Linux Analysis Report
vqsjh4.elf

Overview

General Information

Sample name: vqsjh4.elf
Analysis ID: 1560604
MD5: cbe293c20f35d924a4db7bbc4a2019bc
SHA1: ae5972538150e47965fc690d03a8b4f6bfa2ba12
SHA256: 7ee2658dadda272b56464d8400700bed1338707ab1a6b65c83d0d6dbf6f619d3
Tags: elfuser-abuse_ch
Infos:

Detection

Mirai
Score: 100
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Mirai
Reads system files that contain records of logged in users
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sends malformed DNS queries
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: vqsjh4.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: vqsjh4.elf ReversingLabs: Detection: 39%
Source: vqsjh4.elf Virustotal: Detection: 38% Perma Link
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/ps (PID: 5596) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/ps (PID: 5974) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5738) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5836) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5881) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5980) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 6070) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6021) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6181) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6189) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 6263) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6302) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/gnome-shell (PID: 6341) Reads CPU info from /sys: /sys/devices/system/cpu/online
Found strings indicative of a multi-platform dropper
Source: vqsjh4.elf String: AEOF/proc//proc/%s/cmdlinewgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Networking
barindex
Sends malformed DNS queries
Source: global traffic DNS traffic detected: malformed DNS query: ksdjwi.eye-network.ru. [malformed]
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:44728 -> 89.190.156.145:7733
Source: global traffic TCP traffic: 192.168.2.13:49802 -> 154.216.16.109:33966
Reads the 'hosts' file potentially containing internal network hosts
Source: /usr/sbin/rsyslogd (PID: 5739) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5859) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5886) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5953) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6157) Reads hosts file: /etc/hosts
Sample listens on a socket
Source: /lib/systemd/systemd-journald (PID: 5719) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) Socket: unknown address family Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5990) Socket: unknown address family
Source: /usr/bin/dbus-daemon (PID: 6030) Socket: unknown address family
Source: /usr/libexec/gnome-session-binary (PID: 6032) Socket: unknown address family
Source: /usr/lib/xorg/Xorg (PID: 6070) Socket: unknown address family
Source: /usr/bin/dbus-daemon (PID: 6087) Socket: unknown address family
Source: /lib/systemd/systemd (PID: 6013) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6155) Socket: unknown address family
Source: /usr/sbin/gdm3 (PID: 6203) Socket: unknown address family
Source: /usr/bin/dbus-daemon (PID: 6227) Socket: unknown address family
Source: /usr/libexec/gnome-session-binary (PID: 6228) Socket: unknown address family
Source: /usr/lib/xorg/Xorg (PID: 6263) Socket: unknown address family
Source: /usr/bin/dbus-daemon (PID: 6280) Socket: unknown address family
Source: /usr/bin/dbus-daemon (PID: 6301) Socket: unknown address family
Source: /usr/libexec/gnome-session-binary (PID: 6281) Socket: unknown address family
Source: /usr/bin/ibus-daemon (PID: 6492) Socket: unknown address family
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 34.243.160.129
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 34.243.160.129
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: global traffic DNS traffic detected: DNS query: ksdjwi.eye-network.ru
Source: global traffic DNS traffic detected: DNS query: ksdjwi.eye-network.ru. [malformed]
Source: Xorg.0.log.447.dr, syslog.328.dr, syslog.169.dr, Xorg.0.log.299.dr String found in binary or memory: http://wiki.x.org
Source: Xorg.0.log.447.dr, syslog.328.dr, syslog.169.dr, Xorg.0.log.299.dr String found in binary or memory: http://www.ubuntu.com/support)
Source: syslog.115.dr, syslog.159.dr, syslog.45.dr, syslog.328.dr, syslog.169.dr String found in binary or memory: https://www.rsyslog.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50528
Source: unknown Network traffic detected: HTTP traffic on port 50528 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: vqsjh4.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5426.1.00007f61fc400000.00007f61fc41f000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: vqsjh4.elf PID: 5426, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 2, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 3, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 4, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 5, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 6, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 7, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 8, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 9, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 10, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 11, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 12, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 13, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 14, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 15, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 16, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 17, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 18, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 19, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 20, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 21, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 22, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 23, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 24, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 25, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 26, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 27, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 28, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 29, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 30, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 35, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 77, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 78, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 79, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 80, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 81, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 82, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 83, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 84, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 85, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 86, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 88, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 89, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 91, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 92, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 93, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 94, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 95, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 96, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 97, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 98, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 99, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 100, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 101, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 102, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 103, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 104, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 105, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 106, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 107, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 108, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 109, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 110, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 111, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 112, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 113, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 114, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 115, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 116, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 117, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 118, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 119, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 120, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 121, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 122, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 123, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 124, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 125, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 126, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 127, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 128, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 129, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 130, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 131, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 132, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 134, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 142, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 145, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 158, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 202, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 203, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 204, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 205, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 206, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 207, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 216, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 219, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 220, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 221, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 222, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 223, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 224, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 225, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 226, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 227, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 228, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 229, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 230, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 231, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 232, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 233, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 234, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 235, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 236, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 237, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 238, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 239, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 240, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 241, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 242, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 243, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 244, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 245, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 246, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 247, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 248, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 249, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 250, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 251, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 252, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 253, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 254, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 255, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 256, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 257, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 258, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 259, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 260, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 261, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 262, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 263, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 264, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 265, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 266, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 267, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 268, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 269, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 270, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 271, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 272, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 273, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 274, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 275, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 276, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 291, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 293, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 298, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 299, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 303, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 304, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 306, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 307, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 308, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 309, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 310, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 311, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 312, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 313, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 314, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 315, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 316, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 317, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 318, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 319, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 320, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 321, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 322, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 323, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 324, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 325, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 326, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 327, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 328, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 332, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 347, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 371, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 378, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 418, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 419, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 490, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 508, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 518, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 519, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 656, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 657, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 658, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 659, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 660, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 672, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 674, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 676, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 678, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 679, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 680, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 726, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 727, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 765, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 767, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 778, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 780, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 783, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 790, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 792, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 793, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 795, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 797, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 800, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 802, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 803, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 816, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 855, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 884, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 914, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 917, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent to PID below 1000: pid: 936, result: successful Jump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3697, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5434, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 86, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 129, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 131, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 134, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 142, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 145, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 206, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 238, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 239, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 241, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 242, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 244, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 245, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 246, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 247, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 268, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 273, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 275, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 276, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 291, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 298, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 299, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 303, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 304, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 306, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 307, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 308, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 309, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 310, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 311, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 312, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 313, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 314, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 315, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 316, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 317, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 318, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 319, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 320, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 321, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 323, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 325, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 332, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 347, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 371, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 378, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 418, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 508, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 518, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 519, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 656, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 659, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 672, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 676, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 678, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 679, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 680, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 792, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 793, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 797, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 800, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 802, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 803, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 816, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 855, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 884, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 914, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 917, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1238, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1400, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1410, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1411, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1432, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1444, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1648, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1804, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1832, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1969, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2496, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2926, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2961, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2964, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2972, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2974, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2984, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3069, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3095, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3100, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3104, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3110, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3114, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3117, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3122, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3134, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3146, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3147, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3153, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3158, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3161, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3162, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3163, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3164, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3165, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3170, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3181, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3182, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3183, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3185, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3203, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3208, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3209, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3212, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3220, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3225, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3246, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3300, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3310, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3315, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3327, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3336, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3342, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3375, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3413, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3420, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3424, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3429, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3434, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3442, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3448, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3455, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3633, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3708, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3709, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3710, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3711, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3764, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5218, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5268, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5373, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5412, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5413, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5439, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5441, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5442, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5443, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5444, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5445, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5446, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5447, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5448, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5449, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5450, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5451, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5452, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5453, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5454, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5455, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5456, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5457, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5458, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5590, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5591, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5594, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5596, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5728, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5738, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5809, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5858, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5859, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5719, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5743, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5884, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5885, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5886, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5729, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5891, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5894, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5951, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5952, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5953, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5972, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5974, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5990, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6024, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6092, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6093, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6154, result: successful Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6280) SIGKILL sent: pid: 6295, result: successful
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: BusyBox
Source: Initial sample String containing 'busybox' found: BusyBoxps:/proc/%d/exe[killer/exe] killed process: %s ;; pid: %d
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3697, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5434, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 86, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 129, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 131, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 134, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 142, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 145, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 206, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 238, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 239, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 241, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 242, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 244, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 245, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 246, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 247, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 268, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 273, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 275, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 276, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 291, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 298, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 299, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 303, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 304, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 306, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 307, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 308, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 309, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 310, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 311, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 312, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 313, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 314, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 315, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 316, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 317, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 318, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 319, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 320, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 321, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 323, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 325, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 332, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 347, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 371, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 378, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 418, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 508, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 518, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 519, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 656, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 659, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 672, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 676, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 678, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 679, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 680, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 792, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 793, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 797, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 800, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 802, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 803, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 816, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 855, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 884, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 914, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 917, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1238, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1400, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1410, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1411, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1432, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1444, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1648, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1804, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1832, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 1969, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2496, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2926, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2961, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2964, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2972, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2974, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 2984, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3069, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3095, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3100, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3104, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3110, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3114, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3117, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3122, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3134, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3146, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3147, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3153, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3158, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3161, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3162, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3163, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3164, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3165, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3170, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3181, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3182, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3183, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3185, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3203, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3208, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3209, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3212, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3220, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3225, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3246, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3300, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3310, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3315, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3327, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3336, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3342, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3375, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3413, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3420, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3424, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3429, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3434, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3442, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3448, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3455, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3633, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3708, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3709, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3710, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3711, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 3764, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5218, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5268, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5373, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5412, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5413, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5439, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5441, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5442, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5443, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5444, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5445, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5446, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5447, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5448, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5449, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5450, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5451, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5452, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5453, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5454, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5455, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5456, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5457, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5458, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5590, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5591, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5594, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5596, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5728, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5738, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5809, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5858, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5859, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5719, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5743, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5884, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5885, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5886, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5729, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5891, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5894, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5951, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5952, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5953, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5972, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5974, result: no such process Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 5990, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6024, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6092, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6093, result: successful Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5430) SIGKILL sent: pid: 6154, result: successful Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6280) SIGKILL sent: pid: 6295, result: successful
