Edit tour

Linux Analysis Report
yakuza.arm6.elf

Overview

General Information

Sample name:	yakuza.arm6.elf
Analysis ID:	1541842
MD5:	1d2b85b413a040d04ef9d3b26a75a809
SHA1:	6d7a21f7722159916a1d89b7882337c34baf7dfc
SHA256:	b699cd64b9895cdcc325d7dd96c9eca623d3ec0247d20f39323547132c8fa63b
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Uses IRC for communication with a C&C

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings that are user agent strings indicative of HTTP manipulation

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541842
Start date and time:	2024-10-25 08:32:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	yakuza.arm6.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@2/0

Warnings

Report size exceeded maximum capacity and may have missing behavior information.
VT rate limit hit for: yakuza.arm6.elf

Runtime Messages

Command:	/tmp/yakuza.arm6.elf
PID:	5580
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	CAPSAICIN
Standard Error:

Process Tree

system is lnxubuntu20

yakuza.arm6.elf (PID: 5580, Parent: 5499, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/yakuza.arm6.elf

yakuza.arm6.elf New Fork (PID: 5582, Parent: 5580)

yakuza.arm6.elf New Fork (PID: 5588, Parent: 5582)

yakuza.arm6.elf New Fork (PID: 5590, Parent: 5582)

yakuza.arm6.elf New Fork (PID: 5620, Parent: 5590)

yakuza.arm6.elf New Fork (PID: 5591, Parent: 5582)

sh (PID: 5591, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 902i13 || busybox pkill -9 902i13"

sh New Fork (PID: 5598, Parent: 5591)

pkill (PID: 5598, Parent: 5591, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 902i13

sh New Fork (PID: 5627, Parent: 5591)

busybox (PID: 5627, Parent: 5591, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 902i13

yakuza.arm6.elf New Fork (PID: 5630, Parent: 5582)

sh (PID: 5630, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"

sh New Fork (PID: 5636, Parent: 5630)

pkill (PID: 5636, Parent: 5630, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 BzSxLxBxeY

sh New Fork (PID: 5637, Parent: 5630)

busybox (PID: 5637, Parent: 5630, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 BzSxLxBxeY

yakuza.arm6.elf New Fork (PID: 5640, Parent: 5582)

sh (PID: 5640, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"

sh New Fork (PID: 5642, Parent: 5640)

pkill (PID: 5642, Parent: 5640, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-LUGO7

sh New Fork (PID: 5643, Parent: 5640)

busybox (PID: 5643, Parent: 5640, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-LUGO7

yakuza.arm6.elf New Fork (PID: 5644, Parent: 5582)

sh (PID: 5644, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"

sh New Fork (PID: 5646, Parent: 5644)

pkill (PID: 5646, Parent: 5644, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 HOHO-U79OL

sh New Fork (PID: 5649, Parent: 5644)

busybox (PID: 5649, Parent: 5644, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 HOHO-U79OL

yakuza.arm6.elf New Fork (PID: 5650, Parent: 5582)

sh (PID: 5650, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"

sh New Fork (PID: 5655, Parent: 5650)

pkill (PID: 5655, Parent: 5650, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 JuYfouyf87

sh New Fork (PID: 5656, Parent: 5650)

busybox (PID: 5656, Parent: 5650, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 JuYfouyf87

yakuza.arm6.elf New Fork (PID: 5657, Parent: 5582)

sh (PID: 5657, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5662, Parent: 5657)

pkill (PID: 5662, Parent: 5657, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5663, Parent: 5657)

busybox (PID: 5663, Parent: 5657, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm6.elf New Fork (PID: 5687, Parent: 5582)

sh (PID: 5687, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"

sh New Fork (PID: 5689, Parent: 5687)

pkill (PID: 5689, Parent: 5687, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SO190Ij1X

sh New Fork (PID: 5690, Parent: 5687)

busybox (PID: 5690, Parent: 5687, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SO190Ij1X

yakuza.arm6.elf New Fork (PID: 5691, Parent: 5582)

sh (PID: 5691, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"

sh New Fork (PID: 5697, Parent: 5691)

pkill (PID: 5697, Parent: 5691, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 LOLKIKEEEDDE

sh New Fork (PID: 5698, Parent: 5691)

busybox (PID: 5698, Parent: 5691, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 LOLKIKEEEDDE

yakuza.arm6.elf New Fork (PID: 5702, Parent: 5582)

sh (PID: 5702, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"

sh New Fork (PID: 5704, Parent: 5702)

pkill (PID: 5704, Parent: 5702, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ekjheory98e

sh New Fork (PID: 5705, Parent: 5702)

busybox (PID: 5705, Parent: 5702, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ekjheory98e

yakuza.arm6.elf New Fork (PID: 5706, Parent: 5582)

sh (PID: 5706, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"

sh New Fork (PID: 5708, Parent: 5706)

pkill (PID: 5708, Parent: 5706, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scansh4

sh New Fork (PID: 5711, Parent: 5706)

busybox (PID: 5711, Parent: 5706, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scansh4

yakuza.arm6.elf New Fork (PID: 5712, Parent: 5582)

sh (PID: 5712, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"

sh New Fork (PID: 5717, Parent: 5712)

pkill (PID: 5717, Parent: 5712, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MDMA

sh New Fork (PID: 5718, Parent: 5712)

busybox (PID: 5718, Parent: 5712, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MDMA

yakuza.arm6.elf New Fork (PID: 5719, Parent: 5582)

sh (PID: 5719, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"

sh New Fork (PID: 5721, Parent: 5719)

pkill (PID: 5721, Parent: 5719, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 fdevalvex

sh New Fork (PID: 5722, Parent: 5719)

busybox (PID: 5722, Parent: 5719, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 fdevalvex

yakuza.arm6.elf New Fork (PID: 5725, Parent: 5582)

sh (PID: 5725, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"

sh New Fork (PID: 5727, Parent: 5725)

pkill (PID: 5727, Parent: 5725, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanspc

sh New Fork (PID: 5728, Parent: 5725)

busybox (PID: 5728, Parent: 5725, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanspc

yakuza.arm6.elf New Fork (PID: 5729, Parent: 5582)

sh (PID: 5729, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"

sh New Fork (PID: 5735, Parent: 5729)

pkill (PID: 5735, Parent: 5729, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MELTEDNINJAREALZ

sh New Fork (PID: 5736, Parent: 5729)

busybox (PID: 5736, Parent: 5729, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MELTEDNINJAREALZ

yakuza.arm6.elf New Fork (PID: 5739, Parent: 5582)

sh (PID: 5739, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"

sh New Fork (PID: 5743, Parent: 5739)

pkill (PID: 5743, Parent: 5739, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 flexsonskids

sh New Fork (PID: 5745, Parent: 5739)

busybox (PID: 5745, Parent: 5739, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 flexsonskids

yakuza.arm6.elf New Fork (PID: 5746, Parent: 5582)

sh (PID: 5746, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"

sh New Fork (PID: 5748, Parent: 5746)

pkill (PID: 5748, Parent: 5746, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 scanx86

sh New Fork (PID: 5749, Parent: 5746)

busybox (PID: 5749, Parent: 5746, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 scanx86

yakuza.arm6.elf New Fork (PID: 5750, Parent: 5582)

sh (PID: 5750, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"

sh New Fork (PID: 5755, Parent: 5750)

pkill (PID: 5755, Parent: 5750, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MISAKI-U79OL

sh New Fork (PID: 5758, Parent: 5750)

busybox (PID: 5758, Parent: 5750, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MISAKI-U79OL

yakuza.arm6.elf New Fork (PID: 5759, Parent: 5582)

sh (PID: 5759, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"

sh New Fork (PID: 5764, Parent: 5759)

pkill (PID: 5764, Parent: 5759, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 foAxi102kxe

sh New Fork (PID: 5765, Parent: 5759)

busybox (PID: 5765, Parent: 5759, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 foAxi102kxe

yakuza.arm6.elf New Fork (PID: 5766, Parent: 5582)

sh (PID: 5766, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"

sh New Fork (PID: 5772, Parent: 5766)

pkill (PID: 5772, Parent: 5766, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 swodjwodjwoj

sh New Fork (PID: 5777, Parent: 5766)

busybox (PID: 5777, Parent: 5766, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 swodjwodjwoj

yakuza.arm6.elf New Fork (PID: 5778, Parent: 5582)

sh (PID: 5778, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"

sh New Fork (PID: 5783, Parent: 5778)

pkill (PID: 5783, Parent: 5778, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 MmKiy7f87l

sh New Fork (PID: 5784, Parent: 5778)

busybox (PID: 5784, Parent: 5778, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 MmKiy7f87l

yakuza.arm6.elf New Fork (PID: 5785, Parent: 5582)

sh (PID: 5785, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"

sh New Fork (PID: 5787, Parent: 5785)

pkill (PID: 5787, Parent: 5785, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 freecookiex86

sh New Fork (PID: 5789, Parent: 5785)

busybox (PID: 5789, Parent: 5785, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 freecookiex86

yakuza.arm6.elf New Fork (PID: 5792, Parent: 5582)

sh (PID: 5792, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"

sh New Fork (PID: 5794, Parent: 5792)

pkill (PID: 5794, Parent: 5792, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysgpu

sh New Fork (PID: 5795, Parent: 5792)

busybox (PID: 5795, Parent: 5792, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysgpu

yakuza.arm6.elf New Fork (PID: 5796, Parent: 5582)

sh (PID: 5796, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"

sh New Fork (PID: 5801, Parent: 5796)

pkill (PID: 5801, Parent: 5796, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeR69xd

sh New Fork (PID: 5802, Parent: 5796)

busybox (PID: 5802, Parent: 5796, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeR69xd

yakuza.arm6.elf New Fork (PID: 5805, Parent: 5582)

sh (PID: 5805, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgege || busybox pkill -9 frgege"

sh New Fork (PID: 5810, Parent: 5805)

pkill (PID: 5810, Parent: 5805, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgege

sh New Fork (PID: 5811, Parent: 5805)

busybox (PID: 5811, Parent: 5805, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgege

yakuza.arm6.elf New Fork (PID: 5812, Parent: 5582)

sh (PID: 5812, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"

sh New Fork (PID: 5814, Parent: 5812)

pkill (PID: 5814, Parent: 5812, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 sysupdater

sh New Fork (PID: 5815, Parent: 5812)

busybox (PID: 5815, Parent: 5812, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 sysupdater

yakuza.arm6.elf New Fork (PID: 5818, Parent: 5582)

sh (PID: 5818, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"

sh New Fork (PID: 5824, Parent: 5818)

pkill (PID: 5824, Parent: 5818, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0DnAzepd

sh New Fork (PID: 5825, Parent: 5818)

busybox (PID: 5825, Parent: 5818, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0DnAzepd

yakuza.arm6.elf New Fork (PID: 5826, Parent: 5582)

sh (PID: 5826, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"

sh New Fork (PID: 5828, Parent: 5826)

pkill (PID: 5828, Parent: 5826, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRD0nks69

sh New Fork (PID: 5831, Parent: 5826)

busybox (PID: 5831, Parent: 5826, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRD0nks69

yakuza.arm6.elf New Fork (PID: 5832, Parent: 5582)

sh (PID: 5832, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"

sh New Fork (PID: 5834, Parent: 5832)

pkill (PID: 5834, Parent: 5832, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 frgreu

sh New Fork (PID: 5835, Parent: 5832)

busybox (PID: 5835, Parent: 5832, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 frgreu

yakuza.arm6.elf New Fork (PID: 5836, Parent: 5582)

sh (PID: 5836, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"

sh New Fork (PID: 5840, Parent: 5836)

pkill (PID: 5840, Parent: 5836, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 telnetd

sh New Fork (PID: 5844, Parent: 5836)

busybox (PID: 5844, Parent: 5836, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 telnetd

yakuza.arm6.elf New Fork (PID: 5845, Parent: 5582)

sh (PID: 5845, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"

sh New Fork (PID: 5847, Parent: 5845)

pkill (PID: 5847, Parent: 5845, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 0x766f6964

sh New Fork (PID: 5848, Parent: 5845)

busybox (PID: 5848, Parent: 5845, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 0x766f6964

yakuza.arm6.elf New Fork (PID: 5849, Parent: 5582)

sh (PID: 5849, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"

sh New Fork (PID: 5851, Parent: 5849)

pkill (PID: 5851, Parent: 5849, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 NiGGeRd0nks1337

sh New Fork (PID: 5854, Parent: 5849)

busybox (PID: 5854, Parent: 5849, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 NiGGeRd0nks1337

yakuza.arm6.elf New Fork (PID: 5855, Parent: 5582)

sh (PID: 5855, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 gaft || busybox pkill -9 gaft"

sh New Fork (PID: 5861, Parent: 5855)

pkill (PID: 5861, Parent: 5855, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 gaft

sh New Fork (PID: 5862, Parent: 5855)

busybox (PID: 5862, Parent: 5855, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 gaft

yakuza.arm6.elf New Fork (PID: 5864, Parent: 5582)

sh (PID: 5864, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"

sh New Fork (PID: 5866, Parent: 5864)

pkill (PID: 5866, Parent: 5864, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 urasgbsigboa

