Linux Analysis Report
Aqua.mips.elf

Overview

General Information

Sample name:	Aqua.mips.elf
Analysis ID:	1580692
MD5:	3055f55ee41ac5a4b7ab3e8c2582e662
SHA1:	563acfb57039c4a67cb91d8a3970aa229b7e9655
SHA256:	d107d509a6742af967a664a6c4c8199673819add196915a97481e11cc3b678ac
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.mips.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.mips.elf	Virustotal: Detection: 33%			Perma Link
Source: Aqua.mips.elf	ReversingLabs: Detection: 39%

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 6497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6533)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6709)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6940)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7105)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7269)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7440)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7771)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7946)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7948)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.mips.elf

String: EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:50016 -> 89.190.156.145:7733

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 6410)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6496)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6544)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6611)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6686)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6710)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6784)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6853)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6927)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6942)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6958)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7102)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7118)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7182)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7259)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7271)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7286)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7349)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7428)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7441)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7456)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7521)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7595)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7608)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7622)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7768)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7795)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7860)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7936)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7949)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8037)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8113)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 6618)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6959)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7031)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7121)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7194)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7288)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7361)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7461)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7533)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7623)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7695)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7798)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7870)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7975)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 8048)	Socket: unknown address family

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic	DNS traffic detected: DNS query: 45.148.10.84
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.411.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37652
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37652 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6237, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6215, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6408, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6409, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6410, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6493, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6496, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6535, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6554, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6611, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6613, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6614, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6618, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6619, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6686, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6688, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6711, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6792, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6796, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6853, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6854, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6858, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6930, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6938, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6942, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7019, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6957, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7023, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7096, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7102, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7104, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7125, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7182, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7120, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7187, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7256, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7259, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7267, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7270, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7271, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7288, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7292, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7349, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7350, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7355, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7428, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7429, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7437, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7441, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7442, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7443, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7461, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7464, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7521, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7522, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7526, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7528, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7596, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7604, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7608, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7627, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7684, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7689, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7690, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7760, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7798, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7799, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7802, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7859, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7797, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7865, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7935, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7947, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7948, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7949, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7975, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8037, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8038, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7976, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8044, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8051, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8113, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8126, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8127, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8138, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8139, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8225, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8232, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8226, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8371, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8381, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8385, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8454, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8499, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6237, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6215, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6408, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6409, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6410, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6493, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6496, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6535, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6554, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6611, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6613, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6614, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6618, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6619, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6686, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6688, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6711, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6792, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6796, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6853, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6854, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6858, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6930, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6938, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6942, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7019, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6957, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7023, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7096, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7102, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7104, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7125, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7182, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7120, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7187, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7256, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7259, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7267, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7270, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7271, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7288, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7292, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7349, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7350, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7355, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7428, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7429, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7437, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7441, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7442, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7443, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7461, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7464, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7521, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7522, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7526, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7528, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7596, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7604, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7608, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7627, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7684, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7689, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7690, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7760, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7798, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7799, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7802, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7859, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7797, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7865, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7935, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7947, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7948, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7949, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7975, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8037, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8038, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7976, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8044, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8051, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8113, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8126, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8127, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8138, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8139, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8225, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8232, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8226, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8371, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8381, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8385, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8454, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8499, result: successful	Jump to behavior

