Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.v:fV66PV,PV!E(:'51(v:fNNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.v:f66PV,PV!E(4x;]5
#v:f8NNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.v:fC66PV,PV!E(:P5v:fDNNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.v:fW66PV,PV!E(j:C5
v:fNNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.v:f66PV,PV!E()exF5nv:fgJJPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.w:fl66PV,PV!E(zIx5<"sw:fNNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.w:f66PV,PV!E(NDx!53"sw:fNNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.w:fY/66PV,PV!E(>:o52"sw:f0NNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.w:f'766PV,PV!E(7x5"sw:f9NNPV!PV |
Source: unknown |
DNS traffic detected: query: net.kovey-net.lol.w:fS66PV,PV!E(:$5g"sw:f3JJPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.v:fV66PV,PV!E(:'51(v:fNNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.v:f66PV,PV!E(4x;]5
#v:f8NNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.v:fC66PV,PV!E(:P5v:fDNNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.v:fW66PV,PV!E(j:C5
v:fNNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.v:f66PV,PV!E()exF5nv:fgJJPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: daisy.ubuntu.com |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.w:fl66PV,PV!E(zIx5<"sw:fNNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.w:f66PV,PV!E(NDx!53"sw:fNNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.w:fY/66PV,PV!E(>:o52"sw:f0NNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.w:f'766PV,PV!E(7x5"sw:f9NNPV!PV |
Source: global traffic |
DNS traffic detected: DNS query: net.kovey-net.lol.w:fS66PV,PV!E(:$5g"sw:f3JJPV!PV |
Source: Aqua.arm7-20240507-1844.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Aqua.arm7-20240507-1844.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6222.1.00007ff4f8017000.00007ff4f8032000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6222.1.00007ff4f8017000.00007ff4f8032000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: Aqua.arm7-20240507-1844.elf PID: 6222, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: Aqua.arm7-20240507-1844.elf PID: 6222, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Aqua.arm7-20240507-1844.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Aqua.arm7-20240507-1844.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6222.1.00007ff4f8017000.00007ff4f8032000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6222.1.00007ff4f8017000.00007ff4f8032000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: Aqua.arm7-20240507-1844.elf PID: 6222, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: Aqua.arm7-20240507-1844.elf PID: 6222, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: /lib/systemd/systemd-logind (PID: 6271) |
Directory: <invalid fd (18)>/.. |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
Directory: <invalid fd (17)>/.. |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/seats/.#seat0nZ62Ip |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/users/.#127H7C8Op |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/users/.#127x4TTzp |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/seats/.#seat0Kk2hHm |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/users/.#127iyODDm |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/users/.#127E4CdGo |
Jump to behavior |
Source: /lib/systemd/systemd-logind (PID: 6271) |
File: /run/systemd/users/.#127FhSaSl |
Jump to behavior |
Source: /usr/lib/policykit-1/polkitd (PID: 6333) |
Directory: /root/.cache |
Jump to behavior |
Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6399) |
Directory: /var/lib/gdm3/.cache |
Jump to behavior |
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6380) |
Directory: /var/lib/gdm3/.pam_environment |
Jump to behavior |
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6380) |
Directory: /root/.cache |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6230/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6230/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6232/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6232/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6231/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6231/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6234/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6234/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6233/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6233/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6236/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6236/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6235/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6235/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/3088/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/3088/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/230/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/230/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/110/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/110/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/231/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/231/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/111/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/111/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/232/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/232/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/112/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/112/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/233/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/233/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/113/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/113/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/234/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/234/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1335/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1335/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/114/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/114/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/235/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/235/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1334/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1334/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/2302/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/2302/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/115/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/115/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/236/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/236/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/116/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/116/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/237/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/237/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/117/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/117/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/118/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/118/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/910/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/910/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/119/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/119/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6226/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6226/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6229/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6229/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6228/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6228/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/10/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/10/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/2307/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/2307/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/11/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/11/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/12/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/12/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6361/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6361/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/13/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/13/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6364/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6364/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/14/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/14/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/15/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/15/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6245/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6245/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/16/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/16/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6244/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6244/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6365/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6365/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/17/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/17/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6247/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6247/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/18/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/18/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6246/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/6246/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/120/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/120/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/121/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/121/cmdline |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1/status |
Jump to behavior |
Source: /usr/bin/pkill (PID: 6365) |
File opened: /proc/1/cmdline |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6343) |
Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6345) |
Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6347) |
Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6352) |
Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6354) |
Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6356) |
Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6359) |
Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/bin/gpu-manager (PID: 6362) |
Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" |
Jump to behavior |
Source: /usr/share/language-tools/language-options (PID: 6392) |
Shell command executed: sh -c "locale -a | grep -F .utf8 " |
Jump to behavior |
Source: /bin/sh (PID: 6344) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6346) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6348) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6353) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6355) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6357) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6360) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf |
Jump to behavior |
Source: /bin/sh (PID: 6363) |
Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf |
Jump to behavior |
Source: /bin/sh (PID: 6394) |
Grep executable: /usr/bin/grep -> grep -F .utf8 |
Jump to behavior |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.00007ffede368000.00007ffede389000.rw-.sdmp |
Binary or memory string: |1x86_64/usr/bin/qemu-arm/tmp/Aqua.arm7-20240507-1844.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.arm7-20240507-1844.elf |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.00007ffede368000.00007ffede389000.rw-.sdmp |
Binary or memory string: /tmp/qemu-open.0an21F |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.00007ffede368000.00007ffede389000.rw-.sdmp |
Binary or memory string: V/tmp/qemu-open.0an21F: |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.0000561690901000.0000561690a52000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/arm |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.0000561690901000.0000561690a52000.rw-.sdmp |
Binary or memory string: V!/etc/qemu-binfmt/arm |
Source: Aqua.arm7-20240507-1844.elf, 6222.1.00007ffede368000.00007ffede389000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-arm |