Yara signature match
Source: vqsjh4.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5426.1.00007f61fc400000.00007f61fc41f000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: vqsjh4.elf PID: 5426, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engine Classification label: mal100.spre.troj.evad.linELF@0/245@66/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /usr/bin/dbus-daemon (PID: 5728) File: /proc/5728/mounts Jump to behavior
Source: /bin/fusermount (PID: 5829) File: /proc/5829/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5952) File: /proc/5952/mounts
Source: /usr/bin/dbus-daemon (PID: 6030) File: /proc/6030/mounts
Source: /usr/bin/dbus-daemon (PID: 6087) File: /proc/6087/mounts
Source: /usr/bin/dbus-daemon (PID: 6024) File: /proc/6024/mounts
Source: /usr/bin/dbus-daemon (PID: 6222) File: /proc/6222/mounts
Source: /usr/bin/dbus-daemon (PID: 6156) File: /proc/6156/mounts
Source: /usr/bin/dbus-daemon (PID: 6188) File: /proc/6188/mounts
Source: /usr/bin/dbus-daemon (PID: 6227) File: /proc/6227/mounts
Source: /usr/bin/dbus-daemon (PID: 6280) File: /proc/6280/mounts
Source: /usr/bin/dbus-daemon (PID: 6301) File: /proc/6301/mounts
Source: /usr/bin/gnome-shell (PID: 6341) File: /proc/6341/mounts
Creates hidden files and/or directories
Source: /usr/libexec/gsd-rfkill (PID: 5434) Directory: <invalid fd (9)>/.. Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5434) Directory: <invalid fd (8)>/.. Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5439) Directory: <invalid fd (10)>/.. Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:6292388GBwD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:62925wCQ3jC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:63083NzRQXC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:63098z9NdlE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:63273f4ztlC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:633713aVsyC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:63406GyvirF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:64678MvfFpD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:65729BdS3jG Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:6582174yFfE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:65909ooLrAF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:66005tEG3YB Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:66124UkKYNF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:662974gcYCD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) File: /run/systemd/journal/streams/.#9:66382pKA9mF Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5743) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5743) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5743) File: /run/systemd/seats/.#seat0C6DGSs Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5805) Directory: /root/.cache Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5849) Directory: /root/.cache Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67066WCv40C Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67067mrUnJF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67068VxdrmC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67083f6vI9C Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67084FAbgGG Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:670857Uuj8E Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67163UCC0JC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67165fvqDFE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67255HqwMDF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67685ebVStE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67388MRnhhD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67390XdSkJG Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67499wYL8SD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67742XBPJRC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67766wJIxPE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67772WfmdCE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:677744LDODG Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:677753oXkQC Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:678198AFzEE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:67827TfCy0C Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:68896NA9nrD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:68992rvjzKE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:68994EZyMyE Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:690391rf9zF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:690414LrkhF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:69120bKq4zD Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:691224aZcpF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) File: /run/systemd/journal/streams/.#9:69172aqWHAG Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat0qo3flR
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127kn7ErR
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127mxegtQ
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (20)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (19)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat0gAYdcR
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127S4z9kS
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c1zafapS
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127grA2PT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat00JqDaT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127VQf0rQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c1Pff3ES
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c1Wpk6zT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127lFXjqT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c1OBsUtS
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c1m5rrWT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c18SIFsQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#1275vbE7R
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat0Vo4IeQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127joqvGU
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat01yPdhQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127Ciz0UQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat0OiT4OR
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127ZbY85Q
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c28ShBAS
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#1271z7ZcU
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/seats/.#seat0tDoKYR
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2tyJuoT
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c21ja5uU
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/users/.#127qdw6VQ
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2WsBGAR
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (21)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (20)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2owUsEU
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (22)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (21)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2bZnxkR
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (23)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (22)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2toy01R
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (24)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) Directory: <invalid fd (23)>/..
Source: /lib/systemd/systemd-logind (PID: 5894) File: /run/systemd/sessions/.#c2DoAHfS
Source: /usr/bin/gnome-shell (PID: 6055) Directory: <invalid fd (11)>/..
Source: /usr/bin/gnome-shell (PID: 6055) Directory: <invalid fd (10)>/..
Source: /usr/lib/xorg/Xorg (PID: 6070) Directory: <invalid fd (23)>/..
Source: /usr/lib/xorg/Xorg (PID: 6070) Directory: <invalid fd (22)>/..
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5994) Directory: /var/lib/gdm3/.pam_environment
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5994) Directory: /root/.cache
Source: /usr/lib/policykit-1/polkitd (PID: 6003) Directory: /root/.cache
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (15)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (14)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (19)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (23)>/..
Source: /lib/systemd/systemd (PID: 6013) Directory: <invalid fd (22)>/..
Source: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator (PID: 6016) Directory: <invalid fd (4)>/.config
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (5)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (4)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat08ICyhc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127C6CMag
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127m32PNf
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (20)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (14)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat00VLW6c
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127vmUZMe
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1A4HcZc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127ncdj1c
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat001gstd
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127zYpbOc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1PjuARe
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1JO8TTe
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127m2dojg
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1isnEQc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1DjPMHd
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c1E2msjg
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127FW9IAc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat0dNVZUd
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127nNTceg
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat0VUL7Wd
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127wmkYZc
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat0sUhoHf
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127a0De9f
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2ntO00e
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127SPslXb
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/seats/.#seat0fTNP1f
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2dUm8Yf
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c257I38b
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/users/.#127BCHpzf
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2y7pySd
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (21)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (20)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2f8pfOd
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (22)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (21)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2dBL4Kf
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (23)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (22)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2sWN4ud
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (24)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) Directory: <invalid fd (23)>/..
Source: /lib/systemd/systemd-logind (PID: 6097) File: /run/systemd/sessions/.#c2YSjhec
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70077KhCX2B
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:700787A6YeE
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70081WXBUPB
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70082xDlWwD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70093frtu4z
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:701004sozdB
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70101D85c1z
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:701021h9J8D
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70697218Y3C
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70709nS1JMz
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:707158EEO6B
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70308YivxQC
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70433CvqNNC
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70521OHR7cD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:709265YWBcE
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70927gTEczD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:709567wXMOD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70957GDjXKz
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:70997whIuQz
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71046U4QmYD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71089rlFdLC
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71090mvzfGC
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71123dNbXTB
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71124TfX9AD
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71192L7qVnB
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71193nQBGlB
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71360V5vz0A
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71600cPVQbC
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:71601csgg7D
Source: /lib/systemd/systemd-journald (PID: 6155) File: /run/systemd/journal/streams/.#9:720680dMBTC
Source: /usr/lib/policykit-1/polkitd (PID: 6193) Directory: /root/.cache
Source: /usr/bin/gnome-shell (PID: 6248) Directory: <invalid fd (11)>/..