Source: classification engine

Classification label: mal68.spre.troj.evad.linELF@0/232@253/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6407)	File: /proc/6407/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6415)	File: /proc/6415/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6493)	File: /proc/6493/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6535)	File: /proc/6535/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6551)	File: /proc/6551/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6614)	File: /proc/6614/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6688)	File: /proc/6688/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6711)	File: /proc/6711/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6785)	File: /proc/6785/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6793)	File: /proc/6793/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6938)	File: /proc/6938/mounts
Source: /usr/bin/dbus-daemon (PID: 6957)	File: /proc/6957/mounts
Source: /usr/bin/dbus-daemon (PID: 7104)	File: /proc/7104/mounts
Source: /usr/bin/dbus-daemon (PID: 7119)	File: /proc/7119/mounts
Source: /usr/bin/dbus-daemon (PID: 7122)	File: /proc/7122/mounts
Source: /usr/bin/dbus-daemon (PID: 7256)	File: /proc/7256/mounts
Source: /usr/bin/dbus-daemon (PID: 7270)	File: /proc/7270/mounts
Source: /usr/bin/dbus-daemon (PID: 7285)	File: /proc/7285/mounts
Source: /usr/bin/dbus-daemon (PID: 7289)	File: /proc/7289/mounts
Source: /usr/bin/dbus-daemon (PID: 7437)	File: /proc/7437/mounts
Source: /usr/bin/dbus-daemon (PID: 7443)	File: /proc/7443/mounts
Source: /usr/bin/dbus-daemon (PID: 7526)	File: /proc/7526/mounts
Source: /usr/bin/dbus-daemon (PID: 7604)	File: /proc/7604/mounts
Source: /usr/bin/dbus-daemon (PID: 7689)	File: /proc/7689/mounts
Source: /usr/bin/dbus-daemon (PID: 7769)	File: /proc/7769/mounts
Source: /usr/bin/dbus-daemon (PID: 7782)	File: /proc/7782/mounts
Source: /usr/bin/dbus-daemon (PID: 7796)	File: /proc/7796/mounts
Source: /usr/bin/dbus-daemon (PID: 7799)	File: /proc/7799/mounts
Source: /usr/bin/dbus-daemon (PID: 7872)	File: /proc/7872/mounts
Source: /usr/bin/dbus-daemon (PID: 7947)	File: /proc/7947/mounts
Source: /usr/bin/dbus-daemon (PID: 7971)	File: /proc/7971/mounts
Source: /usr/bin/dbus-daemon (PID: 7973)	File: /proc/7973/mounts
Source: /usr/bin/dbus-daemon (PID: 7977)	File: /proc/7977/mounts
Source: /usr/bin/dbus-daemon (PID: 8051)	File: /proc/8051/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 6237)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6237)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6242)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	File: /run/systemd/seats/.#seat04YDgPd	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6488)	Directory: /root/.cache	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6518)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	File: /run/systemd/seats/.#seat0fiIwmK	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	File: /run/systemd/seats/.#seat04ERwdu	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800713MwSE9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80072XfxKh7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80073gnerj7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80074KF6ldb	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800756BhQC7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80076EabrO9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80077rw0Wca	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800787NhtX8	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80085fBd8z8	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80086gZqRla	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80087eNmOG9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80196U0G0T9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80275fWh9la	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	File: /run/systemd/seats/.#seat0UNgrww	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	File: /run/systemd/seats/.#seat0qP3Ha3	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81099qiGGne
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81101IcHxwf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81102m4ytYf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81103f977Zf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81104ZnoIgg
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81105QLHIVf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81111shZH1b
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:811129UhT6b
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81113nvCOjd
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:8207963oRQe
Source: /lib/systemd/systemd-logind (PID: 6870)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6870)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6870)	File: /run/systemd/seats/.#seat02t7NYH
Source: /lib/systemd/systemd-logind (PID: 6962)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6962)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6962)	File: /run/systemd/seats/.#seat06oaPkE
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82787tN1K1O
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82789P7NDOP
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82790RsdsCO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82791517LLO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82792uoqjVP
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82793mCuN6O
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82800wb4xVO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82807JLfSsR
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82808sefazO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82984PpucdS
Source: /lib/systemd/systemd-logind (PID: 7035)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7035)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7035)	File: /run/systemd/seats/.#seat0ew20T8
Source: /lib/systemd/systemd-logind (PID: 7125)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7125)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7125)	File: /run/systemd/seats/.#seat0bpxhjZ
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:846124WZkPa
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84613FJ3Ud9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84614KZp3mc
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84615ut0xl9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84616onrSUa
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84618cON579
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84619d9I6Y8
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:846201we3oc
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84628kwvELb
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:83924LEn3B9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:83925yE5KHa
Source: /lib/systemd/systemd-logind (PID: 7199)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7199)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7199)	File: /run/systemd/seats/.#seat0nhfJuy
Source: /lib/systemd/systemd-logind (PID: 7292)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7292)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7292)	File: /run/systemd/seats/.#seat0TtH9Zy
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85832M3e2XO
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85833kkrZsP
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85834c8Ma5N
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85835X4MNrN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85836sTSJ8M
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85837T2qawO
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:858383R1DdN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85839Rl51EM
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85840XwDedN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85855dfO4ZM
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85942CgTlZP
Source: /lib/systemd/systemd-logind (PID: 7369)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7369)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7369)	File: /run/systemd/seats/.#seat0HsNHWo
Source: /lib/systemd/systemd-logind (PID: 7464)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7464)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7464)	File: /run/systemd/seats/.#seat0sjCvFy
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87922xEjr3M
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87923Grwg9L
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:879250LjxrN
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87926WoPmcN
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87927aAy3yO
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87928ceckJP
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87934cVCR5P
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:879353HndsQ
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87937J9WPTO
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:88053LfuNUM
Source: /lib/systemd/systemd-logind (PID: 7537)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7537)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7537)	File: /run/systemd/seats/.#seat0EQMqO6
Source: /lib/systemd/systemd-logind (PID: 7627)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7627)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7627)	File: /run/systemd/seats/.#seat0YX0YlX
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:901061qCWp5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90107B9QUK1
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90108he1KL2
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90109X8hPg4
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90110VnqP52
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90111H9Pp03
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90118iD3XC1
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90124Q3swb3
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90125LWPas5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90126RJJAg3
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90134pTZu71
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:901426FLl32
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90143A1TkV2
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90272SPBXn5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90277CHodV2
Source: /lib/systemd/systemd-logind (PID: 7702)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7702)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7702)	File: /run/systemd/seats/.#seat07wgwlz
Source: /usr/lib/policykit-1/polkitd (PID: 7787)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7802)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7802)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7802)	File: /run/systemd/seats/.#seat0jOgHO8
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92288pvWRgh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92289ALLNIi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92290lEeLNj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:9229288OPxg
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92293StClhi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92294YLOYmj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92295exTuFi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:922963Ji51f
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92305r7kxKh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92313sSJtmj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92320ZCXSXf
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92321sqJqlk
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92322uVGeli
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:923237k6B3j
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92443CM6Wfh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92445iZ3lBj
Source: /lib/systemd/systemd-logind (PID: 7876)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7876)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7876)	File: /run/systemd/seats/.#seat031c4NI
Source: /usr/lib/policykit-1/polkitd (PID: 7961)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7980)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7980)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7980)	File: /run/systemd/seats/.#seat0cvyvUB
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947701XjggL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94771Gl8HMJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94772FdZXNL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94773dcAnDJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94774csK76L
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947751WK9ZJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94776WNaulJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94777BSPBkM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94778su6BDM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94785k6sONJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94786DhQi8K
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94787JCWfxM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947965Rev7J
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94797QhqQGJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94798EXfqxI
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93901n4l7lK
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93927bG6RkL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93932s7hh5L
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93986XCYIvJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94004ZO5xFJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94010pqLsxM
Source: /lib/systemd/systemd-logind (PID: 8055)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 8055)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 8055)	File: /run/systemd/seats/.#seat0dqQYFh

