, Parent PID: 5810

General

Start time (UTC):	06:30:50
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5815, Parent PID: 5810

General

Start time (UTC):	06:30:50
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggtq
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5816, Parent PID: 5810

General

Start time (UTC):	06:30:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5816, Parent PID: 5810

General

Start time (UTC):	06:30:51
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggtq
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5817, Parent PID: 5430

General

Start time (UTC):	06:30:52
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5817, Parent PID: 5430

General

Start time (UTC):	06:30:52
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5822, Parent PID: 5817

General

Start time (UTC):	06:30:52
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5822, Parent PID: 5817

General

Start time (UTC):	06:30:52
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1378bfp919GRB1Q2
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5825, Parent PID: 5817

General

Start time (UTC):	06:30:53
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5825, Parent PID: 5817

General

Start time (UTC):	06:30:53
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1378bfp919GRB1Q2
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5826, Parent PID: 5430

General

Start time (UTC):	06:30:54
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5826, Parent PID: 5430

General

Start time (UTC):	06:30:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SAIAKUSO \|\| busybox pkill -9 SAIAKUSO"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5831, Parent PID: 5826

General

Start time (UTC):	06:30:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5831, Parent PID: 5826

General

Start time (UTC):	06:30:54
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SAIAKUSO
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5832, Parent PID: 5826

General

Start time (UTC):	06:30:55
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5832, Parent PID: 5826

General

Start time (UTC):	06:30:55
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SAIAKUSO
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5833, Parent PID: 5430

General

Start time (UTC):	06:30:56
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5833, Parent PID: 5430

General

Start time (UTC):	06:30:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 ggtr \|\| busybox pkill -9 ggtr"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5838, Parent PID: 5833

General

Start time (UTC):	06:30:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5838, Parent PID: 5833

General

Start time (UTC):	06:30:56
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggtr
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5839, Parent PID: 5833

General

Start time (UTC):	06:30:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5839, Parent PID: 5833

General

Start time (UTC):	06:30:57
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggtr
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5842, Parent PID: 5430

General

Start time (UTC):	06:30:58
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5842, Parent PID: 5430

General

Start time (UTC):	06:30:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 14Fa \|\| busybox pkill -9 14Fa"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5847, Parent PID: 5842

General

Start time (UTC):	06:30:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5847, Parent PID: 5842

General

Start time (UTC):	06:30:58
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 14Fa
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5848, Parent PID: 5842

General

Start time (UTC):	06:30:59
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5848, Parent PID: 5842

General

Start time (UTC):	06:30:59
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 14Fa
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm7.elf PID: 5849, Parent PID: 5430

General

Start time (UTC):	06:31:00
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5849, Parent PID: 5430

General

Start time (UTC):	06:31:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	/bin/sh -c "pkill -9 SEXSLAVE1337 \|\| busybox pkill -9 SEXSLAVE1337"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5854, Parent PID: 5849

General

Start time (UTC):	06:31:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5854, Parent PID: 5849

General

Start time (UTC):	06:31:00
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SEXSLAVE1337
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5855, Parent PID: 5849

General

Start time (UTC):	06:31:01
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5855, Parent PID: 5849

General

Start time (UTC):	06:31:01
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SEXSLAVE1337
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report yakuza.arm7.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

IRC Packets

System Behavior

Analysis Process: yakuza.arm7.elf PID: 5428, Parent PID: 5353

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5430, Parent PID: 5428

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5432, Parent PID: 5430

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5433, Parent PID: 5430

General

Chronological Activities

Analysis Process: yakuza.arm7.elf PID: 5462, Parent PID: 5433

General

Chronological Activities

Linux Analysis Report
yakuza.arm7.elf