sh New Fork (PID: 5869, Parent: 5864)

busybox (PID: 5869, Parent: 5864, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 urasgbsigboa

yakuza.arm6.elf New Fork (PID: 5870, Parent: 5582)

sh (PID: 5870, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"

sh New Fork (PID: 5872, Parent: 5870)

pkill (PID: 5872, Parent: 5870, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 120i3UI49

sh New Fork (PID: 5873, Parent: 5870)

busybox (PID: 5873, Parent: 5870, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 120i3UI49

yakuza.arm6.elf New Fork (PID: 5876, Parent: 5582)

sh (PID: 5876, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"

sh New Fork (PID: 5878, Parent: 5876)

pkill (PID: 5878, Parent: 5876, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OaF3

sh New Fork (PID: 5879, Parent: 5876)

busybox (PID: 5879, Parent: 5876, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OaF3

yakuza.arm6.elf New Fork (PID: 5880, Parent: 5582)

sh (PID: 5880, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 geae || busybox pkill -9 geae"

sh New Fork (PID: 5882, Parent: 5880)

pkill (PID: 5882, Parent: 5880, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 geae

sh New Fork (PID: 5885, Parent: 5880)

busybox (PID: 5885, Parent: 5880, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 geae

yakuza.arm6.elf New Fork (PID: 5886, Parent: 5582)

sh (PID: 5886, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"

sh New Fork (PID: 5888, Parent: 5886)

pkill (PID: 5888, Parent: 5886, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 vaiolmao

sh New Fork (PID: 5889, Parent: 5886)

busybox (PID: 5889, Parent: 5886, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 vaiolmao

yakuza.arm6.elf New Fork (PID: 5890, Parent: 5582)

sh (PID: 5890, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 123123a || busybox pkill -9 123123a"

sh New Fork (PID: 5896, Parent: 5890)

pkill (PID: 5896, Parent: 5890, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 123123a

sh New Fork (PID: 5899, Parent: 5890)

busybox (PID: 5899, Parent: 5890, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 123123a

yakuza.arm6.elf New Fork (PID: 5900, Parent: 5582)

sh (PID: 5900, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"

sh New Fork (PID: 5905, Parent: 5900)

pkill (PID: 5905, Parent: 5900, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 Ofurain0n4H34D

sh New Fork (PID: 5906, Parent: 5900)

busybox (PID: 5906, Parent: 5900, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 Ofurain0n4H34D

yakuza.arm6.elf New Fork (PID: 5907, Parent: 5582)

sh (PID: 5907, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"

sh New Fork (PID: 5909, Parent: 5907)

pkill (PID: 5909, Parent: 5907, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggTrex

sh New Fork (PID: 5912, Parent: 5907)

busybox (PID: 5912, Parent: 5907, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggTrex

yakuza.arm6.elf New Fork (PID: 5913, Parent: 5582)

sh (PID: 5913, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 wasads || busybox pkill -9 wasads"

sh New Fork (PID: 5917, Parent: 5913)

pkill (PID: 5917, Parent: 5913, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wasads

sh New Fork (PID: 5919, Parent: 5913)

busybox (PID: 5919, Parent: 5913, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wasads

yakuza.arm6.elf New Fork (PID: 5920, Parent: 5582)

sh (PID: 5920, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"

sh New Fork (PID: 5926, Parent: 5920)

pkill (PID: 5926, Parent: 5920, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1293194hjXD

sh New Fork (PID: 5931, Parent: 5920)

busybox (PID: 5931, Parent: 5920, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1293194hjXD

yakuza.arm6.elf New Fork (PID: 5932, Parent: 5582)

sh (PID: 5932, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"

sh New Fork (PID: 5937, Parent: 5932)

pkill (PID: 5937, Parent: 5932, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 OthLaLosn

sh New Fork (PID: 5938, Parent: 5932)

busybox (PID: 5938, Parent: 5932, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 OthLaLosn

yakuza.arm6.elf New Fork (PID: 5939, Parent: 5582)

sh (PID: 5939, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggt || busybox pkill -9 ggt"

sh New Fork (PID: 5942, Parent: 5939)

pkill (PID: 5942, Parent: 5939, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggt

sh New Fork (PID: 5945, Parent: 5939)

busybox (PID: 5945, Parent: 5939, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggt

yakuza.arm6.elf New Fork (PID: 5946, Parent: 5582)

sh (PID: 5946, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"

sh New Fork (PID: 5948, Parent: 5946)

pkill (PID: 5948, Parent: 5946, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 wget-log

sh New Fork (PID: 5949, Parent: 5946)

busybox (PID: 5949, Parent: 5946, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 wget-log

yakuza.arm6.elf New Fork (PID: 5952, Parent: 5582)

sh (PID: 5952, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"

sh New Fork (PID: 5957, Parent: 5952)

pkill (PID: 5957, Parent: 5952, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1337SoraLOADER

sh New Fork (PID: 5958, Parent: 5952)

busybox (PID: 5958, Parent: 5952, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 1337SoraLOADER

yakuza.arm6.elf New Fork (PID: 5959, Parent: 5582)

sh (PID: 5959, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"

sh New Fork (PID: 5964, Parent: 5959)

pkill (PID: 5964, Parent: 5959, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 SAIAKINA

sh New Fork (PID: 5965, Parent: 5959)

busybox (PID: 5965, Parent: 5959, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 SAIAKINA

yakuza.arm6.elf New Fork (PID: 5968, Parent: 5582)

sh (PID: 5968, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"

sh New Fork (PID: 5970, Parent: 5968)

pkill (PID: 5970, Parent: 5968, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 ggtq

sh New Fork (PID: 5971, Parent: 5968)

busybox (PID: 5971, Parent: 5968, MD5: 70584dffe9cb0309eb22ba78aa54bcdc) Arguments: busybox pkill -9 ggtq

yakuza.arm6.elf New Fork (PID: 5972, Parent: 5582)

sh (PID: 5972, Parent: 5582, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"

sh New Fork (PID: 5974, Parent: 5972)

pkill (PID: 5974, Parent: 5972, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill -9 1378bfp919GRB1Q2

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
yakuza.arm6.elf	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x416:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
yakuza.arm6.elf	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x326:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
yakuza.arm6.elf	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1a481:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1ab15:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20

Memory Dumps

Source	Rule	Description	Author	Strings
5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1f256:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1f256:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5580.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x1f256:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5588.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x416:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5588.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x326:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5588.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1a481:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1ab15:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
5580.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x416:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5580.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x326:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5580.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1a481:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1ab15:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
5620.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_6a510422	unknown	unknown	0x416:$a: 0B E5 24 30 1B E5 2C 30 0B E5 1C 00 00 EA 18 30 1B E5 00 30
5620.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Gafgyt_d2953f92	unknown	unknown	0x326:$a: 1B E5 2A 00 53 E3 0A 00 00 0A 30 30 1B E5 3F 00 53 E3 23 00
5620.1.00007feda8017000.00007feda8035000.r-x.sdmp	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x1a481:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x1ab15:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm6.elf PID: 5580	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x391f:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x3a31:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x4010:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm6.elf PID: 5588	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x4376:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x4488:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x4a67:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Process Memory Space: yakuza.arm6.elf PID: 5620	Linux_Trojan_Tsunami_8a11f9be	unknown	unknown	0x7648:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x775a:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20 0x7d39:$a: 3E 20 3C 70 6F 72 74 3E 20 3C 72 65 66 6C 65 63 74 69 6F 6E 20
Click to see the 10 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: yakuza.arm6.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: yakuza.arm6.elf

ReversingLabs: Detection: 68%

Source: /usr/bin/pkill (PID: 5598)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5636)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5642)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5646)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5655)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5689)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5697)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5704)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5708)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5717)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5721)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5727)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5743)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5748)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5764)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5772)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5794)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5801)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5814)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5824)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5828)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5834)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5840)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5847)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5851)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5861)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5866)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5872)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5878)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5882)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5888)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5896)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5905)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5909)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5917)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5926)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5937)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5942)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5948)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5957)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5964)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5970)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5974)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking

Uses IRC for communication with a C&C

Source: unknown

IRC traffic detected: 192.168.2.14:47564 -> 194.110.247.46:5060 NICK [OSX|ARM4T]IYXYiwU USER IYXYiwU localhost localhost :IYXYiwU

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 47564 -> 5060
Source: unknown	Network traffic detected: IRC traffic on port 47564 -> 5060

Source: global traffic

TCP traffic: 192.168.2.14:47564 -> 194.110.247.46:5060

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: yakuza.arm6.elf	String found in binary or memory: http://87.10.220.221/yak.sh;
Source: yakuza.arm6.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQ
Source: yakuza.arm6.elf	String found in binary or memory: https://youtu.be/dQw4w9WgXcQNever

System Summary

Malicious sample detected (through community Yara rule)

Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5580.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 Author: unknown
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 Author: unknown
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm6.elf PID: 5580, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm6.elf PID: 5588, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown
Source: Process Memory Space: yakuza.arm6.elf PID: 5620, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be Author: unknown

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: 902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreutelnetd0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QTjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismDeportedXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0Gb
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %s
Source: Initial sample	String containing 'busybox' found: pkill -9 %s \|\| busybox pkill -9 %shistory -c;history -wcd /root;rm -f .bash_historycd /var/tmp; rm -f *NOTICE %s :MOVE <server>

Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: yakuza.arm6.elf, type: SAMPLE	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5580.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5588.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5580.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_6a510422 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 8ee116ff41236771cdc8dc4b796c3b211502413ae631d5b5aedbbaa2eccc3b75, id = 6a510422-3662-4fdb-9c03-0101f16e87cd, last_modified = 2021-09-16
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d2953f92 severity = 100, os = linux, arch_context = x86, creation_date = 2021-06-28, scan_context = file, memory, reference = 14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 276c6d62a8a335d0e2421b6b5b90c2c0eb69eec294bc9fcdeb7743abbf08d8bc, id = d2953f92-62ee-428d-88c5-723914c88c6e, last_modified = 2021-09-16
Source: 5620.1.00007feda8017000.00007feda8035000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm6.elf PID: 5580, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm6.elf PID: 5588, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16
Source: Process Memory Space: yakuza.arm6.elf PID: 5620, type: MEMORYSTR	Matched rule: Linux_Trojan_Tsunami_8a11f9be reference_sample = 1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Tsunami, fingerprint = 91e2572a3bb8583e20042578e95e1746501c6a71ef7635af2c982a05b18d7c6d, id = 8a11f9be-dc85-4695-9f38-80ca0304780e, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.troj.linELF@0/0@2/0

Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm
Source: yakuza.arm6.elf	ELF static info symbol of initial sample: /home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm

Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3761/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3761/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1583/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/2672/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/110/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/110/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/111/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/111/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/112/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/112/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/113/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/113/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/234/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/234/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1577/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1577/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/114/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/114/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/235/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/235/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/115/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/115/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/116/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/116/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/117/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/117/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/118/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/118/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/119/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/119/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/10/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/10/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/917/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/917/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3879/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3879/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/11/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/11/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/12/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/12/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/13/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/13/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/14/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/14/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/15/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/15/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/16/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/16/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/17/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/17/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/18/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/18/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/19/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/19/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1593/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/240/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/240/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/120/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/120/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3094/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3094/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/121/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/121/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/242/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/242/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3406/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3406/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/122/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/122/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/243/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/243/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/2/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/2/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/123/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/123/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/244/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/244/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1589/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1589/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/124/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/124/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/245/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/245/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1588/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/125/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/125/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/4/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/4/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/246/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/246/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3402/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/3402/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/126/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/126/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/5/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/5/cmdline	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/247/status	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	File opened: /proc/247/cmdline	Jump to behavior