Source: /usr/bin/gnome-shell (PID: 6248) Directory: <invalid fd (10)>/..
Source: /usr/lib/xorg/Xorg (PID: 6263) Directory: <invalid fd (23)>/..
Source: /usr/lib/xorg/Xorg (PID: 6263) Directory: <invalid fd (22)>/..
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Directory: /var/lib/gdm3/.drirc
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6302) Directory: /var/lib/gdm3/.drirc
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Directory: /var/lib/gdm3/.drirc
Source: /usr/bin/gnome-shell (PID: 6341) Directory: /var/lib/gdm3/.drirc
Source: /usr/bin/gnome-shell (PID: 6341) Directory: <invalid fd (12)>/..
Source: /usr/bin/gnome-shell (PID: 6341) Directory: <invalid fd (11)>/..
Source: /usr/bin/gnome-shell (PID: 6341) Directory: /var/lib/gdm3/.Xdefaults
Source: /usr/bin/gnome-shell (PID: 6341) Directory: /var/lib/gdm3/.Xdefaults-galassia
Source: /usr/bin/gnome-shell (PID: 6341) Directory: <invalid fd (14)>/..
Source: /usr/bin/gnome-shell (PID: 6341) Directory: <invalid fd (13)>/..
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6207) Directory: /var/lib/gdm3/.pam_environment
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6207) Directory: /root/.cache
Enumerates processes within the "proc" file system
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6097/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6155/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6157/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6256/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6311/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6156/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6013/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6070/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6190/cgroup
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/comm
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/cmdline
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/status
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/attr/current
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/sessionid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/loginuid
Source: /lib/systemd/systemd-journald (PID: 6155) File opened: /proc/6193/cgroup
Executes commands using a shell command-line interpreter
Source: /tmp/vqsjh4.elf (PID: 5594) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /tmp/vqsjh4.elf (PID: 5972) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5812) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5817) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5819) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5822) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5824) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5826) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5828) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5833) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 5855) Shell command executed: sh -c "locale -a | grep -F .utf8 " Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5864) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5866) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5868) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5870) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5872) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5874) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5876) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5878) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5958) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5960) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5962) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5964) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5966) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5968) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5970) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5975) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/lib/xorg/Xorg (PID: 6079) Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
Source: /usr/share/language-tools/language-options (PID: 6000) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /usr/bin/gpu-manager (PID: 6162) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6164) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6168) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6170) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6172) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6174) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6176) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6178) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/lib/xorg/Xorg (PID: 6272) Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
Source: /usr/lib/xorg/Xorg (PID: 6499) Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
Source: /usr/share/language-tools/language-options (PID: 6213) Shell command executed: sh -c "locale -a | grep -F .utf8 "
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/sh (PID: 5816) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5818) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5820) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5823) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5825) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5827) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5830) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5834) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5857) Grep executable: /usr/bin/grep -> grep -F .utf8 Jump to behavior
Source: /bin/sh (PID: 5865) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5867) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5869) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5871) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5873) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5875) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5877) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5879) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5959) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5961) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5963) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5965) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5967) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5969) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5971) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5976) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6002) Grep executable: /usr/bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 6163) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6165) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6169) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6171) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6173) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6175) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6177) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6179) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6215) Grep executable: /usr/bin/grep -> grep -F .utf8
Executes the "kill" or "pkill" command typically used to terminate processes
Source: /usr/share/gdm/generate-config (PID: 5836) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5881) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5980) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6181) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Executes the "ps" command used to list the status of processes
Source: /bin/sh (PID: 5596) Ps executable: /usr/bin/ps -> ps -e -o pid,args= Jump to behavior
Source: /bin/sh (PID: 5974) Ps executable: /usr/bin/ps -> ps -e -o pid,args= Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /usr/bin/dash (PID: 5588) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IkyvwMlTMD /tmp/tmp.ZjrrwLIcUA /tmp/tmp.zzdJNYn8ox Jump to behavior