Enumerates processes within the "proc" file system

Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7440/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7440/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7441/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7441/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6233/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6233/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6235/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6235/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3088/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3088/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1335/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1335/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1334/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1334/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/910/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/910/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7438/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7438/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/248/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/248/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/127/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/127/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/128/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/128/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/249/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/249/cmdline

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 6500)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6505)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6509)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6513)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6519)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6524)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6527)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6529)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6620)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6623)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6625)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6687)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6692)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6699)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6702)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6704)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6860)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6862)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6865)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6928)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6931)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6936)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7025)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7027)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7029)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7092)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7097)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7099)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7188)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7191)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7195)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7257)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7260)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7265)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7356)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7358)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7362)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7426)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7430)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7435)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7529)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7531)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7534)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7597)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7602)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7691)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7693)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7698)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7759)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7762)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7764)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7866)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7868)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7871)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7933)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7937)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7942)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8046)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8049)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8052)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8115)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8120)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6506)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6510)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6515)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6520)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6525)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6528)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6530)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6622)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6624)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6626)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6690)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6694)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6700)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6703)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6705)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6861)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6863)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6866)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6929)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6932)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6937)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7026)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7028)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7030)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7095)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7098)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7100)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7189)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7192)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7196)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7258)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7261)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7266)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7357)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7359)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7363)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7427)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7431)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7436)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7530)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7532)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7594)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7598)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7603)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7692)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7694)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7699)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7761)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7763)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7766)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7867)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7869)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7873)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7934)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7938)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7943)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8047)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 8050)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8112)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 8116)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8121)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 6533)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6709)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6940)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7105)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7269)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7440)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7607)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7771)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7946)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 6618)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6959)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7031)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7121)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7194)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7288)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7361)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7461)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7533)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7623)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7695)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7798)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7870)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7975)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 8048)	Reads from proc file: /proc/meminfo