Source: /tmp/yakuza.arm6.elf (PID: 5591)	Shell command executed: sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5630)	Shell command executed: sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5640)	Shell command executed: sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5644)	Shell command executed: sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5650)	Shell command executed: sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5657)	Shell command executed: sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5687)	Shell command executed: sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5691)	Shell command executed: sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5702)	Shell command executed: sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5706)	Shell command executed: sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5712)	Shell command executed: sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5719)	Shell command executed: sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5725)	Shell command executed: sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5729)	Shell command executed: sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"	Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5739)	Shell command executed: sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"
Source: /tmp/yakuza.arm6.elf (PID: 5746)	Shell command executed: sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
Source: /tmp/yakuza.arm6.elf (PID: 5750)	Shell command executed: sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
Source: /tmp/yakuza.arm6.elf (PID: 5759)	Shell command executed: sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
Source: /tmp/yakuza.arm6.elf (PID: 5766)	Shell command executed: sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
Source: /tmp/yakuza.arm6.elf (PID: 5778)	Shell command executed: sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
Source: /tmp/yakuza.arm6.elf (PID: 5785)	Shell command executed: sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
Source: /tmp/yakuza.arm6.elf (PID: 5792)	Shell command executed: sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
Source: /tmp/yakuza.arm6.elf (PID: 5796)	Shell command executed: sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
Source: /tmp/yakuza.arm6.elf (PID: 5805)	Shell command executed: sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
Source: /tmp/yakuza.arm6.elf (PID: 5812)	Shell command executed: sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
Source: /tmp/yakuza.arm6.elf (PID: 5818)	Shell command executed: sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
Source: /tmp/yakuza.arm6.elf (PID: 5826)	Shell command executed: sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
Source: /tmp/yakuza.arm6.elf (PID: 5832)	Shell command executed: sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
Source: /tmp/yakuza.arm6.elf (PID: 5836)	Shell command executed: sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
Source: /tmp/yakuza.arm6.elf (PID: 5845)	Shell command executed: sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
Source: /tmp/yakuza.arm6.elf (PID: 5849)	Shell command executed: sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
Source: /tmp/yakuza.arm6.elf (PID: 5855)	Shell command executed: sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
Source: /tmp/yakuza.arm6.elf (PID: 5864)	Shell command executed: sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
Source: /tmp/yakuza.arm6.elf (PID: 5870)	Shell command executed: sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
Source: /tmp/yakuza.arm6.elf (PID: 5876)	Shell command executed: sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
Source: /tmp/yakuza.arm6.elf (PID: 5880)	Shell command executed: sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
Source: /tmp/yakuza.arm6.elf (PID: 5886)	Shell command executed: sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
Source: /tmp/yakuza.arm6.elf (PID: 5890)	Shell command executed: sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
Source: /tmp/yakuza.arm6.elf (PID: 5900)	Shell command executed: sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
Source: /tmp/yakuza.arm6.elf (PID: 5907)	Shell command executed: sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
Source: /tmp/yakuza.arm6.elf (PID: 5913)	Shell command executed: sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
Source: /tmp/yakuza.arm6.elf (PID: 5920)	Shell command executed: sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
Source: /tmp/yakuza.arm6.elf (PID: 5932)	Shell command executed: sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
Source: /tmp/yakuza.arm6.elf (PID: 5939)	Shell command executed: sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
Source: /tmp/yakuza.arm6.elf (PID: 5946)	Shell command executed: sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
Source: /tmp/yakuza.arm6.elf (PID: 5952)	Shell command executed: sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
Source: /tmp/yakuza.arm6.elf (PID: 5959)	Shell command executed: sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
Source: /tmp/yakuza.arm6.elf (PID: 5968)	Shell command executed: sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
Source: /tmp/yakuza.arm6.elf (PID: 5972)	Shell command executed: sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"

Source: /bin/sh (PID: 5598)	Pkill executable: /usr/bin/pkill -> pkill -9 902i13	Jump to behavior
Source: /bin/sh (PID: 5636)	Pkill executable: /usr/bin/pkill -> pkill -9 BzSxLxBxeY	Jump to behavior
Source: /bin/sh (PID: 5642)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-LUGO7	Jump to behavior
Source: /bin/sh (PID: 5646)	Pkill executable: /usr/bin/pkill -> pkill -9 HOHO-U79OL	Jump to behavior
Source: /bin/sh (PID: 5655)	Pkill executable: /usr/bin/pkill -> pkill -9 JuYfouyf87	Jump to behavior
Source: /bin/sh (PID: 5662)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd	Jump to behavior
Source: /bin/sh (PID: 5689)	Pkill executable: /usr/bin/pkill -> pkill -9 SO190Ij1X	Jump to behavior
Source: /bin/sh (PID: 5697)	Pkill executable: /usr/bin/pkill -> pkill -9 LOLKIKEEEDDE	Jump to behavior
Source: /bin/sh (PID: 5704)	Pkill executable: /usr/bin/pkill -> pkill -9 ekjheory98e	Jump to behavior
Source: /bin/sh (PID: 5708)	Pkill executable: /usr/bin/pkill -> pkill -9 scansh4	Jump to behavior
Source: /bin/sh (PID: 5717)	Pkill executable: /usr/bin/pkill -> pkill -9 MDMA	Jump to behavior
Source: /bin/sh (PID: 5721)	Pkill executable: /usr/bin/pkill -> pkill -9 fdevalvex	Jump to behavior
Source: /bin/sh (PID: 5727)	Pkill executable: /usr/bin/pkill -> pkill -9 scanspc	Jump to behavior
Source: /bin/sh (PID: 5735)	Pkill executable: /usr/bin/pkill -> pkill -9 MELTEDNINJAREALZ	Jump to behavior
Source: /bin/sh (PID: 5743)	Pkill executable: /usr/bin/pkill -> pkill -9 flexsonskids
Source: /bin/sh (PID: 5748)	Pkill executable: /usr/bin/pkill -> pkill -9 scanx86
Source: /bin/sh (PID: 5755)	Pkill executable: /usr/bin/pkill -> pkill -9 MISAKI-U79OL
Source: /bin/sh (PID: 5764)	Pkill executable: /usr/bin/pkill -> pkill -9 foAxi102kxe
Source: /bin/sh (PID: 5772)	Pkill executable: /usr/bin/pkill -> pkill -9 swodjwodjwoj
Source: /bin/sh (PID: 5783)	Pkill executable: /usr/bin/pkill -> pkill -9 MmKiy7f87l
Source: /bin/sh (PID: 5787)	Pkill executable: /usr/bin/pkill -> pkill -9 freecookiex86
Source: /bin/sh (PID: 5794)	Pkill executable: /usr/bin/pkill -> pkill -9 sysgpu
Source: /bin/sh (PID: 5801)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeR69xd
Source: /bin/sh (PID: 5810)	Pkill executable: /usr/bin/pkill -> pkill -9 frgege
Source: /bin/sh (PID: 5814)	Pkill executable: /usr/bin/pkill -> pkill -9 sysupdater
Source: /bin/sh (PID: 5824)	Pkill executable: /usr/bin/pkill -> pkill -9 0DnAzepd
Source: /bin/sh (PID: 5828)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRD0nks69
Source: /bin/sh (PID: 5834)	Pkill executable: /usr/bin/pkill -> pkill -9 frgreu
Source: /bin/sh (PID: 5840)	Pkill executable: /usr/bin/pkill -> pkill -9 telnetd
Source: /bin/sh (PID: 5847)	Pkill executable: /usr/bin/pkill -> pkill -9 0x766f6964
Source: /bin/sh (PID: 5851)	Pkill executable: /usr/bin/pkill -> pkill -9 NiGGeRd0nks1337
Source: /bin/sh (PID: 5861)	Pkill executable: /usr/bin/pkill -> pkill -9 gaft
Source: /bin/sh (PID: 5866)	Pkill executable: /usr/bin/pkill -> pkill -9 urasgbsigboa
Source: /bin/sh (PID: 5872)	Pkill executable: /usr/bin/pkill -> pkill -9 120i3UI49
Source: /bin/sh (PID: 5878)	Pkill executable: /usr/bin/pkill -> pkill -9 OaF3
Source: /bin/sh (PID: 5882)	Pkill executable: /usr/bin/pkill -> pkill -9 geae
Source: /bin/sh (PID: 5888)	Pkill executable: /usr/bin/pkill -> pkill -9 vaiolmao
Source: /bin/sh (PID: 5896)	Pkill executable: /usr/bin/pkill -> pkill -9 123123a
Source: /bin/sh (PID: 5905)	Pkill executable: /usr/bin/pkill -> pkill -9 Ofurain0n4H34D
Source: /bin/sh (PID: 5909)	Pkill executable: /usr/bin/pkill -> pkill -9 ggTrex
Source: /bin/sh (PID: 5917)	Pkill executable: /usr/bin/pkill -> pkill -9 wasads
Source: /bin/sh (PID: 5926)	Pkill executable: /usr/bin/pkill -> pkill -9 1293194hjXD
Source: /bin/sh (PID: 5937)	Pkill executable: /usr/bin/pkill -> pkill -9 OthLaLosn
Source: /bin/sh (PID: 5942)	Pkill executable: /usr/bin/pkill -> pkill -9 ggt
Source: /bin/sh (PID: 5948)	Pkill executable: /usr/bin/pkill -> pkill -9 wget-log
Source: /bin/sh (PID: 5957)	Pkill executable: /usr/bin/pkill -> pkill -9 1337SoraLOADER
Source: /bin/sh (PID: 5964)	Pkill executable: /usr/bin/pkill -> pkill -9 SAIAKINA
Source: /bin/sh (PID: 5970)	Pkill executable: /usr/bin/pkill -> pkill -9 ggtq
Source: /bin/sh (PID: 5974)	Pkill executable: /usr/bin/pkill -> pkill -9 1378bfp919GRB1Q2

Source: /tmp/yakuza.arm6.elf (PID: 5590)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/yakuza.arm6.elf (PID: 5620)	Reads from proc file: /proc/stat			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: IRC traffic on port 47564 -> 5060
Source: unknown	Network traffic detected: IRC traffic on port 47564 -> 5060

Source: /usr/bin/pkill (PID: 5598)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5636)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5642)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5646)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5655)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5662)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5689)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5697)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5704)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5708)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5717)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5721)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5727)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5735)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5743)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5748)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5764)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5772)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5787)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5794)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5801)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5814)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5824)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5828)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5834)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5840)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5847)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5851)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5861)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5866)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5872)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5878)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5882)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5888)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5896)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5905)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5909)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5917)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5926)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5937)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5942)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5948)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5957)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5964)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5970)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 5974)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Source: /tmp/yakuza.arm6.elf (PID: 5580)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5627)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5637)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5643)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5649)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5656)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5663)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5690)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5698)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5705)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5711)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5718)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5722)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5728)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/busybox (PID: 5736)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5745)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5749)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5758)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5765)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5777)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5784)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5789)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5795)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5802)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5811)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5815)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5825)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5831)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5835)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5844)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5848)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5854)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5862)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5869)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5873)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5879)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5885)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5889)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5899)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5906)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5912)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5919)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5931)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5938)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5945)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5949)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5958)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5965)	Queries kernel information via 'uname':
Source: /usr/bin/busybox (PID: 5971)	Queries kernel information via 'uname':

Source: yakuza.arm6.elf, 5580.1.0000559272be9000.0000559272d17000.rw-.sdmp, yakuza.arm6.elf, 5588.1.0000559272be9000.0000559272d17000.rw-.sdmp, yakuza.arm6.elf, 5620.1.0000559272be9000.0000559272d17000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: yakuza.arm6.elf, 5580.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, yakuza.arm6.elf, 5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, yakuza.arm6.elf, 5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Binary or memory string: ax86_64/usr/bin/qemu-arm/tmp/yakuza.arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/yakuza.arm6.elf
Source: yakuza.arm6.elf, 5580.1.0000559272be9000.0000559272d17000.rw-.sdmp, yakuza.arm6.elf, 5588.1.0000559272be9000.0000559272d17000.rw-.sdmp, yakuza.arm6.elf, 5620.1.0000559272be9000.0000559272d17000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: yakuza.arm6.elf, 5580.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, yakuza.arm6.elf, 5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, yakuza.arm6.elf, 5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: yakuza.arm6.elf, 5588.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp, yakuza.arm6.elf, 5620.1.00007ffcf8bce000.00007ffcf8bef000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.11) Gecko/20071128 Camino/1.5.4
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.6) Gecko/20100628 myibrow/4alpha2
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows; U; Win 9x 4.90; SG; rv:1.9.2.4) Gecko/20101104 Netscape/9.1.0285
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Lightning/4.0.2
Source: Initial sample	User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
Source: Initial sample	User agent string found: Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01
Source: Initial sample	User agent string found: Mozilla/5.0 (X11; Linux x86_64; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.62
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110517 Firefox/5.0 Fennec/5.0
Source: Initial sample	User agent string found: Mozilla/5.0 (Android; Linux armv7l; rv:9.0) Gecko/20111216 Firefox/9.0 Fennec/9.0
Source: Initial sample	User agent string found: Mozilla/5.0 (compatible; Teleca Q7; Brew 3.1.5; U; en) 480X800 LGE VX11000

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Disable or Modify Tools	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
yakuza.arm6.elf	68%	ReversingLabs	Linux.Trojan.Tsunami
yakuza.arm6.elf	100%	Avira	ANDROID/AVE.Gafgyt.gohuf

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://youtu.be/dQw4w9WgXcQ	yakuza.arm6.elf	false	unknown
https://youtu.be/dQw4w9WgXcQNever	yakuza.arm6.elf	false	unknown
http://87.10.220.221/yak.sh;	yakuza.arm6.elf	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.110.247.46	unknown	unknown		41108	FIRSTROOT-ASDE	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
194.110.247.46	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse
	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse
	yakuza.arm6.elf	Get hash	malicious	Unknown	Browse
	yakuza.i586.elf	Get hash	malicious	Unknown	Browse
	yakuza.i686.elf	Get hash	malicious	Unknown	Browse
	yakuza.mipsel.elf	Get hash	malicious	Unknown	Browse
	yakuza.mips.elf	Get hash	malicious	Unknown	Browse
	yakuza.x86.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	jade.arm6.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	jade.m68k.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	c0r0n4x.x86.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	armv7l.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	la.bot.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	162.213.35.25

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FIRSTROOT-ASDE	yakuza.arm7.elf	Get hash	malicious	Unknown	Browse	194.110.247.46
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	3kloOVp5iW.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	BoM00gWx1d.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Mirai	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19
	na.elf	Get hash	malicious	Unknown	Browse	194.110.247.19

