Linux Analysis Report
jwwofba5.elf

Overview

General Information

Sample name: jwwofba5.elf
Analysis ID: 1560606
MD5: 17da38e07a65cc00570a50987d817045
SHA1: d37454e19f8228bf8c623b6d11e32aedf6f369be
SHA256: 8e7c6f27872f3305dc63a9dd244e6b2027d458d1e725cbc6104afc392d3fc1ee
Tags: elfuser-abuse_ch
Infos:

Detection

Mirai
Score: 100
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Yara detected Mirai
Reads system files that contain records of logged in users
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Sends malformed DNS queries
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Executes the "ps" command used to list the status of processes
Found strings indicative of a multi-platform dropper
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: jwwofba5.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: jwwofba5.elf ReversingLabs: Detection: 52%
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/ps (PID: 6371) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6470) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6575) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6693) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6835) Reads CPU info from /sys: /sys/devices/system/cpu/online
Found strings indicative of a multi-platform dropper
Source: jwwofba5.elf String: EOF/proc//proc/%s/cmdlinewgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Networking
barindex
Sends malformed DNS queries
Source: global traffic DNS traffic detected: malformed DNS query: ksdjwi.eye-network.ru. [malformed]
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:50010 -> 89.190.156.145:7733
Source: global traffic TCP traffic: 192.168.2.23:49656 -> 154.216.16.109:33966
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
Reads the 'hosts' file potentially containing internal network hosts
Source: /usr/sbin/rsyslogd (PID: 6472) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6604) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6698) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6708) Reads hosts file: /etc/hosts Jump to behavior
Sample listens on a socket
Source: /lib/systemd/systemd-journald (PID: 6448) Socket: unknown address family Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6584) Socket: unknown address family Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6780) Socket: unknown address family Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6803) Socket: unknown address family Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: global traffic DNS traffic detected: DNS query: ksdjwi.eye-network.ru
Source: global traffic DNS traffic detected: DNS query: ksdjwi.eye-network.ru. [malformed]
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: unknown HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
Source: syslog.41.dr, syslog.171.dr, syslog.177.dr, syslog.121.dr String found in binary or memory: https://www.rsyslog.com
Source: unknown Network traffic detected: HTTP traffic on port 53816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53816
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: jwwofba5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6206.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6210.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: jwwofba5.elf PID: 6206, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: jwwofba5.elf PID: 6210, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 2, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 3, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 4, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 6, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 9, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 10, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 11, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 12, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 13, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 14, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 15, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 16, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 17, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 18, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 20, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 21, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 22, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 23, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 24, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 25, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 26, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 27, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 28, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 29, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 30, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 35, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 77, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 78, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 79, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 80, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 81, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 82, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 83, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 84, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 85, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 88, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 89, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 91, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 92, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 93, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 94, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 95, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 96, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 97, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 98, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 99, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 100, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 101, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 102, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 103, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 104, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 105, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 106, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 107, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 108, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 109, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 110, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 111, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 112, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 113, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 114, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 115, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 116, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 117, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 118, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 119, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 120, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 121, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 122, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 123, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 124, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 125, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 126, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 127, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 128, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 130, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 132, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 141, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 144, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 157, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 201, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 202, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 203, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 204, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 205, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 206, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 207, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 208, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 209, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 210, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 211, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 212, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 213, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 214, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 215, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 216, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 217, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 218, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 219, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 220, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 221, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 222, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 223, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 224, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 225, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 226, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 227, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 228, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 229, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 230, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 231, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 232, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 233, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 234, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 235, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 236, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 237, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 243, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 248, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 249, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 250, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 251, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 252, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 253, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 254, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 255, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 256, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 257, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 258, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 259, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 260, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 261, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 262, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 263, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 264, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 265, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 266, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 267, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 269, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 270, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 272, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 274, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 278, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 281, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 286, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 322, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 324, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 326, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 327, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 328, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 333, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 346, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 379, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 419, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 420, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 491, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 517, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 654, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 655, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 656, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 657, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 658, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 667, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 670, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 674, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 675, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 676, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 677, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 720, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 721, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 759, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 761, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 772, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 774, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 777, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 785, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 788, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 789, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 793, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 796, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 797, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 799, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 800, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 801, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 847, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 884, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 896, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 904, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 910, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 912, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 918, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent to PID below 1000: pid: 936, result: successful Jump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1638, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6214, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 141, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 144, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 157, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 201, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 206, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 208, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 209, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 210, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 211, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 212, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 213, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 214, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 215, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 217, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 218, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 278, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 281, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 286, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 333, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 346, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 379, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 420, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 491, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 517, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 654, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 655, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 656, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 667, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 670, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 675, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 676, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 677, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 721, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 761, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 774, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 777, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 785, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 788, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 789, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 793, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 796, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 797, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 799, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 800, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 801, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 847, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 884, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 896, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 904, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 910, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 912, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 918, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1207, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1320, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1344, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1349, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1599, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1699, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1809, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1860, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1877, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1886, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1888, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1890, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1900, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2009, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2014, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2018, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2025, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2028, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2033, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2038, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2050, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2062, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2063, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2069, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2074, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2077, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2078, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2079, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2080, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2083, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2084, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2096, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2097, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2102, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2114, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2123, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2126, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2128, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2129, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2146, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2156, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2180, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2195, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2208, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2223, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2226, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2235, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2242, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2275, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2281, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2285, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2289, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2294, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2302, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2307, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2637, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2746, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2749, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2761, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2882, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3021, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3088, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3236, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4443, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4444, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4445, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4446, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4472, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4477, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4496, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6034, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6151, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6158, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6161, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6180, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6181, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6190, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6191, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6219, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6221, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6222, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6223, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6224, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6225, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6226, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6227, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6228, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6229, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6230, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6231, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6232, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6233, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6234, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6235, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6236, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6237, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6369, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6371, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6458, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6470, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6472, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6546, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6584, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6603, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6604, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6605, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6609, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6611, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6697, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6697, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6698, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6702, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6703, result: successful Jump to behavior
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: BusyBox
Source: Initial sample String containing 'busybox' found: BusyBoxps:/proc/%d/exe[killer/exe] killed process: %s ;; pid: %d
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1638, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6214, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 141, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 144, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 157, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 201, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 206, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 207, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 208, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 209, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 210, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 211, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 212, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 213, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 214, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 215, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 216, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 217, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 218, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 219, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 220, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 221, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 222, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 223, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 224, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 225, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 226, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 227, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 228, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 229, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 230, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 231, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 232, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 233, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 236, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 237, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 278, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 281, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 286, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 333, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 346, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 379, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 420, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 491, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 517, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 654, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 655, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 656, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 667, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 670, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 675, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 676, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 677, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 721, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 761, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 774, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 777, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 785, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 788, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 789, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 793, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 796, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 797, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 799, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 800, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 801, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 847, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 884, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 896, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 904, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 910, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 912, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 918, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1207, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1320, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1344, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1349, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1599, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1699, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1809, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1860, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1877, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1886, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1888, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1890, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1900, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2009, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2014, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2018, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2025, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2028, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2033, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2038, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2050, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2062, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2063, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2069, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2074, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2077, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2078, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2079, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2080, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2083, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2084, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2096, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2097, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2102, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2114, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2123, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2126, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2128, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2129, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2146, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2156, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2180, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2195, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2208, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2223, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2226, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2235, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2242, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2275, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2281, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2285, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2289, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2294, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2302, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2307, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2637, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2746, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2749, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2761, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 2882, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3021, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3088, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 3236, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4443, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4444, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4445, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4446, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4472, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4477, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 4496, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6034, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6151, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6158, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6161, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6180, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6181, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6190, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6191, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6219, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6221, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6222, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6223, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6224, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6225, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6226, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6227, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6228, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6229, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6230, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6231, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6232, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6233, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6234, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6235, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6236, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6237, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6369, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6371, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6458, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6470, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6472, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6546, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6584, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6603, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6604, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6605, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6609, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6611, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6697, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6697, result: no such process Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6698, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6702, result: successful Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) SIGKILL sent: pid: 6703, result: successful Jump to behavior
Yara signature match
Source: jwwofba5.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6206.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6210.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: jwwofba5.elf PID: 6206, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: jwwofba5.elf PID: 6210, type: MEMORYSTR Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engine Classification label: mal100.spre.troj.evad.linELF@0/81@56/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /usr/bin/dbus-daemon (PID: 6458) File: /proc/6458/mounts Jump to behavior
Source: /bin/fusermount (PID: 6562) File: /proc/6562/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6611) File: /proc/6611/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6703) File: /proc/6703/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6710) File: /proc/6710/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6803) File: /proc/6803/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6810) File: /proc/6810/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6834) File: /proc/6834/mounts Jump to behavior
Creates hidden files and/or directories
Source: /usr/libexec/gsd-rfkill (PID: 6214) Directory: <invalid fd (9)>/.. Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6214) Directory: <invalid fd (8)>/.. Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6219) Directory: <invalid fd (10)>/.. Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:75418Q47X3M Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:75420m1Cr5K Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:76108g9JjSL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:76152Hjn7UJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:76156QmyPcL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77006LBqZcL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77010PeGQuJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77141FLy4WM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77206LhMHsL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77296gdl6oL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:76652W3uzvK Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:76735azOxJN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:775425uPzEL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77561WWRlWJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77583j6UZ0L Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77584BHbPHN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77670kpLHXJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:77753va1AZL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78858Sv5eiN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78949AuoQ9L Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78247CR1NIN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78270zA1NnN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78360jNPMEM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78388lRl4PK Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78389TAC5PN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78495G6qpvM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78502lpf2GL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78594vF5OeN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78617ID7SgL Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78645xFAkdK Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78719P2z5UM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:78818xEy7DN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:80971K7RPsJ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:81014MTrRDN Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:8101608qknM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:810515UlVzM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) File: /run/systemd/journal/streams/.#9:810575ubWKJ Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6477) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6477) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6477) File: /run/systemd/seats/.#seat0WoPTCW Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6542) Directory: /root/.cache Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6588) Directory: /root/.cache Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6630) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6630) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6630) File: /run/systemd/seats/.#seat09grCax Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/seats/.#seat0EqLTga Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/users/.#127FJKPqb Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/users/.#1274yurKd Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/seats/.#seat0Rcz38b Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/users/.#12791Ag9a Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/users/.#127JHvYLc Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6718) File: /run/systemd/users/.#127Kf5mj9 Jump to behavior
Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6801) Directory: /var/lib/gdm3/.cache Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6784) Directory: /var/lib/gdm3/.pam_environment Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6784) Directory: /root/.cache Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6793) Directory: /root/.cache Jump to behavior
Enumerates processes within the "proc" file system