Source: /usr/sbin/rsyslogd (PID: 6410)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6410)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6496)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6496)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6499)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6544)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6611)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6686)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6710)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6710)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6784)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6853)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6927)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6942)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6942)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6958)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7102)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7102)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7182)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7259)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7271)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7271)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7349)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7428)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7441)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7441)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7521)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7595)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7608)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7608)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7622)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7768)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7768)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7860)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7936)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7949)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7949)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 8037)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 8113)	Log file created: /var/log/kern.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.mips.elf (PID: 6233)

File: /tmp/Aqua.mips.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 6499)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6619)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6858)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7023)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7187)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7355)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7528)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7690)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7865)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 8044)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 6497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6533)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6709)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6940)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7105)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7269)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7440)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7771)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7946)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7948)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Aqua.mips.elf (PID: 6231)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6242)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6410)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6496)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6499)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6544)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6611)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6618)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6686)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6710)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6784)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6853)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6927)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6942)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6958)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6959)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7023)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7031)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7102)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7118)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7121)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7182)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7194)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7259)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7271)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7286)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7288)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7349)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7355)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7361)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7428)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7441)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7456)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7461)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7521)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7533)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7595)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7608)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7622)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7623)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7695)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7768)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7783)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7795)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7798)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7860)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7870)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7936)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7948)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7949)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7974)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7975)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8037)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 8048)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8113)	Queries kernel information via 'uname':

Source: Aqua.mips.elf, 6231.1.0000561c18848000.0000561c188cf000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mips
Source: kern.log.47.dr	Binary or memory string: Dec 25 10:33:00 galassia kernel: [ 421.761549] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase
Source: Aqua.mips.elf, 6231.1.0000561c18848000.0000561c188cf000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: kern.log.47.dr	Binary or memory string: Dec 25 10:33:00 galassia kernel: [ 421.761575] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: V/tmp/qemu-open.BVQzMn\t
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/Aqua.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.mips.elf
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.BVQzMn
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.213.35.24	unknown	United States	41231	CANONICAL-ASGB	false
89.190.156.145	unknown	United Kingdom	7489	HOSTUS-GLOBAL-ASHostUSHK	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true
45.148.10.84	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e	false		high