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.074316310913387
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	yakuza.arm6.elf
File size:	166'503 bytes
MD5:	1d2b85b413a040d04ef9d3b26a75a809
SHA1:	6d7a21f7722159916a1d89b7882337c34baf7dfc
SHA256:	b699cd64b9895cdcc325d7dd96c9eca623d3ec0247d20f39323547132c8fa63b
SHA512:	dbfa8e5454b0c068577bc146dfee0198d1e8496aeda2b39b47a29ebceb4fe45b78fe0a18bc1f91f99010308355cecf0e833c089a1ec4d0d5ebea778e657b88a6
SSDEEP:	3072:JAWi1ji/bdZZAxXmLafh/awbf4Fn+ElvOEhPxjKEh7+qKoHjIELkOo4myX98RmCR:zafZa8f4AqO0jb7pKTEY4myX98RZoCd
TLSH:	CBF33B05D9509737C1E32BFBF7AA828E73271BA4938B33255A286BB41BC179D1E3D111
File Content Preview:	.ELF..............(.........4...........4. ...(........p.....Q...Q..................................................................8...D...........Q.td..................................-...L..................G.F.G.F.G.F.G.F G.F(G.F0G.F8G.F@G.FHG.FPG.FXG.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x81b0
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	4
Section Header Offset:	128752
Section Header Size:	40
Number of Section Headers:	25
Header String Table Index:	22