Source: /usr/bin/dash (PID: 5589) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.IkyvwMlTMD /tmp/tmp.ZjrrwLIcUA /tmp/tmp.zzdJNYn8ox Jump to behavior
Executes the "systemctl" command used for controlling the systemd system and service manager
Source: /lib/systemd/systemd (PID: 6020) Systemctl executable: /bin/systemctl -> /bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
Reads system information from the proc file system
Source: /usr/bin/ps (PID: 5596) Reads from proc file: /proc/meminfo Jump to behavior
Source: /usr/bin/ps (PID: 5974) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6155) Reads from proc file: /proc/meminfo
Reads system version information
Source: /sbin/agetty (PID: 5809) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 5858) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 5951) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6094) Reads version info: /etc/issue
Sample tries to set the executable flag
Source: /usr/sbin/gdm3 (PID: 5845) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5845) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5849) File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5849) File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5990) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)
Source: /usr/sbin/gdm3 (PID: 5990) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5994) File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5994) File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)
Source: /usr/bin/pulseaudio (PID: 6021) File: /run/user/127/pulse (bits: - usr: - grp: - all: rwx)
Source: /usr/sbin/gdm3 (PID: 6203) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)
Source: /usr/sbin/gdm3 (PID: 6203) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6207) File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6207) File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)
Source: /usr/sbin/rsyslogd (PID: 5739) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5739) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 5811) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5859) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5863) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5886) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5953) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5953) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 5954) Log file created: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 6070) Log file created: /var/log/Xorg.0.log
Source: /usr/sbin/rsyslogd (PID: 6157) Log file created: /var/log/kern.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6157) Log file created: /var/log/auth.log Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 6158) Log file created: /var/log/gpu-manager.log Jump to dropped file
Source: /usr/lib/xorg/Xorg (PID: 6263) Log file created: /var/log/Xorg.0.log Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/vqsjh4.elf (PID: 5428) File: /tmp/vqsjh4.elf Jump to behavior
Deletes log files
Source: /usr/bin/gpu-manager (PID: 5811) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5863) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5954) Truncated file: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 6070) Truncated file: /var/log/Xorg.pid-6070.log
Source: /usr/bin/gpu-manager (PID: 6158) Truncated file: /var/log/gpu-manager.log
Source: /usr/lib/xorg/Xorg (PID: 6263) Truncated file: /var/log/Xorg.pid-6263.log
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/ps (PID: 5596) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/ps (PID: 5974) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5738) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5836) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5881) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5980) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 6070) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6021) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6181) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6189) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/lib/xorg/Xorg (PID: 6263) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6302) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/gnome-shell (PID: 6341) Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/vqsjh4.elf (PID: 5426) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5439) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5719) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5738) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5739) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5809) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5811) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5858) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5859) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5863) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5886) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5891) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5951) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 5953) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 5954) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6007) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-binary (PID: 6032) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6063) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-x-session (PID: 6068) Queries kernel information via 'uname':
Source: /usr/lib/xorg/Xorg (PID: 6070) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6089) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6021) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6094) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6155) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6157) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6158) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6189) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6216) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-binary (PID: 6228) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6256) Queries kernel information via 'uname':
Source: /usr/lib/gdm3/gdm-x-session (PID: 6261) Queries kernel information via 'uname':
Source: /usr/lib/xorg/Xorg (PID: 6263) Queries kernel information via 'uname':
Source: /usr/libexec/at-spi-bus-launcher (PID: 6296) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-binary (PID: 6281) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated (PID: 6282) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated-gl-helper (PID: 6302) Queries kernel information via 'uname':
Source: /usr/libexec/gnome-session-check-accelerated-gles-helper (PID: 6311) Queries kernel information via 'uname':
Source: /usr/bin/gnome-shell (PID: 6341) Queries kernel information via 'uname':
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.476] (--) vmware(0): mwidt: 1176
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.848] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.938] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.775] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:20 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.608] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.977] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.056] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 281.984] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.587] (==) vmware(0): Using HW cursor
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.009] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): mheig: 885
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.417] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.643] (--) vmware(0): depth: 24
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.546] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.419] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (--) vmware(0): w.grn: 8
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Initialized VMware Xinerama extension.