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6230/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6232/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6231/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6234/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6233/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6236/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6235/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6477/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6477/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1582/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/3088/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/3088/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/3088/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/3088/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6470/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6470/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/6470/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/230/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/230/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/230/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/230/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/110/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/110/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/110/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/110/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/231/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/231/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/231/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/231/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/111/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/111/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/111/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/111/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/232/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/232/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/232/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/232/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1579/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/112/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/112/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/112/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/112/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/233/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/233/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/233/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/233/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1699/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/113/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/113/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/113/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/113/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/234/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/234/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/234/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/234/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1335/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1335/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1335/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1335/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1698/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/114/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/114/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/114/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/114/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/235/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/235/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/235/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/235/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1334/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1334/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1334/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1334/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/1576/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/2302/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/2302/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/2302/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/2302/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/115/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/115/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/115/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/115/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/236/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/236/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/236/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/236/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/116/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/116/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/116/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/116/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/237/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/237/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/237/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/237/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/117/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/117/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/117/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/117/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/118/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/118/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/118/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/118/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/910/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/910/stat Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/910/cmdline Jump to behavior
Source: /tmp/jwwofba5.elf (PID: 6210) File opened: /proc/910/stat Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/jwwofba5.elf (PID: 6369) Shell command executed: sh -c "ps -e -o pid,args=" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6552) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6554) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6556) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6558) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6560) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6567) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6569) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6572) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6594) Shell command executed: sh -c "locale -a | grep -F .utf8 " Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6613) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6617) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6619) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6621) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6623) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6625) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6688) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6690) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6790) Shell command executed: sh -c "locale -a | grep -F .utf8 " Jump to behavior
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/sh (PID: 6553) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6555) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6557) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6559) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6561) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6568) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6570) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6573) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6596) Grep executable: /usr/bin/grep -> grep -F .utf8 Jump to behavior
Source: /bin/sh (PID: 6614) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6618) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6620) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6622) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6624) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6626) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6689) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6691) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6792) Grep executable: /usr/bin/grep -> grep -F .utf8 Jump to behavior
Executes the "kill" or "pkill" command typically used to terminate processes
Source: /usr/share/gdm/generate-config (PID: 6575) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6693) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Executes the "ps" command used to list the status of processes
Source: /bin/sh (PID: 6371) Ps executable: /usr/bin/ps -> ps -e -o pid,args= Jump to behavior
Reads system information from the proc file system
Source: /usr/bin/ps (PID: 6371) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) Reads from proc file: /proc/meminfo Jump to behavior
Reads system version information
Source: /sbin/agetty (PID: 6546) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 6605) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 6704) Reads version info: /etc/issue Jump to behavior
Sample tries to set the executable flag
Source: /usr/sbin/gdm3 (PID: 6584) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6584) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6588) File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6588) File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6780) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6780) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6784) File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx) Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6784) File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx) Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6472) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6472) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6551) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6604) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6604) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6612) Log file created: /var/log/gpu-manager.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6698) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6708) Log file created: /var/log/kern.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6708) Log file created: /var/log/auth.log Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/jwwofba5.elf (PID: 6208) File: /tmp/jwwofba5.elf Jump to behavior
Deletes log files
Source: /usr/bin/gpu-manager (PID: 6551) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6612) Truncated file: /var/log/gpu-manager.log Jump to behavior
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/ps (PID: 6371) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6470) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6575) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6693) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6835) Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/jwwofba5.elf (PID: 6206) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6219) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6448) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6470) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6472) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 6546) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6551) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6604) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 6605) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6612) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6698) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 6704) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6708) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6797) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6835) Queries kernel information via 'uname':
Source: jwwofba5.elf, 6206.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp, jwwofba5.elf, 6210.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/jwwofba5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/jwwofba5.elf
Source: kern.log.41.dr Binary or memory string: Nov 21 18:48:56 galassia kernel: [ 482.292819] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: jwwofba5.elf, 6206.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp Binary or memory string: /tmp/qemu-open.n2UK6r
Source: kern.log.41.dr Binary or memory string: Nov 21 18:48:56 galassia kernel: [ 482.292799] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase
Source: jwwofba5.elf, 6206.1.0000555e30b2e000.0000555e30c5c000.rw-.sdmp, jwwofba5.elf, 6210.1.0000555e30b2e000.0000555e30c5c000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: jwwofba5.elf, 6206.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp, jwwofba5.elf, 6210.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: jwwofba5.elf, 6206.1.0000555e30b2e000.0000555e30c5c000.rw-.sdmp, jwwofba5.elf, 6210.1.0000555e30b2e000.0000555e30c5c000.rw-.sdmp Binary or memory string: 0^U!/etc/qemu-binfmt/arm
Source: jwwofba5.elf, 6206.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp Binary or memory string: -^U/tmp/qemu-open.n2UK6r:
Source: jwwofba5.elf, 6210.1.00007ffd34329000.00007ffd3434a000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Language, Device and Operating System Detection
barindex
Reads system files that contain records of logged in users
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6588) Logged in records file read: /var/log/wtmp Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6784) Logged in records file read: /var/log/wtmp Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: jwwofba5.elf, type: SAMPLE
Source: Yara match File source: 6206.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6210.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jwwofba5.elf PID: 6206, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: jwwofba5.elf PID: 6210, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: jwwofba5.elf, type: SAMPLE
Source: Yara match File source: 6206.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY
Source: Yara match File source: 6210.1.00007ff428017000.00007ff428039000.r-x.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: jwwofba5.elf PID: 6206, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: jwwofba5.elf PID: 6210, type: MEMORYSTR

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
162.213.35.25
 unknown United States
41231 CANONICAL-ASGB false
89.190.156.145
 unknown United Kingdom
7489 HOSTUS-GLOBAL-ASHostUSHK false
154.216.16.109
 ksdjwi.eye-network.ru Seychelles
135357 SKHT-ASShenzhenKatherineHengTechnologyInformationCo false
109.202.202.202
 unknown Switzerland
13030 INIT7CH false
91.189.91.43
 unknown United Kingdom
41231 CANONICAL-ASGB false
91.189.91.42
 unknown United Kingdom
41231 CANONICAL-ASGB false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.24 true
ksdjwi.eye-network.ru 154.216.16.109 true
ksdjwi.eye-network.ru. [malformed] unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e false
    		high