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80b4	0xb4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80d0	0xd0	0x17ef8	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x1ffc8	0x17fc8	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x1ffd8	0x17fd8	0x51ec	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x251c4	0x1d1c4	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x251dc	0x1d1dc	0x10	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x2d1ec	0x1d1ec	0x4	0x0	0x3	WA	0	0	4
.init_array	INIT_ARRAY	0x2d1f0	0x1d1f0	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x2d1f4	0x1d1f4	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x2d1f8	0x1d1f8	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x2d1fc	0x1d1fc	0x18	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x2d214	0x1d214	0x80	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x2d294	0x1d294	0x890	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x2db24	0x1db24	0x7b0c	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x1db24	0xe02	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x1e928	0xe0	0x0	0x0		0	0	8
.debug_info	PROGBITS	0x0	0x1ea08	0x4b0	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x1eeb8	0x8c	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x1ef44	0x655	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x1f59c	0x58	0x0	0x0		0	0	4
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x1f5f4	0x10	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x1f604	0xea	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x1fad8	0x5f70	0x10	0x0		24	824	4
.strtab	STRTAB	0x0	0x25a48	0x301f	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x1d1dc	0x251dc	0x251dc	0x10	0x10	2.1556	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x1d1ec	0x1d1ec	6.2001	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x1d1ec	0x2d1ec	0x2d1ec	0x938	0x8444	4.3854	0x6	RW	0x8000	.eh_frame .init_array .fini_array .jcr .data.rel.ro .got .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80b4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80d0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x1ffc8	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x1ffd8	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x251c4	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x251dc	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x2d1ec	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x2d1f0	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x2d1f4	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x2d1f8	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x2d1fc	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x2d214	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x2d294	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x2db24	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
$a	.symtab	0x80b4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1ffc8	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80c0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x1ffd4	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x810c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8150	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8514	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8684	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8820	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8bf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8e48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x943c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9578	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x95b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9678	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9778	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x98b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x99d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9a9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9b74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9cb8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9f84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa050	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa3a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa4d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa854	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xab88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xacd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb300	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb994	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc354	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc664	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xce3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd39c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd640	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd678	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd8c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdc80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf37c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf47c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf62c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf6cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf708	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf79c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfb2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfc64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfcf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfd48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfe50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xff64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10134	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10dd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10e78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10eb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x10f3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1104c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x113a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11474	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11fe4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x120f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1223c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12250	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12298	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12384	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x123ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x123c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x123f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12440	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12480	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x124b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x124e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12514	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12548	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12620	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12654	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12688	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x126dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1271c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12750	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12780	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1279c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12950	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12970	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x129e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ac4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12b18	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12b48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12b7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12c04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12cb8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x12df0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x130b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x133bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13458	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1352c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1355c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13640	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13e00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ea0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13ee4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14094	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x140e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14658	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x146fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x147b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x148ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14960	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14ae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14cf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14d94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e9c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14ed4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14f90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15030	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15090	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x150a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x150c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x150d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1519c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x152ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x152d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1538c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x153d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15440	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15540	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155c4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1561c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x156f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x162a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x165b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1689c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16c64	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16d0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16d34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17020	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x172c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x172f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17330	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17368	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x173e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17418	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17490	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x174d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1750c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17528	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17ec0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18274	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18714	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18754	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1887c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18894	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18938	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x189f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18b54	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18c38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18cc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18da0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18e84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ea4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18ec0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18edc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1909c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19200	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1934c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19924	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x199d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19a20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19b34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ba0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19e74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19fd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a038	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a0c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a0cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a0e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a120	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a154	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a188	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a1bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a21c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a250	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a264	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a298	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a2cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a2e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a2f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a360	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a374	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a3a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a3dc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a41c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a450	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a47c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a4b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a5ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a67c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a728	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a7c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a8ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a8c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ac6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1acc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ace4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1add0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1afc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b094	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b104	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b130	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b28c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ba80	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bb5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bc90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c120	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c288	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c2cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c37c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c45c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c51c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c608	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c6f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c738	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c784	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c840	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c90c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ca84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cb98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cbfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cd44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cda8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cdf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ce88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cf00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d0f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d1ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d2e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1dacc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1db20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1db78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1dfd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e06c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e104	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e150	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e448	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e480	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e538	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e5a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e6d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e710	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e75c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e77c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e788	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e7e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e858	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ec24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ec48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ed98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1edf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eeb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eee4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ef7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1efc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1efd0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f0bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f170	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f1d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f200	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f404	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f438	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f46c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f4d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f57c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f998	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1fe34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ff74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8144	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d1f4	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x819c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d1f0	0	NOTYPE	<unknown>	DEFAULT	8
$d	.symtab	0x2d298	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x81e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d29c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x820c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8510	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8670	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x881c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8be8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8e44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x942c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9564	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x95b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9668	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x976c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9894	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x99b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9a90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9b6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9cac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x9f70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa04c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa398	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa4cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x22154	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xa840	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xab74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xacd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb2f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xb98c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbacc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc33c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc658	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xce38	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd394	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd63c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd674	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd8bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdc60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf334	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf478	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf5fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf6fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf790	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfab4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfc58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfcec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfd44	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfe4c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xff5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10118	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10d70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10e5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10eb0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10f38	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11048	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1138c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11470	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x11f74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x123a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12778	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d8b0	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x12794	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12930	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x129d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12aac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x12dd4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1308c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13388	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1341c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13450	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13518	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d8ec	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2d8b8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x23d90	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1362c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13de0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14090	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x140dc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14628	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d9f4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x146e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x147a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14898	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1494c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14abc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14cd0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15194	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x153cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15438	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15534	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x155bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15694	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16278	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x165a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d1fc	0	NOTYPE	<unknown>	DEFAULT	11
$d	.symtab	0x16890	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16c58	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16d04	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17010	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x172f4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1732c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17364	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x173a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17414	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1744c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1748c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x174d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17508	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17ea4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2d9f8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x18258	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x186f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1874c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18868	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2da10	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1891c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x189d4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18a94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18b38	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2da28	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2dac0	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x18c30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18cc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18d94	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18e7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x24a48	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x19094	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19134	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2dad4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x191fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19328	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19900	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x199c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19a1c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19acc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19b2c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19b90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19e34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2daec	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x19fc0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a0b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a358	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2daf8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2db00	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1a598	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a674	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a724	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x250c4	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1a898	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x33fbc	0	NOTYPE	<unknown>	DEFAULT	14
$d	.symtab	0x1a8c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ac64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ba60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x250f8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1bb48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1bc80	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c208	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c374	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c454	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c600	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c6f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c77c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c820	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c8e8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ca5c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cb7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cbf0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cd28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cd9c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cde8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2db08	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1ce84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cefc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d0a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d1e4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1da90	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1db18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1db70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1df8c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e054	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e530	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e6c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e704	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e754	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ed84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f1f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f3f8	0	NOTYPE	<unknown>	DEFAULT	2
$t	.symtab	0x80d0	0	NOTYPE	<unknown>	DEFAULT	2
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
/home/landley/work/ab7/build/temp-armv6l/gcc-core/gcc/config/arm/lib1funcs.asm	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
C.1.3506	.symtab	0x250c4	24	OBJECT	<unknown>	DEFAULT	4
C.72.5750	.symtab	0x21ad9	36	OBJECT	<unknown>	DEFAULT	4
C.90.5968	.symtab	0x22154	312	OBJECT	<unknown>	DEFAULT	4
C.96.6062	.symtab	0x22300	12	OBJECT	<unknown>	DEFAULT	4
ClearHistory	.symtab	0xf6cc	60	FUNC	<unknown>	DEFAULT	2
HTTP	.symtab	0xab88	336	FUNC	<unknown>	DEFAULT	2
Laligned	.symtab	0x15058	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x15074	0	NOTYPE	<unknown>	DEFAULT	2
Q	.symtab	0x2df5c	16384	OBJECT	<unknown>	DEFAULT	14
Send	.symtab	0x84ac	104	FUNC	<unknown>	DEFAULT	2
UserAgents	.symtab	0x2d5bc	144	OBJECT	<unknown>	DEFAULT	13
_352	.symtab	0x10eb4	40	FUNC	<unknown>	DEFAULT	2
_376	.symtab	0x10dd0	168	FUNC	<unknown>	DEFAULT	2
_433	.symtab	0x10edc	96	FUNC	<unknown>	DEFAULT	2
_Exit	.symtab	0x1a450	44	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x2d214	0	OBJECT	<unknown>	HIDDEN	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_NICK	.symtab	0x10f3c	272	FUNC	<unknown>	DEFAULT	2
_PING	.symtab	0x10e78	60	FUNC	<unknown>	DEFAULT	2
_PRIVMSG	.symtab	0x10134	3228	FUNC	<unknown>	DEFAULT	2
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x2daf8	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x24ac2	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_tolower	.symtab	0x2db00	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_tolower.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_tolower_data	.symtab	0x24dc2	768	OBJECT	<unknown>	DEFAULT	4
__C_ctype_toupper	.symtab	0x2d8b0	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_toupper.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_toupper_data	.symtab	0x23a74	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x2d1ec	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x2d1ec	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x2daf8	4	OBJECT	<unknown>	HIDDEN	13
__GI___C_ctype_tolower	.symtab	0x2db00	4	OBJECT	<unknown>	HIDDEN	13
__GI___C_ctype_toupper	.symtab	0x2d8b0	4	OBJECT	<unknown>	HIDDEN	13
__GI___ctype_b	.symtab	0x2dafc	4	OBJECT	<unknown>	HIDDEN	13
__GI___ctype_tolower	.symtab	0x2db04	4	OBJECT	<unknown>	HIDDEN	13
__GI___ctype_toupper	.symtab	0x2d8b4	4	OBJECT	<unknown>	HIDDEN	13
__GI___errno_location	.symtab	0x12780	28	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x125b4	108	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x1bb5c	300	FUNC	<unknown>	HIDDEN	2
__GI___fputc_unlocked	.symtab	0x14d94	264	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x1538c	24	FUNC	<unknown>	HIDDEN	2
__GI___h_errno_location	.symtab	0x1a8ac	28	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x12548	108	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x1e55c	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x1e580	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x1e538	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x19a64	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x19b34	108	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x15440	256	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x1a450	44	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x18754	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0x172c0	56	FUNC	<unknown>	HIDDEN	2
__GI_asprintf	.symtab	0x12b18	48	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x18e84	32	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x172f8	56	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x1e710	76	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x12480	52	FUNC	<unknown>	HIDDEN	2
__GI_clock_getres	.symtab	0x1a264	52	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x1271c	52	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x1a4b4	248	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x1abf0	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x1ac24	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x1a8c8	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x17330	56	FUNC	<unknown>	HIDDEN	2
__GI_dup2	.symtab	0x1a154	52	FUNC	<unknown>	HIDDEN	2
__GI_endservent	.symtab	0x1c784	188	FUNC	<unknown>	HIDDEN	2
__GI_errno	.symtab	0x33fbc	4	OBJECT	<unknown>	HIDDEN	14
__GI_execl	.symtab	0x19924	172	FUNC	<unknown>	HIDDEN	2
__GI_execve	.symtab	0x1a188	52	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x1909c	184	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x1279c	436	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x12548	108	FUNC	<unknown>	HIDDEN	2
__GI_fdopen	.symtab	0x1ad94	60	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x14ae8	524	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x1ba80	220	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x1bb5c	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x146fc	188	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x14cf4	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x12950	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x123f0	52	FUNC	<unknown>	HIDDEN	2
__GI_fprintf	.symtab	0x12ae8	48	FUNC	<unknown>	HIDDEN	2
__GI_fputc	.symtab	0x147b8	244	FUNC	<unknown>	HIDDEN	2
__GI_fputc_unlocked	.symtab	0x14d94	264	FUNC	<unknown>	HIDDEN	2
__GI_fputs	.symtab	0x148ac	180	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x14e9c	56	FUNC	<unknown>	HIDDEN	2
__GI_freeaddrinfo	.symtab	0x162a0	36	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x1ec24	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x1ec48	336	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x1e788	88	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x14ed4	176	FUNC	<unknown>	HIDDEN	2
__GI_getaddrinfo	.symtab	0x162c4	748	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x1bb5c	300	FUNC	<unknown>	HIDDEN	2
__GI_getcwd	.symtab	0x12298	236	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x124b4	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x1a2cc	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x1a2e0	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x1a360	20	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyaddr_r	.symtab	0x16d34	748	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname2_r	.symtab	0x17020	672	FUNC	<unknown>	HIDDEN	2
__GI_gethostbyname_r	.symtab	0x1e150	760	FUNC	<unknown>	HIDDEN	2
__GI_gethostname	.symtab	0x1e7e0	120	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x12384	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x123ac	20	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x1a298	52	FUNC	<unknown>	HIDDEN	2
__GI_getservbyname_r	.symtab	0x1cbfc	328	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport	.symtab	0x1cb98	100	FUNC	<unknown>	HIDDEN	2
__GI_getservbyport_r	.symtab	0x1ca84	276	FUNC	<unknown>	HIDDEN	2
__GI_getservent_r	.symtab	0x1c90c	376	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x12514	52	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1a250	20	FUNC	<unknown>	HIDDEN	2
__GI_h_errno	.symtab	0x33fc0	4	OBJECT	<unknown>	HIDDEN	14
__GI_htonl	.symtab	0x156a8	32	FUNC	<unknown>	HIDDEN	2
__GI_htons	.symtab	0x15698	16	FUNC	<unknown>	HIDDEN	2
__GI_if_freenameindex	.symtab	0x1d0ac	72	FUNC	<unknown>	HIDDEN	2
__GI_if_nameindex	.symtab	0x1cf00	428	FUNC	<unknown>	HIDDEN	2
__GI_if_nametoindex	.symtab	0x1ce88	120	FUNC	<unknown>	HIDDEN	2
__GI_in6addr_loopback	.symtab	0x24a08	16	OBJECT	<unknown>	HIDDEN	4
__GI_inet_addr	.symtab	0x16d0c	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x1d0f4	248	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x16cf0	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x16c64	140	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntop	.symtab	0x169e0	644	FUNC	<unknown>	HIDDEN	2
__GI_inet_pton	.symtab	0x16680	540	FUNC	<unknown>	HIDDEN	2
__GI_initstate_r	.symtab	0x18da0	228	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x12688	84	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x155f8	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x124e0	52	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x173ac	52	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x1f46c	100	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x1c120	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x150c0	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x1efc0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x1c4f8	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x1c37c	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x14f90	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x19fd0	104	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x1a3dc	64	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x1a374	52	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x1a3a8	52	FUNC	<unknown>	HIDDEN	2
__GI_ntohl	.symtab	0x156d8	32	FUNC	<unknown>	HIDDEN	2
__GI_ntohs	.symtab	0x156c8	16	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x1a1bc	96	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x1a67c	172	FUNC	<unknown>	HIDDEN	2
__GI_perror	.symtab	0x12970	116	FUNC	<unknown>	HIDDEN	2
__GI_pipe	.symtab	0x1a21c	52	FUNC	<unknown>	HIDDEN	2
__GI_poll	.symtab	0x12264	52	FUNC	<unknown>	HIDDEN	2
__GI_putc	.symtab	0x147b8	244	FUNC	<unknown>	HIDDEN	2
__GI_putc_unlocked	.symtab	0x14d94	264	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x1750c	28	FUNC	<unknown>	HIDDEN	2
__GI_random	.symtab	0x18894	164	FUNC	<unknown>	HIDDEN	2
__GI_random_r	.symtab	0x18c38	144	FUNC	<unknown>	HIDDEN	2
__GI_rawmemchr	.symtab	0x1c2cc	176	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x1f438	52	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x1a7c0	236	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x173e0	56	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x1a2f4	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x12440	64	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x17418	56	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x17450	64	FUNC	<unknown>	HIDDEN	2
__GI_setservent	.symtab	0x1c840	204	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x12654	52	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x17490	68	FUNC	<unknown>	HIDDEN	2
__GI_setstate_r	.symtab	0x18b54	228	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x1a038	136	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x1e480	184	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x1a47c	56	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x19154	172	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x174d4	56	FUNC	<unknown>	HIDDEN	2
__GI_sprintf	.symtab	0x12b48	52	FUNC	<unknown>	HIDDEN	2
__GI_srandom_r	.symtab	0x18cc8	216	FUNC	<unknown>	HIDDEN	2
__GI_stat	.symtab	0x1ea88	88	FUNC	<unknown>	HIDDEN	2
__GI_strcasecmp	.symtab	0x153d4	108	FUNC	<unknown>	HIDDEN	2
__GI_strcasestr	.symtab	0x15540	132	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x1c608	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x1c51c	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x150a0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x150a0	28	FUNC	<unknown>	HIDDEN	2
__GI_strcpy	.symtab	0x152ac	36	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x1c288	68	FUNC	<unknown>	HIDDEN	2
__GI_strdup	.symtab	0x155c4	52	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x15030	96	FUNC	<unknown>	HIDDEN	2
__GI_strncmp	.symtab	0x1519c	272	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x152d0	188	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x150d0	204	FUNC	<unknown>	HIDDEN	2
__GI_strpbrk	.symtab	0x1c6f8	64	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x1c4a8	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x1c45c	76	FUNC	<unknown>	HIDDEN	2
__GI_strtok	.symtab	0x153a4	48	FUNC	<unknown>	HIDDEN	2
__GI_strtok_r	.symtab	0x1c210	120	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x18ea4	28	FUNC	<unknown>	HIDDEN	2
__GI_strtoul	.symtab	0x18ec0	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x1934c	1496	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x1561c	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x123c0	48	FUNC	<unknown>	HIDDEN	2
__GI_toupper	.symtab	0x12750	48	FUNC	<unknown>	HIDDEN	2
__GI_uname	.symtab	0x1f404	52	FUNC	<unknown>	HIDDEN	2
__GI_vasprintf	.symtab	0x12b7c	136	FUNC	<unknown>	HIDDEN	2
__GI_vfork	.symtab	0x1a0e0	64	FUNC	<unknown>	HIDDEN	2
__GI_vfprintf	.symtab	0x1355c	228	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x12c04	180	FUNC	<unknown>	HIDDEN	2
__GI_wait4	.symtab	0x1a120	52	FUNC	<unknown>	HIDDEN	2
__GI_waitpid	.symtab	0x12424	28	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x1ac6c	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x1ace4	176	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x1acc0	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x12620	52	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x2d1f8	0	OBJECT	<unknown>	DEFAULT	10
__JCR_LIST__	.symtab	0x2d1f8	0	OBJECT	<unknown>	DEFAULT	10
__adddf3	.symtab	0x1f588	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x1fee4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x1fee4	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x1fec8	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x1ff74	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x1f588	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x1fefc	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x1ff44	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x1ff5c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x1ff2c	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x1ff14	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x1fc28	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x1f998	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x1f57c	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x1f584	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x1f8e4	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x1f8bc	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x120f8	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x12224	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x1f938	96	FUNC	<unknown>	HIDDEN	2
__aeabi_ui2d	.symtab	0x1f898	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x11fe4	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x120e0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x1f924	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x1e77c	4	FUNC	<unknown>	DEFAULT	2
__aeabi_unwind_cpp_pr1	.symtab	0x1e780	4	FUNC	<unknown>	DEFAULT	2
__aeabi_unwind_cpp_pr2	.symtab	0x1e784	4	FUNC	<unknown>	DEFAULT	2
__app_fini	.symtab	0x33fb4	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x2dad4	24	OBJECT	<unknown>	DEFAULT	13
__bss_end__	.symtab	0x35630	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x2db24	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x2db24	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x19ae0	84	FUNC	<unknown>	DEFAULT	2
__close_nameservers	.symtab	0x1dfd4	152	FUNC	<unknown>	HIDDEN	2
__cmpdf2	.symtab	0x1fe44	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x2dafc	4	OBJECT	<unknown>	DEFAULT	13
__ctype_tolower	.symtab	0x2db04	4	OBJECT	<unknown>	DEFAULT	13
__ctype_toupper	.symtab	0x2d8b4	4	OBJECT	<unknown>	DEFAULT	13
__curbrk	.symtab	0x34000	4	OBJECT	<unknown>	HIDDEN	14
__data_start	.symtab	0x2d294	0	NOTYPE	<unknown>	DEFAULT	13
__decode_dotted	.symtab	0x1d1ec	248	FUNC	<unknown>	HIDDEN	2
__decode_header	.symtab	0x1f0bc	180	FUNC	<unknown>	HIDDEN	2
__default_rt_sa_restorer	.symtab	0x1a0d0	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x1a0c4	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x1223c	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x1fc28	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x120f8	300	FUNC	<unknown>	HIDDEN	2
__dns_lookup	.symtab	0x1d2e4	2024	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x810c	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x2d1f4	0	OBJECT	<unknown>	DEFAULT	9
__dso_handle	.symtab	0x2d294	0	OBJECT	<unknown>	HIDDEN	13
__encode_dotted	.symtab	0x1f4d0	172	FUNC	<unknown>	HIDDEN	2
__encode_header	.symtab	0x1efd0	236	FUNC	<unknown>	HIDDEN	2
__encode_question	.symtab	0x1f170	96	FUNC	<unknown>	HIDDEN	2
__end__	.symtab	0x35630	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x33fac	4	OBJECT	<unknown>	DEFAULT	14
__eqdf2	.symtab	0x1fe44	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x12780	28	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__error	.symtab	0x1a11c	0	NOTYPE	<unknown>	DEFAULT	2
__exidx_end	.symtab	0x251ec	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x251dc	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x33fa4	4	OBJECT	<unknown>	HIDDEN	14
__extendsfdf2	.symtab	0x1f8e4	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x125b4	108	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x1bb5c	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x2d1f8	0	NOTYPE	<unknown>	HIDDEN	9
__fini_array_start	.symtab	0x2d1f4	0	NOTYPE	<unknown>	HIDDEN	9
__fixunsdfsi	.symtab	0x1ff74	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x1f938	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x1f8bc	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x1f924	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x1f898	36	FUNC	<unknown>	HIDDEN	2
__fputc_unlocked	.symtab	0x14d94	264	FUNC	<unknown>	DEFAULT	2
__frame_dummy_init_array_entry	.symtab	0x2d1f0	0	OBJECT	<unknown>	DEFAULT	8
__gedf2	.symtab	0x1fe34	148	FUNC	<unknown>	HIDDEN	2
__get_hosts_byaddr_r	.symtab	0x1e06c	152	FUNC	<unknown>	HIDDEN	2
__get_hosts_byname_r	.symtab	0x1e104	76	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x1eae0	324	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x12384	40	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x1538c	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gtdf2	.symtab	0x1fe34	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x1a8ac	28	FUNC	<unknown>	DEFAULT	2
__h_errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__init_array_end	.symtab	0x2d1f4	0	NOTYPE	<unknown>	HIDDEN	8
__init_array_start	.symtab	0x2d1f0	0	NOTYPE	<unknown>	HIDDEN	8
__initbuf	.symtab	0x1c738	76	FUNC	<unknown>	DEFAULT	2
__ledf2	.symtab	0x1fe3c	140	FUNC	<unknown>	HIDDEN	2
__libc_accept	.symtab	0x172c0	56	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x1271c	52	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x17330	56	FUNC	<unknown>	DEFAULT	2
__libc_fcntl	.symtab	0x12548	108	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x123f0	52	FUNC	<unknown>	DEFAULT	2
__libc_lseek64	.symtab	0x1f46c	100	FUNC	<unknown>	DEFAULT	2
__libc_nanosleep	.symtab	0x1a3a8	52	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x1a1bc	96	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x1f438	52	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x173e0	56	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x12440	64	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x17418	56	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x17450	64	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x1a038	136	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x33fa8	4	OBJECT	<unknown>	DEFAULT	14
__libc_system	.symtab	0x19e74	348	FUNC	<unknown>	DEFAULT	2
__libc_waitpid	.symtab	0x12424	28	FUNC	<unknown>	DEFAULT	2
__libc_write	.symtab	0x12620	52	FUNC	<unknown>	DEFAULT	2
__local_nameserver	.symtab	0x251a4	16	OBJECT	<unknown>	HIDDEN	4
__ltdf2	.symtab	0x1fe3c	140	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x18324	436	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x17528	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x2d9f8	24	OBJECT	<unknown>	DEFAULT	13
__malloc_state	.symtab	0x35294	888	OBJECT	<unknown>	DEFAULT	14
__malloc_trim	.symtab	0x18274	176	FUNC	<unknown>	DEFAULT	2
__muldf3	.symtab	0x1f998	656	FUNC	<unknown>	HIDDEN	2
__nameserver	.symtab	0x35614	4	OBJECT	<unknown>	HIDDEN	14
__nameservers	.symtab	0x35618	4	OBJECT	<unknown>	HIDDEN	14
__nedf2	.symtab	0x1fe44	132	FUNC	<unknown>	HIDDEN	2
__open_etc_hosts	.symtab	0x1f1d0	48	FUNC	<unknown>	HIDDEN	2
__open_nameservers	.symtab	0x1db78	1116	FUNC	<unknown>	HIDDEN	2
__opensock	.symtab	0x1e448	56	FUNC	<unknown>	HIDDEN	2
__pagesize	.symtab	0x33fb0	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x2d1f0	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__preinit_array_start	.symtab	0x2d1f0	0	NOTYPE	<unknown>	HIDDEN	SHN_ABS
__progname	.symtab	0x2daf0	4	OBJECT	<unknown>	DEFAULT	13
__progname_full	.symtab	0x2daf4	4	OBJECT	<unknown>	DEFAULT	13
__pthread_initialize_minimal	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__pthread_mutex_init	.symtab	0x19a28	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x19a20	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x19a20	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x19a20	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x19a20	8	FUNC	<unknown>	DEFAULT	2
__read_etc_hosts_r	.symtab	0x1f200	516	FUNC	<unknown>	HIDDEN	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__res_sync	.symtab	0x3560c	4	OBJECT	<unknown>	HIDDEN	14
__resolv_attempts	.symtab	0x2db23	1	OBJECT	<unknown>	HIDDEN	13
__resolv_lock	.symtab	0x33fe4	24	OBJECT	<unknown>	DEFAULT	14
__resolv_timeout	.symtab	0x2db22	1	OBJECT	<unknown>	HIDDEN	13
__rtld_fini	.symtab	0x33fb8	4	OBJECT	<unknown>	HIDDEN	14
__searchdomain	.symtab	0x35610	4	OBJECT	<unknown>	HIDDEN	14
__searchdomains	.symtab	0x3561c	4	OBJECT	<unknown>	HIDDEN	14
__set_h_errno	.symtab	0x157bc	28	FUNC	<unknown>	DEFAULT	2
__sigaddset	.symtab	0x1e55c	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x1e580	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x1e538	36	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x2d8f8	4	OBJECT	<unknown>	DEFAULT	13
__stdio_READ	.symtab	0x1ed98	88	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x1add0	180	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x1edf0	196	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x1ae84	320	FUNC	<unknown>	HIDDEN	2
__stdio_init_mutex	.symtab	0x13424	52	FUNC	<unknown>	HIDDEN	2
__stdio_mutex_initializer.4636	.symtab	0x23d90	24	OBJECT	<unknown>	DEFAULT	4
__stdio_rfill	.symtab	0x1eeb4	48	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x1ef7c	60	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x1eee4	152	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x1afc4	208	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x1352c	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x2d8fc	4	OBJECT	<unknown>	DEFAULT	13
__subdf3	.symtab	0x1f584	788	FUNC	<unknown>	HIDDEN	2
__syscall_error	.symtab	0x1e75c	32	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_rt_sigaction	.symtab	0x1a41c	52	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uClibc_fini	.symtab	0x19a64	124	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x19b34	108	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x19ba0	724	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x2daec	4	OBJECT	<unknown>	HIDDEN	13
__udivsi3	.symtab	0x11fe4	252	FUNC	<unknown>	HIDDEN	2
__vfork	.symtab	0x1a0e0	64	FUNC	<unknown>	HIDDEN	2
__xpg_strerror_r	.symtab	0x15440	256	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x1e924	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x1e858	204	FUNC	<unknown>	HIDDEN	2
__xstat_conv	.symtab	0x1e9d0	184	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x33f80	10	OBJECT	<unknown>	DEFAULT	14
_bss_end__	.symtab	0x35630	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_call_via_fp	.symtab	0x80fd	4	FUNC	<unknown>	HIDDEN	2
_call_via_ip	.symtab	0x8101	4	FUNC	<unknown>	HIDDEN	2
_call_via_lr	.symtab	0x8109	4	FUNC	<unknown>	HIDDEN	2
_call_via_r0	.symtab	0x80d1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r1	.symtab	0x80d5	4	FUNC	<unknown>	HIDDEN	2
_call_via_r2	.symtab	0x80d9	4	FUNC	<unknown>	HIDDEN	2
_call_via_r3	.symtab	0x80dd	4	FUNC	<unknown>	HIDDEN	2
_call_via_r4	.symtab	0x80e1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r5	.symtab	0x80e5	4	FUNC	<unknown>	HIDDEN	2
_call_via_r6	.symtab	0x80e9	4	FUNC	<unknown>	HIDDEN	2
_call_via_r7	.symtab	0x80ed	4	FUNC	<unknown>	HIDDEN	2
_call_via_r8	.symtab	0x80f1	4	FUNC	<unknown>	HIDDEN	2
_call_via_r9	.symtab	0x80f5	4	FUNC	<unknown>	HIDDEN	2
_call_via_sl	.symtab	0x80f9	4	FUNC	<unknown>	HIDDEN	2
_call_via_sp	.symtab	0x8105	4	FUNC	<unknown>	HIDDEN	2
_charpad	.symtab	0x13640	84	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x35244	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_handler	.symtab	0x3526c	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_spec	.symtab	0x2d9f4	4	OBJECT	<unknown>	HIDDEN	13
_dl_aux_init	.symtab	0x1e6d8	56	FUNC	<unknown>	DEFAULT	2
_dl_phdr	.symtab	0x35628	4	OBJECT	<unknown>	DEFAULT	14
_dl_phnum	.symtab	0x3562c	4	OBJECT	<unknown>	DEFAULT	14
_edata	.symtab	0x2db24	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x35630	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_errno	.symtab	0x33fbc	4	OBJECT	<unknown>	DEFAULT	14
_exit	.symtab	0x1a450	44	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x1ffc8	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x31f80	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x13694	132	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x1b28c	2036	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_h_errno	.symtab	0x33fc0	4	OBJECT	<unknown>	DEFAULT	14
_init	.symtab	0x80b4	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x1b094	112	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x1bc90	0	FUNC	<unknown>	HIDDEN	2
_ppfs_init	.symtab	0x13e00	160	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x140e8	1392	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x13ea0	68	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x13ee4	432	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x14094	84	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x19a38	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x19a30	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_sigintr	.symtab	0x35620	8	OBJECT	<unknown>	HIDDEN	14
_start	.symtab	0x81b0	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x130b4	776	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x133bc	104	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x2d900	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_add_lock	.symtab	0x2d8b8	24	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_dec_use	.symtab	0x14960	392	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x31f7c	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x2d8d0	24	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_use_count	.symtab	0x31f78	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x2d904	240	OBJECT	<unknown>	DEFAULT	13
_stdio_term	.symtab	0x13458	212	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x2d8e8	4	OBJECT	<unknown>	DEFAULT	13
_stdlib_strto_l	.symtab	0x18edc	448	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x1b104	44	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x23e60	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x1b130	348	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x13718	1768	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x18754	296	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
accept	.symtab	0x172c0	56	FUNC	<unknown>	DEFAULT	2
accept.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
actualparent	.symtab	0x34118	4	OBJECT	<unknown>	DEFAULT	14
advance_telstate	.symtab	0xd8fc	116	FUNC	<unknown>	DEFAULT	2
advances	.symtab	0x2d714	28	OBJECT	<unknown>	DEFAULT	13
advances2	.symtab	0x2d774	44	OBJECT	<unknown>	DEFAULT	13
aeabi_unwind_cpp_pr1.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
ak47scan	.symtab	0xf37c	256	FUNC	<unknown>	DEFAULT	2
ak47scantoggle	.symtab	0xf47c	432	FUNC	<unknown>	DEFAULT	2
ak47telscan	.symtab	0xd9f8	6532	FUNC	<unknown>	DEFAULT	2
append	.symtab	0xfcf8	80	FUNC	<unknown>	DEFAULT	2
asprintf	.symtab	0x12b18	48	FUNC	<unknown>	DEFAULT	2
asprintf.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
atoi	.symtab	0x18e84	32	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x18e84	32	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bcopy	.symtab	0x15090	16	FUNC	<unknown>	DEFAULT	2
been_there_done_that	.symtab	0x33fa0	4	OBJECT	<unknown>	DEFAULT	14
bind	.symtab	0x172f8	56	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
blacknurse	.symtab	0x9cb8	716	FUNC	<unknown>	DEFAULT	2
botkill	.symtab	0xf62c	160	FUNC	<unknown>	DEFAULT	2
brk	.symtab	0x1e710	76	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x1e480	184	FUNC	<unknown>	DEFAULT	2
buf.2975	.symtab	0x33f90	16	OBJECT	<unknown>	DEFAULT	14
c	.symtab	0x2d7b0	4	OBJECT	<unknown>	DEFAULT	13