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.863] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.304] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.364] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.675] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.568] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:45 galassia /usr/lib/gdm3/gdm-x-session[6263]: (==) Matched vmware as autoconfigured driver 0
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.510] (--) vmware(0): w.red: 8
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.832] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.943] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.074] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.683] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.216] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.578] (==) vmware(0): Default visual is TrueColor
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.374] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.647] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.066] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.348] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.710] (==) vmware(0): RGB weight 888
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.099] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.023] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.409] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.043] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.120] (WW) vmware(0): Disabling Render Acceleration.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.436] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.692] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.098] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.198] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.843] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.203] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.737] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.401] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.083] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.811] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.736] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.855] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.207] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.806] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: message repeated 3 times: [ (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)]
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.657] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.164] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.758] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.091] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 278.755] (II) LoadModule: "vmware"
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.900] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.110] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 278.790] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.845] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.891] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.528] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.924] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.854] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.930] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.854] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.745] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.019] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.863] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.666] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.770] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.830] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.572] (--) vmware(0): caps: 0xFDFF83E2
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.607] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.374] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.016] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.820] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.735] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.845] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.485] (--) vmware(0): mheig: 885
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.256] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.181] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.990] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.872] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.971] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.010] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.881] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.082] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.773] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: Xorg.0.log.299.dr Binary or memory string: [ 240.165] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.789] (==) vmware(0): Backing store enabled
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.294] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 281.923] (EE) vmware(0): Failed to open drm.
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.110] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.464] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.722] (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.545] (--) vmware(0): vis: 4
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:55 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) LoadModule: "vmware"
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.517] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.241] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.649] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.035] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.550] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.086] (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.086] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.024] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.684] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.017] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.486] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.502] (--) vmware(0): bpp: 32
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.613] (--) vmware(0): pbase: 0xe8000000
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.108] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.996] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.412] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.155] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.438] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.392] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.303] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.663] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.810] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.647] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Initialized VMware Xv extension successfully.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.875] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.121] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.405] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (--) vmware(0): vram: 4194304
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.856] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.101] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.564] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (--) vmware(0): w.red: 8
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.283] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: message repeated 4 times: [ (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)]
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.468] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.578] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.980] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (EE) vmware(0): Failed to open drm.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.393] (II) vmware(0): Not using default mode "800x512" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.007] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.132] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.285] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.225] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.308] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.798] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:46 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.793] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.231] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: vqsjh4.elf, 5426.1.00007ffe3cfdf000.00007ffe3d000000.rw-.sdmp Binary or memory string: V/tmp/qemu-open.fDts8u\
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (==) vmware(0): Silken mouse enabled
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.477] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.699] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.424] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.355] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.172] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.802] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.365] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Initialized VMware Xinerama extension.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.242] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.475] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (==) vmware(0): Silken mouse enabled
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.149] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.575] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.367] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.357] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.330] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.638] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
Source: Xorg.0.log.447.dr Binary or memory string: [ 279.366] (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.344] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.123] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.493] (--) vmware(0): depth: 24
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.726] (==) vmware(0): Using HW cursor
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): w.red: 8
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.487] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.241] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.707] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.668] (--) vmware(0): w.grn: 8
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.889] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.469] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.855] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.938] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:07 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.937] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.922] (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.717] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): w.grn: 8
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.612] (II) vmware(0): Initialized VMware Xinerama extension.
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.229] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.750] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.901] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.092] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.729] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.051] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.055] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 279.144] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.896] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.709] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.222] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.597] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.306] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.697] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.326] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.672] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:45 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.597] (--) vmware(0): bpp: 32
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (==) vmware(0): Depth 24, (==) framebuffer bpp 32
Source: Xorg.0.log.447.dr Binary or memory string: [ 281.940] (WW) vmware(0): Disabling 3D support.
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.656] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.828] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:46 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Creating default Display subsection in Screen section
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.764] (II) vmware(0): Modeline "832x624"x74.6 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.781] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.758] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:07 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.190] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.631] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 240.035] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.294] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.756] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.804] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.669] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.492] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.850] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.928] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.322] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.419] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.285] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.176] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.622] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.106] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: message repeated 5 times: [ (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)]
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.454] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 281.963] (WW) vmware(0): Disabling Render Acceleration.