Name	Type	MD5	SHA1	SHA256
/run/systemd/journal/streams/.#9:800713MwSE9	ASCII text	F93525D5E808F44916829801A8A02EA5	3CB8D4DA6F6F5C9D82D6623AA35714E562BDE55F	E5299C245CC42F6CD217C4D48D517F242E717E1350471E4D72328BE57B6220C5
/run/systemd/journal/streams/.#9:80072XfxKh7	ASCII text	CF72FD6749B0BD5F32F9442431B63B87	92AFBA8CF6AE34176CF2A65890DB3C2DF51633D6	FD2A3DEC61D4ACC66F47E6F64E9B15651C742ECDF05C2D9FAEF973E7B33BA742
/run/systemd/journal/streams/.#9:80073gnerj7	ASCII text	3671AF7FE7A58BA1364C0F4F6B8B35E9	BBE4BC8AB07713CDD3A72528778B1CEC210FEA9F	E4AEA7A6F48521E402402EA8E31744AB54BAA21ECDDFCC718039A1B79997D792
/run/systemd/journal/streams/.#9:80074KF6ldb	ASCII text	5380D7B46DE6AF82EAA396D5B53C007E	2B011A8448A21F2CC25C8CBDFC6C03F77D25A3AC	7DD7859029BD5E5F4AFF77264EDE85AE65B19933FED34E8A25FAE914FE1E1B63
/run/systemd/journal/streams/.#9:800756BhQC7	ASCII text	6E354325AE1B61B04622D310780D80C9	BC68793DBC6FD019EEC9A952FD9D28403F9EF89C	E7BE49CF12383E904664A2A7DBC1186B1432C3089C5191CE674AFD4D8626690E
/run/systemd/journal/streams/.#9:80076EabrO9	ASCII text	E30E8F912099B7C5AD2E5FAF8260DADA	E953541DC930D8FCBD4980917A6BA2B93DA835F7	3A3C196E38BCB8D4049A344BA335EF746DEDA47C59676BF3E698ACFD4846FC6C
/run/systemd/journal/streams/.#9:80077rw0Wca	ASCII text	A5585791EA35AF36FBE0E3505A14DB19	53D29A5779B3EB9DC5E19415F64C7A6B2DD61228	A944DF2B6027AB677FBC5B6E5E7AE3F956A5C4772241C692D74C4C4D3D40B5D7
/run/systemd/journal/streams/.#9:800787NhtX8	ASCII text	CB964DA6FB102B0065A312CAB2C1FC8D	0220E8BBE50A26367145CF01A74FE9AC54A86B72	61618445897A36B767E6F83DEC0519B2D54D6B42CEEA82D3469C5385F0FD7430
/run/systemd/journal/streams/.#9:80085fBd8z8	ASCII text	3D58EBE3789071AB3678A35884ADAFF3	774BA58A1A16E85A1FACC0F131FD161198FB994C	92A47788A8065DFD096534EDE6CDD7D4CB3081C7E1DCC01D58E9C187D52876C4
/run/systemd/journal/streams/.#9:80086gZqRla	ASCII text	2C9E066D0464C96E3108868CB7C971CD	769EB33B7B2B1265462C7B77F385ABB743ED08F1	E11A8E0CA0CC4BA81EF1B0598E082E11113E999486B8FA00C028578EBF9D7C97
/run/systemd/journal/streams/.#9:80087eNmOG9	ASCII text	3FE718732B6EA4B68A61A9349AA5B710	ECBAD9F077987146CED0138EF628B675407501B6	2459694028D9F2AA036FC7A55209F97B6C207CD99E7650B9ED2ADE8091071A8A
/run/systemd/journal/streams/.#9:80196U0G0T9	ASCII text	505FACEE6BA4C8D75A4CEADE46D42970	907D11222C3143DAA6E5A36834E58BA3614E0C97	C2F4B4513D3818D1313EF3D8D9DC8B755D38FF40DA3A11F701AECDCECD1A0725
/run/systemd/journal/streams/.#9:80275fWh9la	ASCII text	87D6C5FA075BB60D67BC7B9B27F64AE2	7D9C49247DBB453778361224268C967469D51093	41C6607DB9DD8C398A2A334DE2A8D4E94F18DE86E3B9E9A5D65EA23C4AD4681E
/run/systemd/journal/streams/.#9:81099qiGGne	ASCII text	59646D88F33D1E61B5731801E3E38578	43766683E957BD6621B9365DFBF29B882FF588BC	C699B16FAD25CBF906BA7760A7D6D11FECB6DB1C2BC374A9C76DDE4937F13B2A