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 08:33:18.672336102 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:18.677922010 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:18.678004980 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:19.477802992 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:19.477869987 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:19.702292919 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:19.707739115 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:19.737885952 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:19.738012075 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:19.998058081 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:19.998248100 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:20.153134108 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:20.153218031 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:20.156810999 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:20.208987951 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:20.209063053 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:20.214385033 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:20.436824083 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:20.436888933 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:20.592257023 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:20.592397928 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:23.566376925 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:23.566538095 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:44.662154913 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:44.662353039 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:33:58.876061916 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:33:58.876246929 CEST	47564	5060	192.168.2.14	194.110.247.46
Oct 25, 2024 08:34:30.829982996 CEST	5060	47564	194.110.247.46	192.168.2.14
Oct 25, 2024 08:34:30.830219984 CEST	47564	5060	192.168.2.14	194.110.247.46

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 08:33:21.264281988 CEST	56933	53	192.168.2.14	1.1.1.1
Oct 25, 2024 08:33:21.264353037 CEST	47081	53	192.168.2.14	1.1.1.1
Oct 25, 2024 08:33:21.271847010 CEST	53	47081	1.1.1.1	192.168.2.14
Oct 25, 2024 08:33:21.271859884 CEST	53	56933	1.1.1.1	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 08:33:21.264281988 CEST	192.168.2.14	1.1.1.1	0xe07e	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 25, 2024 08:33:21.264353037 CEST	192.168.2.14	1.1.1.1	0x8f36	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 08:33:21.271859884 CEST	1.1.1.1	192.168.2.14	0xe07e	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Oct 25, 2024 08:33:21.271859884 CEST	1.1.1.1	192.168.2.14	0xe07e	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

IRC Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 25, 2024 08:33:19.702292919 CEST	47564	5060	192.168.2.14	194.110.247.46	NICK [OSX\|ARM4T]IYXYiwU USER IYXYiwU localhost localhost :IYXYiwU
Oct 25, 2024 08:33:20.209063053 CEST	47564	5060	192.168.2.14	194.110.247.46	JOIN #osx# :osx WHO IYXYiwU

System Behavior

Analysis Process: yakuza.arm6.elf PID: 5580, Parent PID: 5499

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	/tmp/yakuza.arm6.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5582, Parent PID: 5580

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5588, Parent PID: 5582

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5590, Parent PID: 5582

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5620, Parent PID: 5590

General

Start time (UTC):	06:33:19
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5591, Parent PID: 5582

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5591, Parent PID: 5582

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 902i13 \|\| busybox pkill -9 902i13"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5598, Parent PID: 5591

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5598, Parent PID: 5591

General

Start time (UTC):	06:33:17
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 902i13
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5627, Parent PID: 5591

General

Start time (UTC):	06:33:22
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5627, Parent PID: 5591

General

Start time (UTC):	06:33:22
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 902i13
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5630, Parent PID: 5582

General

Start time (UTC):	06:33:24
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5630, Parent PID: 5582

General

Start time (UTC):	06:33:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 BzSxLxBxeY \|\| busybox pkill -9 BzSxLxBxeY"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5636, Parent PID: 5630

General

Start time (UTC):	06:33:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5636, Parent PID: 5630

General

Start time (UTC):	06:33:24
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 BzSxLxBxeY
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5637, Parent PID: 5630

General

Start time (UTC):	06:33:25
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5637, Parent PID: 5630

General

Start time (UTC):	06:33:25
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 BzSxLxBxeY
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5640, Parent PID: 5582

General

Start time (UTC):	06:33:26
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5640, Parent PID: 5582

General

Start time (UTC):	06:33:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 HOHO-LUGO7 \|\| busybox pkill -9 HOHO-LUGO7"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5642, Parent PID: 5640

General

Start time (UTC):	06:33:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5642, Parent PID: 5640

General

Start time (UTC):	06:33:26
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-LUGO7
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5643, Parent PID: 5640

General

Start time (UTC):	06:33:28
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5643, Parent PID: 5640

General

Start time (UTC):	06:33:28
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-LUGO7
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5644, Parent PID: 5582

General

Start time (UTC):	06:33:29
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5644, Parent PID: 5582

General

Start time (UTC):	06:33:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 HOHO-U79OL \|\| busybox pkill -9 HOHO-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5646, Parent PID: 5644

General

Start time (UTC):	06:33:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5646, Parent PID: 5644

General

Start time (UTC):	06:33:29
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 HOHO-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5649, Parent PID: 5644

General

Start time (UTC):	06:33:31
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5649, Parent PID: 5644