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.497] (**) VirtualPS/2 VMware VMMouse: always reports core events
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1280x960" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: message repeated 4 times: [ (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)]
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.012] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Initialized VMware Xv extension successfully.
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.500] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.449] (--) vmware(0): bpp: 32
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): bpp: 32
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.910] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.065] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.784] (II) vmware(0): Modeline "960x540"x59.6 40.75 960 992 1088 1216 540 543 548 562 -hsync +vsync (33.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.816] (II) vmware(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 240.058] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.876] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.737] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.537] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.891] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.639] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.585] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.791] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.237] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.054] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:55 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) Module vmware: vendor="X.Org Foundation"
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Virtual size is 800x600 (pitch 1176)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.505] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 290.540] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.471] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.659] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.727] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.281] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
Source: vqsjh4.elf, 5426.1.00007ffe3cfdf000.00007ffe3d000000.rw-.sdmp Binary or memory string: /qemu-open.XXXXX
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.801] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:06 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.614] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.191] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.873] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.627] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.157] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 8)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.717] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): mwidt: 1176
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.007] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.969] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 240.197] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:07 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.146] (==) vmware(0): DPI set to (96, 96)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.820] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.071] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.952] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:57 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.676] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (--) vmware(0): vis: 4
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.449] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.672] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (--) vmware(0): w.blu: 8
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.119] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.708] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.111] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 239.594] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.211] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.189] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.490] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.061] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.254] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
Source: Xorg.0.log.299.dr Binary or memory string: [ 246.962] (II) vmware(0): Terminating Xv video-stream id:0
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.256] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.160] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 240.134] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.864] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.685] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.963] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.139] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 285.121] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.971] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (==) vmware(0): Will set up a driver mode with dimensions 800x600.
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.210] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.883] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.044] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.981] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.942] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.237] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.203] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.536] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.716] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.612] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 282.607] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:59 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.444] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:01 galassia /usr/lib/gdm3/gdm-x-session[6070]: (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.086] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.073] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.761] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:45:00 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.150] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.945] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
Source: syslog.169.dr Binary or memory string: Nov 21 18:44:58 galassia /usr/lib/gdm3/gdm-x-session[6070]: (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.466] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.753] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.826] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.584] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.678] (--) vmware(0): w.blu: 8
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.254] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.084] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.312] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.447.dr Binary or memory string: [ 283.457] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:49 galassia /usr/lib/gdm3/gdm-x-session[6263]: (WW) vmware(0): Disabling 3D support.
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1024x768"x70.1 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.864] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 234.217] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:50 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
Source: Xorg.0.log.299.dr Binary or memory string: [ 232.095] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
Source: Xorg.0.log.447.dr Binary or memory string: [ 284.557] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:51 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 231.990] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
Source: syslog.328.dr Binary or memory string: Nov 21 18:45:52 galassia /usr/lib/gdm3/gdm-x-session[6263]: (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
Source: Xorg.0.log.299.dr Binary or memory string: [ 233.784] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)

Language, Device and Operating System Detection
barindex
Reads system files that contain records of logged in users
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5849) Logged in records file read: /var/log/wtmp Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5994) Logged in records file read: /var/log/wtmp
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6207) Logged in records file read: /var/log/wtmp

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: vqsjh4.elf, type: SAMPLE
Source: Yara match File source: 5426.1.00007f61fc400000.00007f61fc41f000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: vqsjh4.elf PID: 5426, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: vqsjh4.elf, type: SAMPLE
Source: Yara match File source: 5426.1.00007f61fc400000.00007f61fc41f000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: vqsjh4.elf PID: 5426, type: MEMORYSTR

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.125.190.26
 unknown United Kingdom
41231 CANONICAL-ASGB false
89.190.156.145
 unknown United Kingdom
7489 HOSTUS-GLOBAL-ASHostUSHK false
154.216.16.109
 ksdjwi.eye-network.ru Seychelles
135357 SKHT-ASShenzhenKatherineHengTechnologyInformationCo false
34.243.160.129
 unknown United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
ksdjwi.eye-network.ru 154.216.16.109 true
ksdjwi.eye-network.ru. [malformed] unknown unknown