/run/systemd/journal/streams/.#9:81101IcHxwf	ASCII text	81B25DB92731C07D4C792EE6DEC05DF5	1E559E6CA984C67FCE4209DBC6F94BA9FE47F776	801770986C8818B1BCEDD8B4F4E1AF5F35CE5231C1C4BDE05DA5905122A75C4A
/run/systemd/journal/streams/.#9:81102m4ytYf	ASCII text	8CE6DA694486D3C3985F8496FC2427EC	48B5624711C830024427EDA8A41DEA4A3FED92E6	0FBB926C909F330FF74DFE1F807CD0AEB81BE56351C3B0FABD9D9A9CD25684BE
/run/systemd/journal/streams/.#9:81103f977Zf	ASCII text	6DD7BA75EFDE8E364059A32F40CF2295	7148787DA9B48D66F97436B3BA5D5C483C4A995D	E3AB399088FBC0407A276A96DBCEA0717F117B84E7E5C9BD7D6547B50971858B
/run/systemd/journal/streams/.#9:81104ZnoIgg	ASCII text	FF00DE1BCA0B2A69FD9D3E221EEF7432	CC451C2791DD7E245D552FBEA5E65A14F462D73D	75698A675807E932FB65A0CC4AAD9994A8003BD51CEAC224693D5DC19AEDFF8E
/run/systemd/journal/streams/.#9:81105QLHIVf	ASCII text	C707925B5A41FDC33B918583A3F62B4E	8DEEC7B8361DB817C7FBE7710AD5FD1240F5CC34	41E4AA046A94B2D75BF04F8FDB001ED061646EB5E155D28889878EE8E7995DF9
/run/systemd/journal/streams/.#9:81111shZH1b	ASCII text	C1EDE9313A9A46051A9BFAFE6A0F1E3C	D9946718D160A759F0C57EB20D4BC40890EF92BE	3640F1942832509EE9C01A2F63DB0CCE4933699B1B20462F091355D8B082A61F
/run/systemd/journal/streams/.#9:811129UhT6b	ASCII text	C971018E565E5970E7371BBCE6F0D5F8	10CE60EFFCB22848D01E1C391A3B6BA4F3D8D082	DC1A46EFDE192D86E9BE491D92862EB6DE8D2A338FCDEE76BE3A0149F01C88DE
/run/systemd/journal/streams/.#9:81113nvCOjd	ASCII text	FC9FDD1F74464F393EA12A597BF055D7	6A6A52DAADC00D18E70E36897A0F471B30A9F3EE	69D9127CA3DF549164AFBF72CB3F28CA00B30C3657827D9A43634085E8C61046
/run/systemd/journal/streams/.#9:8207963oRQe	ASCII text	E8E166F75C37311898604FB793262CDB	B531DCF5EF30EDCD067A1DEA0BBB9139FB750DFC	04DF498B8511CCAF47F5FA95E20028AAAFB887DA0FE7044DA90D5FDDAA89989E
/run/systemd/journal/streams/.#9:82787tN1K1O	ASCII text	7C0EDC5C395D5A2116DC4AF61F5EFA1F	9A34A55663E80D99FDD4CC221C766F39861DF39C	0787071CCF0F5D774B3AEAEEA6F7BAFBDF8357C1B703EAD7FBE11869239AE9BC
/run/systemd/journal/streams/.#9:82789P7NDOP	ASCII text	83D4AADA182A6DDE78C36A89CB289AE1	36D2C435D26DE38787EA70B7E5B66A648D49554B	E0EF8FD508397E1A88FC46D8378F8EE78AEEAAF896560C3417632E71EB4E761D
/run/systemd/journal/streams/.#9:82790RsdsCO	ASCII text	38F7A35637E421DDB7F8EA0CBABA7884	186D026234285F951D21C9669D5C942679F9243B	016CC1407C009C93DA212D819AF5EDE7506D7167882FD3977879543191C4E6A1
/run/systemd/journal/streams/.#9:82791517LLO	ASCII text	EBB2FC3B4C9000906462EE685C1CE11A	EC8E76ECB9F7ED84681920DB1951FD95F5D3B340	63F586664024270A2C979F56BBEE0F7BD5C58117997CB91BD0ADEC0C56E2F831
/run/systemd/journal/streams/.#9:82792uoqjVP	ASCII text	78EC2AB699FD12A2CD95CCCC2A1AE7BF	9866CF1C3B5351DD756F48886B18919D7FA3CE50	EDE6EE542CB974C4A7BB465257189C78B4DA6B959823D7AC6794776D01985009
/run/systemd/journal/streams/.#9:82793mCuN6O	ASCII text	C3C5A75CE1F793B64D4CB4463CE1CD15	C2A38F97B25CFFCC658BE266B0910A90B0C8A152	882AF09911C7DD65ED4E82492273BCC4B43F92596B98FDD6CF715F4B9F3EA1D6