General

Start time (UTC):	06:33:31
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 HOHO-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5650, Parent PID: 5582

General

Start time (UTC):	06:33:32
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5650, Parent PID: 5582

General

Start time (UTC):	06:33:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 JuYfouyf87 \|\| busybox pkill -9 JuYfouyf87"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5655, Parent PID: 5650

General

Start time (UTC):	06:33:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5655, Parent PID: 5650

General

Start time (UTC):	06:33:32
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 JuYfouyf87
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5656, Parent PID: 5650

General

Start time (UTC):	06:33:33
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5656, Parent PID: 5650

General

Start time (UTC):	06:33:33
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 JuYfouyf87
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5657, Parent PID: 5582

General

Start time (UTC):	06:33:34
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5657, Parent PID: 5582

General

Start time (UTC):	06:33:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5662, Parent PID: 5657

General

Start time (UTC):	06:33:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5662, Parent PID: 5657

General

Start time (UTC):	06:33:34
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5663, Parent PID: 5657

General

Start time (UTC):	06:33:35
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5663, Parent PID: 5657

General

Start time (UTC):	06:33:35
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5687, Parent PID: 5582

General

Start time (UTC):	06:33:36
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5687, Parent PID: 5582

General

Start time (UTC):	06:33:36
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 SO190Ij1X \|\| busybox pkill -9 SO190Ij1X"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5689, Parent PID: 5687

General

Start time (UTC):	06:33:36
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5689, Parent PID: 5687

General

Start time (UTC):	06:33:36
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SO190Ij1X
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5690, Parent PID: 5687

General

Start time (UTC):	06:33:38
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5690, Parent PID: 5687

General

Start time (UTC):	06:33:38
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SO190Ij1X
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5691, Parent PID: 5582

General

Start time (UTC):	06:33:39
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5691, Parent PID: 5582

General

Start time (UTC):	06:33:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 LOLKIKEEEDDE \|\| busybox pkill -9 LOLKIKEEEDDE"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5697, Parent PID: 5691

General

Start time (UTC):	06:33:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5697, Parent PID: 5691

General

Start time (UTC):	06:33:39
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 LOLKIKEEEDDE
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5698, Parent PID: 5691

General

Start time (UTC):	06:33:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5698, Parent PID: 5691

General

Start time (UTC):	06:33:40
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 LOLKIKEEEDDE
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5702, Parent PID: 5582

General

Start time (UTC):	06:33:41
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5702, Parent PID: 5582

General

Start time (UTC):	06:33:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 ekjheory98e \|\| busybox pkill -9 ekjheory98e"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5704, Parent PID: 5702

General

Start time (UTC):	06:33:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5704, Parent PID: 5702

General

Start time (UTC):	06:33:41
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ekjheory98e
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5705, Parent PID: 5702

General

Start time (UTC):	06:33:43
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5705, Parent PID: 5702

General

Start time (UTC):	06:33:43
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ekjheory98e
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5706, Parent PID: 5582

General

Start time (UTC):	06:33:44
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5706, Parent PID: 5582

General

Start time (UTC):	06:33:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 scansh4 \|\| busybox pkill -9 scansh4"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5708, Parent PID: 5706

General

Start time (UTC):	06:33:44
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5708, Parent PID: 5706

General

Start time (UTC):	06:33:44
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scansh4
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5711, Parent PID: 5706

General

Start time (UTC):	06:33:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5711, Parent PID: 5706

General

Start time (UTC):	06:33:46
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scansh4
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5712, Parent PID: 5582

General

Start time (UTC):	06:33:47
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5712, Parent PID: 5582

General

Start time (UTC):	06:33:47
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 MDMA \|\| busybox pkill -9 MDMA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5717, Parent PID: 5712

General

Start time (UTC):	06:33:47
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5717, Parent PID: 5712

General

Start time (UTC):	06:33:47
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MDMA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5718, Parent PID: 5712

General

Start time (UTC):	06:33:48
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5718, Parent PID: 5712

General

Start time (UTC):	06:33:48
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MDMA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5719, Parent PID: 5582

General

Start time (UTC):	06:33:49
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5719, Parent PID: 5582

General

Start time (UTC):	06:33:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 fdevalvex \|\| busybox pkill -9 fdevalvex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5721, Parent PID: 5719

General

Start time (UTC):	06:33:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5721, Parent PID: 5719

General

Start time (UTC):	06:33:49
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 fdevalvex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5722, Parent PID: 5719

General

Start time (UTC):	06:33:50
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5722, Parent PID: 5719

General

Start time (UTC):	06:33:50
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 fdevalvex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5725, Parent PID: 5582

General

Start time (UTC):	06:33:51
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5725, Parent PID: 5582

General

Start time (UTC):	06:33:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 scanspc \|\| busybox pkill -9 scanspc"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5727, Parent PID: 5725

General

Start time (UTC):	06:33:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5727, Parent PID: 5725

General

Start time (UTC):	06:33:51
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanspc
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5728, Parent PID: 5725

General

Start time (UTC):	06:33:52
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: busybox PID: 5728, Parent PID: 5725

General

Start time (UTC):	06:33:52
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanspc
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5729, Parent PID: 5582

General

Start time (UTC):	06:33:53
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5729, Parent PID: 5582

General

Start time (UTC):	06:33:53
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 MELTEDNINJAREALZ \|\| busybox pkill -9 MELTEDNINJAREALZ"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5735, Parent PID: 5729

General

Start time (UTC):	06:33:53
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: pkill PID: 5735, Parent PID: 5729

General

Start time (UTC):	06:33:53
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MELTEDNINJAREALZ
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Chronological Activities

Analysis Process: sh PID: 5736, Parent PID: 5729

General

Start time (UTC):	06:33:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5736, Parent PID: 5729

General

Start time (UTC):	06:33:54
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MELTEDNINJAREALZ
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5739, Parent PID: 5582

General

Start time (UTC):	06:33:55
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5739, Parent PID: 5582

General

Start time (UTC):	06:33:55
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 flexsonskids \|\| busybox pkill -9 flexsonskids"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5743, Parent PID: 5739

General

Start time (UTC):	06:33:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5743, Parent PID: 5739

General

Start time (UTC):	06:33:56
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 flexsonskids
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5745, Parent PID: 5739

General

Start time (UTC):	06:33:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5745, Parent PID: 5739

General

Start time (UTC):	06:33:57
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 flexsonskids
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5746, Parent PID: 5582

General

Start time (UTC):	06:33:58
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5746, Parent PID: 5582

General

Start time (UTC):	06:33:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 scanx86 \|\| busybox pkill -9 scanx86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5748, Parent PID: 5746

General

Start time (UTC):	06:33:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5748, Parent PID: 5746

General

Start time (UTC):	06:33:58
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 scanx86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5749, Parent PID: 5746

General

Start time (UTC):	06:33:59
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5749, Parent PID: 5746

General

Start time (UTC):	06:33:59
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 scanx86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5750, Parent PID: 5582

General

Start time (UTC):	06:34:00
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5750, Parent PID: 5582

General

Start time (UTC):	06:34:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 MISAKI-U79OL \|\| busybox pkill -9 MISAKI-U79OL"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5755, Parent PID: 5750

General

Start time (UTC):	06:34:00
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5755, Parent PID: 5750

General

Start time (UTC):	06:34:00
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MISAKI-U79OL
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5758, Parent PID: 5750

General

Start time (UTC):	06:34:01
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5758, Parent PID: 5750

General

Start time (UTC):	06:34:01
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MISAKI-U79OL
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5759, Parent PID: 5582

General

Start time (UTC):	06:34:02
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5759, Parent PID: 5582

General

Start time (UTC):	06:34:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 foAxi102kxe \|\| busybox pkill -9 foAxi102kxe"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5764, Parent PID: 5759

General

Start time (UTC):	06:34:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5764, Parent PID: 5759

General

Start time (UTC):	06:34:02
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 foAxi102kxe
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5765, Parent PID: 5759

General

Start time (UTC):	06:34:03
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5765, Parent PID: 5759

General

Start time (UTC):	06:34:03
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 foAxi102kxe
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5766, Parent PID: 5582

General

Start time (UTC):	06:34:04
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5766, Parent PID: 5582

General

Start time (UTC):	06:34:04
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 swodjwodjwoj \|\| busybox pkill -9 swodjwodjwoj"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5772, Parent PID: 5766

General

Start time (UTC):	06:34:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5772, Parent PID: 5766

General

Start time (UTC):	06:34:05
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 swodjwodjwoj
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5777, Parent PID: 5766

General

Start time (UTC):	06:34:06
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5777, Parent PID: 5766

General

Start time (UTC):	06:34:06
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 swodjwodjwoj
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5778, Parent PID: 5582

General

Start time (UTC):	06:34:07
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5778, Parent PID: 5582

General

Start time (UTC):	06:34:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 MmKiy7f87l \|\| busybox pkill -9 MmKiy7f87l"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5783, Parent PID: 5778

General

Start time (UTC):	06:34:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5783, Parent PID: 5778

General

Start time (UTC):	06:34:07
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 MmKiy7f87l
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5784, Parent PID: 5778

General

Start time (UTC):	06:34:08
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5784, Parent PID: 5778

General

Start time (UTC):	06:34:08
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 MmKiy7f87l
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5785, Parent PID: 5582

General

Start time (UTC):	06:34:09
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5785, Parent PID: 5582

General

Start time (UTC):	06:34:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 freecookiex86 \|\| busybox pkill -9 freecookiex86"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5787, Parent PID: 5785

General

Start time (UTC):	06:34:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5787, Parent PID: 5785

General

Start time (UTC):	06:34:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 freecookiex86
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5789, Parent PID: 5785

General

Start time (UTC):	06:34:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5789, Parent PID: 5785

General

Start time (UTC):	06:34:10
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 freecookiex86
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5792, Parent PID: 5582

General

Start time (UTC):	06:34:11
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5792, Parent PID: 5582

General

Start time (UTC):	06:34:11
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 sysgpu \|\| busybox pkill -9 sysgpu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5794, Parent PID: 5792

General

Start time (UTC):	06:34:11
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5794, Parent PID: 5792

General

Start time (UTC):	06:34:11
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysgpu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5795, Parent PID: 5792

General

Start time (UTC):	06:34:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5795, Parent PID: 5792

General

Start time (UTC):	06:34:13
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysgpu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5796, Parent PID: 5582

General

Start time (UTC):	06:34:14
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5796, Parent PID: 5582

General

Start time (UTC):	06:34:14
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 NiGGeR69xd \|\| busybox pkill -9 NiGGeR69xd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5801, Parent PID: 5796

General

Start time (UTC):	06:34:14
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5801, Parent PID: 5796

General

Start time (UTC):	06:34:14
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeR69xd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5802, Parent PID: 5796

General

Start time (UTC):	06:34:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5802, Parent PID: 5796

General

Start time (UTC):	06:34:15
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeR69xd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5805, Parent PID: 5582

General

Start time (UTC):	06:34:16
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5805, Parent PID: 5582

General

Start time (UTC):	06:34:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 frgege \|\| busybox pkill -9 frgege"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5810, Parent PID: 5805

General

Start time (UTC):	06:34:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5810, Parent PID: 5805

General

Start time (UTC):	06:34:16
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgege
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5811, Parent PID: 5805

General

Start time (UTC):	06:34:17
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5811, Parent PID: 5805

General

Start time (UTC):	06:34:17
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgege
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5812, Parent PID: 5582

General

Start time (UTC):	06:34:18
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5812, Parent PID: 5582

General

Start time (UTC):	06:34:18
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 sysupdater \|\| busybox pkill -9 sysupdater"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5814, Parent PID: 5812

General

Start time (UTC):	06:34:18
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5814, Parent PID: 5812

General

Start time (UTC):	06:34:18
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 sysupdater
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5815, Parent PID: 5812

General

Start time (UTC):	06:34:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5815, Parent PID: 5812

General

Start time (UTC):	06:34:20
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 sysupdater
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5818, Parent PID: 5582

General

Start time (UTC):	06:34:21
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5818, Parent PID: 5582

General

Start time (UTC):	06:34:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 0DnAzepd \|\| busybox pkill -9 0DnAzepd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5824, Parent PID: 5818

General

Start time (UTC):	06:34:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5824, Parent PID: 5818

General

Start time (UTC):	06:34:21
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0DnAzepd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5825, Parent PID: 5818

General

Start time (UTC):	06:34:23
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5825, Parent PID: 5818

General

Start time (UTC):	06:34:23
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0DnAzepd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5826, Parent PID: 5582

General

Start time (UTC):	06:34:24
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5826, Parent PID: 5582

General

Start time (UTC):	06:34:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 NiGGeRD0nks69 \|\| busybox pkill -9 NiGGeRD0nks69"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5828, Parent PID: 5826

General

Start time (UTC):	06:34:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5828, Parent PID: 5826

General

Start time (UTC):	06:34:24
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRD0nks69
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5831, Parent PID: 5826

General

Start time (UTC):	06:34:26
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5831, Parent PID: 5826

General

Start time (UTC):	06:34:26
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRD0nks69
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5832, Parent PID: 5582

General

Start time (UTC):	06:34:27
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5832, Parent PID: 5582

General

Start time (UTC):	06:34:27
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 frgreu \|\| busybox pkill -9 frgreu"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5834, Parent PID: 5832

General

Start time (UTC):	06:34:27
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5834, Parent PID: 5832

General

Start time (UTC):	06:34:27
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 frgreu
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5835, Parent PID: 5832

General

Start time (UTC):	06:34:28
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5835, Parent PID: 5832

General

Start time (UTC):	06:34:28
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 frgreu
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5836, Parent PID: 5582

General

Start time (UTC):	06:34:29
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5836, Parent PID: 5582

General

Start time (UTC):	06:34:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 telnetd \|\| busybox pkill -9 telnetd"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5840, Parent PID: 5836

General

Start time (UTC):	06:34:29
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5840, Parent PID: 5836

General

Start time (UTC):	06:34:29
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 telnetd
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5844, Parent PID: 5836

General

Start time (UTC):	06:34:31
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5844, Parent PID: 5836

General

Start time (UTC):	06:34:31
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 telnetd
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5845, Parent PID: 5582

General

Start time (UTC):	06:34:32
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5845, Parent PID: 5582

General

Start time (UTC):	06:34:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 0x766f6964 \|\| busybox pkill -9 0x766f6964"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5847, Parent PID: 5845

General

Start time (UTC):	06:34:32
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5847, Parent PID: 5845

General

Start time (UTC):	06:34:32
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 0x766f6964
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5848, Parent PID: 5845

General

Start time (UTC):	06:34:33
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5848, Parent PID: 5845

General

Start time (UTC):	06:34:33
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 0x766f6964
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5849, Parent PID: 5582

General

Start time (UTC):	06:34:34
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5849, Parent PID: 5582

General

Start time (UTC):	06:34:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 NiGGeRd0nks1337 \|\| busybox pkill -9 NiGGeRd0nks1337"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5851, Parent PID: 5849

General

Start time (UTC):	06:34:34
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5851, Parent PID: 5849

General

Start time (UTC):	06:34:34
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 NiGGeRd0nks1337
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5854, Parent PID: 5849

General

Start time (UTC):	06:34:36
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5854, Parent PID: 5849

General

Start time (UTC):	06:34:36
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 NiGGeRd0nks1337
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5855, Parent PID: 5582

General

Start time (UTC):	06:34:37
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5855, Parent PID: 5582

General

Start time (UTC):	06:34:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 gaft \|\| busybox pkill -9 gaft"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5861, Parent PID: 5855

General

Start time (UTC):	06:34:37
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5861, Parent PID: 5855

General

Start time (UTC):	06:34:37
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 gaft
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5862, Parent PID: 5855

General

Start time (UTC):	06:34:39
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5862, Parent PID: 5855

General

Start time (UTC):	06:34:39
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 gaft
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5864, Parent PID: 5582

General

Start time (UTC):	06:34:40
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5864, Parent PID: 5582

General

Start time (UTC):	06:34:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 urasgbsigboa \|\| busybox pkill -9 urasgbsigboa"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5866, Parent PID: 5864

General

Start time (UTC):	06:34:40
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5866, Parent PID: 5864

General

Start time (UTC):	06:34:40
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 urasgbsigboa
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5869, Parent PID: 5864

General

Start time (UTC):	06:34:42
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5869, Parent PID: 5864

General

Start time (UTC):	06:34:42
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 urasgbsigboa
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5870, Parent PID: 5582

General

Start time (UTC):	06:34:43
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5870, Parent PID: 5582

General

Start time (UTC):	06:34:43
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 120i3UI49 \|\| busybox pkill -9 120i3UI49"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5872, Parent PID: 5870

General

Start time (UTC):	06:34:43
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5872, Parent PID: 5870

General

Start time (UTC):	06:34:43
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 120i3UI49
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5873, Parent PID: 5870

General

Start time (UTC):	06:34:45
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5873, Parent PID: 5870

General

Start time (UTC):	06:34:45
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 120i3UI49
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5876, Parent PID: 5582

General

Start time (UTC):	06:34:46
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5876, Parent PID: 5582

General

Start time (UTC):	06:34:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 OaF3 \|\| busybox pkill -9 OaF3"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5878, Parent PID: 5876

General

Start time (UTC):	06:34:46
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5878, Parent PID: 5876

General

Start time (UTC):	06:34:46
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OaF3
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5879, Parent PID: 5876

General

Start time (UTC):	06:34:48
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5879, Parent PID: 5876

General

Start time (UTC):	06:34:48
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OaF3
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5880, Parent PID: 5582

General

Start time (UTC):	06:34:49
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5880, Parent PID: 5582

General

Start time (UTC):	06:34:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 geae \|\| busybox pkill -9 geae"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5882, Parent PID: 5880

General

Start time (UTC):	06:34:49
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5882, Parent PID: 5880

General

Start time (UTC):	06:34:49
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 geae
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5885, Parent PID: 5880

General

Start time (UTC):	06:34:51
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5885, Parent PID: 5880

General

Start time (UTC):	06:34:51
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 geae
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5886, Parent PID: 5582

General

Start time (UTC):	06:34:52
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5886, Parent PID: 5582

General

Start time (UTC):	06:34:52
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 vaiolmao \|\| busybox pkill -9 vaiolmao"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5888, Parent PID: 5886

General

Start time (UTC):	06:34:52
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5888, Parent PID: 5886

General

Start time (UTC):	06:34:52
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 vaiolmao
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5889, Parent PID: 5886

General

Start time (UTC):	06:34:53
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5889, Parent PID: 5886

General

Start time (UTC):	06:34:53
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 vaiolmao
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5890, Parent PID: 5582

General

Start time (UTC):	06:34:54
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5890, Parent PID: 5582

General

Start time (UTC):	06:34:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 123123a \|\| busybox pkill -9 123123a"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5896, Parent PID: 5890

General

Start time (UTC):	06:34:54
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5896, Parent PID: 5890

General

Start time (UTC):	06:34:54
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 123123a
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5899, Parent PID: 5890

General

Start time (UTC):	06:34:56
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5899, Parent PID: 5890

General

Start time (UTC):	06:34:56
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 123123a
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5900, Parent PID: 5582

General

Start time (UTC):	06:34:57
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5900, Parent PID: 5582

General

Start time (UTC):	06:34:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 Ofurain0n4H34D \|\| busybox pkill -9 Ofurain0n4H34D"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5905, Parent PID: 5900

General

Start time (UTC):	06:34:57
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5905, Parent PID: 5900

General

Start time (UTC):	06:34:57
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 Ofurain0n4H34D
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5906, Parent PID: 5900

General

Start time (UTC):	06:34:58
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5906, Parent PID: 5900

General

Start time (UTC):	06:34:58
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 Ofurain0n4H34D
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5907, Parent PID: 5582

General

Start time (UTC):	06:34:59
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5907, Parent PID: 5582

General

Start time (UTC):	06:34:59
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 ggTrex \|\| busybox pkill -9 ggTrex"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5909, Parent PID: 5907

General

Start time (UTC):	06:34:59
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5909, Parent PID: 5907

General

Start time (UTC):	06:34:59
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggTrex
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5912, Parent PID: 5907

General

Start time (UTC):	06:35:01
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5912, Parent PID: 5907

General

Start time (UTC):	06:35:01
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggTrex
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5913, Parent PID: 5582

General

Start time (UTC):	06:35:02
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5913, Parent PID: 5582

General

Start time (UTC):	06:35:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 wasads \|\| busybox pkill -9 wasads"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5917, Parent PID: 5913

General

Start time (UTC):	06:35:02
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5917, Parent PID: 5913

General

Start time (UTC):	06:35:02
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wasads
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5919, Parent PID: 5913

General

Start time (UTC):	06:35:04
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5919, Parent PID: 5913

General

Start time (UTC):	06:35:04
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wasads
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5920, Parent PID: 5582

General

Start time (UTC):	06:35:05
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5920, Parent PID: 5582

General

Start time (UTC):	06:35:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 1293194hjXD \|\| busybox pkill -9 1293194hjXD"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5926, Parent PID: 5920

General

Start time (UTC):	06:35:05
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5926, Parent PID: 5920

General

Start time (UTC):	06:35:05
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1293194hjXD
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5931, Parent PID: 5920

General

Start time (UTC):	06:35:06
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5931, Parent PID: 5920

General

Start time (UTC):	06:35:06
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1293194hjXD
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5932, Parent PID: 5582

General

Start time (UTC):	06:35:07
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5932, Parent PID: 5582

General

Start time (UTC):	06:35:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 OthLaLosn \|\| busybox pkill -9 OthLaLosn"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5937, Parent PID: 5932

General

Start time (UTC):	06:35:07
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5937, Parent PID: 5932

General

Start time (UTC):	06:35:07
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 OthLaLosn
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5938, Parent PID: 5932

General

Start time (UTC):	06:35:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5938, Parent PID: 5932

General

Start time (UTC):	06:35:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 OthLaLosn
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5939, Parent PID: 5582

General

Start time (UTC):	06:35:10
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5939, Parent PID: 5582

General

Start time (UTC):	06:35:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 ggt \|\| busybox pkill -9 ggt"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5942, Parent PID: 5939

General

Start time (UTC):	06:35:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5942, Parent PID: 5939

General

Start time (UTC):	06:35:10
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggt
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5945, Parent PID: 5939

General

Start time (UTC):	06:35:12
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5945, Parent PID: 5939

General

Start time (UTC):	06:35:12
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggt
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5946, Parent PID: 5582

General

Start time (UTC):	06:35:13
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5946, Parent PID: 5582

General

Start time (UTC):	06:35:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 wget-log \|\| busybox pkill -9 wget-log"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5948, Parent PID: 5946

General

Start time (UTC):	06:35:13
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5948, Parent PID: 5946

General

Start time (UTC):	06:35:13
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 wget-log
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5949, Parent PID: 5946

General

Start time (UTC):	06:35:15
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5949, Parent PID: 5946

General

Start time (UTC):	06:35:15
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 wget-log
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5952, Parent PID: 5582

General

Start time (UTC):	06:35:16
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5952, Parent PID: 5582

General

Start time (UTC):	06:35:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 1337SoraLOADER \|\| busybox pkill -9 1337SoraLOADER"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5957, Parent PID: 5952

General

Start time (UTC):	06:35:16
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5957, Parent PID: 5952

General

Start time (UTC):	06:35:16
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1337SoraLOADER
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5958, Parent PID: 5952

General

Start time (UTC):	06:35:18
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5958, Parent PID: 5952

General

Start time (UTC):	06:35:18
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 1337SoraLOADER
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5959, Parent PID: 5582

General

Start time (UTC):	06:35:19
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5959, Parent PID: 5582

General

Start time (UTC):	06:35:19
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 SAIAKINA \|\| busybox pkill -9 SAIAKINA"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5964, Parent PID: 5959

General

Start time (UTC):	06:35:19
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5964, Parent PID: 5959

General

Start time (UTC):	06:35:19
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 SAIAKINA
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5965, Parent PID: 5959

General

Start time (UTC):	06:35:20
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5965, Parent PID: 5959

General

Start time (UTC):	06:35:20
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 SAIAKINA
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5968, Parent PID: 5582

General

Start time (UTC):	06:35:21
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5968, Parent PID: 5582

General

Start time (UTC):	06:35:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 ggtq \|\| busybox pkill -9 ggtq"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5970, Parent PID: 5968

General

Start time (UTC):	06:35:21
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5970, Parent PID: 5968

General

Start time (UTC):	06:35:21
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 ggtq
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Analysis Process: sh PID: 5971, Parent PID: 5968

General

Start time (UTC):	06:35:23
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: busybox PID: 5971, Parent PID: 5968

General

Start time (UTC):	06:35:23
Start date (UTC):	25/10/2024
Path:	/usr/bin/busybox
Arguments:	busybox pkill -9 ggtq
File size:	2172376 bytes
MD5 hash:	70584dffe9cb0309eb22ba78aa54bcdc

Analysis Process: yakuza.arm6.elf PID: 5972, Parent PID: 5582

General

Start time (UTC):	06:35:24
Start date (UTC):	25/10/2024
Path:	/tmp/yakuza.arm6.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: sh PID: 5972, Parent PID: 5582

General

Start time (UTC):	06:35:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	sh -c "pkill -9 1378bfp919GRB1Q2 \|\| busybox pkill -9 1378bfp919GRB1Q2"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: sh PID: 5974, Parent PID: 5972

General

Start time (UTC):	06:35:24
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: pkill PID: 5974, Parent PID: 5972

General

Start time (UTC):	06:35:24
Start date (UTC):	25/10/2024
Path:	/usr/bin/pkill
Arguments:	pkill -9 1378bfp919GRB1Q2
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report yakuza.arm6.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

IRC Packets

System Behavior

Analysis Process: yakuza.arm6.elf PID: 5580, Parent PID: 5499

General

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5582, Parent PID: 5580

General

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5588, Parent PID: 5582

General

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5590, Parent PID: 5582

General

Chronological Activities

Analysis Process: yakuza.arm6.elf PID: 5620, Parent PID: 5590

General

Chronological Activities

Linux Analysis Report
yakuza.arm6.elf