/run/systemd/journal/streams/.#9:82800wb4xVO	ASCII text	1236A3DEAF6A496EFA00BAC05CDAEF36	EF6FD3E19242A6A7B8CEAE60D1F5704DBDB423FB	879310C1DB64F93A83F24C7F8ABB53C7CD713339C4E4CCEE9F99A381AE9DBD0C
/run/systemd/journal/streams/.#9:82807JLfSsR	ASCII text	1BF0527DB8FEE2994DA5BB82A903D6FD	AE77A160119B782CE168963F1E034CCFCAAF7A52	BC68435B4797C27E79175CE5D41F6416DE25CA9AAB6D6C8AC7193BD7C9920566
/run/systemd/journal/streams/.#9:82808sefazO	ASCII text	11377E0D2EDF4E107878A53E11B6B183	673300695C5130B9DE3F8D0681FE08BA612F0B8D	59E7C16D88AC099EEF08E933DF7FC3DBA52E89A109F663CA969992513D30D257
/run/systemd/journal/streams/.#9:82984PpucdS	ASCII text	468A1A740FFB5A01BE1A2C94F0EAA87E	FABE925A6661D4AE8DA58DADEB2667710CC947A0	F08A7E7337E1422FD8951B1A31B7E38196DFE4EA758CF799FFF29FD96207431A
/run/systemd/journal/streams/.#9:83924LEn3B9	ASCII text	280B7662D8CE1283E216A07B4BD3359C	2D41F213BB3C60F12F2C7D4F4C0AEBCD6F60B28E	80B4F0052E32D3883E208795882441A09309D33D3378FE31A5F0A87B2FBE2D56
/run/systemd/journal/streams/.#9:83925yE5KHa	ASCII text	C845EAE0746BE03445216FC1C2B171F6	9E122FC54E9DA89AB3C811C5F6F6A330E5D5B818	16FF2804F44856CC0674C5492CA5550997855D81F20485EFEC77CA201E6BADD4
/run/systemd/journal/streams/.#9:846124WZkPa	ASCII text	457D600BA176860F99D2F07F90F57F3A	41D280449C1206A346FD6C4E1AA7E6A32AF77EE1	952E06B3E7CDD2081BBC8A6DE6FDDC8D9D4B06575D928BAAFBC6F7BEDB3998BF
/run/systemd/journal/streams/.#9:84613FJ3Ud9	ASCII text	05BDC18716A258AB37AC545186723594	6998B1DC9F32BDCAE87EEF1DA6070B8EE1CA8FFA	9140245FF0FA00EB1A945985C9EACB78FA21A656F89861CA644EAEDAA67BE513
/run/systemd/journal/streams/.#9:84614KZp3mc	ASCII text	1A4B248553456EB6D94C587FAAB21638	33FD281AC11F27A36F59D21FC42B36F21644193D	2A1E08C9F9209A28AE43CE91DB31A346AEC9EB1E139F4F620701305DF2051B4A
/run/systemd/journal/streams/.#9:84615ut0xl9	ASCII text	7ADDA972DDC06FAD6A5213FF4F8B91E5	E475874C5651A2B5ED4D7BAA25670D98A8B0BC34	171B22525CF126ECA157860057850E758350029C5DD092A232FD5B97F7E94268
/run/systemd/journal/streams/.#9:84616onrSUa	ASCII text	16B2794195DA93AE670AF686AB41AE31	61829A4FBB6D4AD140FCC348B100A1B13FB671A0	BB0C3AD0F6E086CB22B274CC12EDD4837CA2A99EDA3F4A85D9691969BC31C371
/run/systemd/journal/streams/.#9:84618cON579	ASCII text	4B4A225EFA956FA6100B26998879868B	CB47409441692C4CB8B12E074F9812075F05F189	3D1F9C0D8751C81B46ECC9134006F6CEF2CA39F16BA11C7EBFC8127081821D65
/run/systemd/journal/streams/.#9:84619d9I6Y8	ASCII text	5D6AD237B96C2159EA59AF5CED800C84	9783966BB7CE71910CA5F969E090A67AE9A64F40	616E867D69EBB2468585DC1F4A17652416F7D25415A5865ECC2FBAA7CFB5D97F
/run/systemd/journal/streams/.#9:846201we3oc	ASCII text	D006147B0C61F42FB0A8584E73C7FF87	010B666CF6FB2272CE0048CA55A8BF4ADECDF6EF	C0F13C0DC1C4ADE08C1E0BE532CDE901468D4D62ED19CAE35CE68662D1DB9100
/run/systemd/journal/streams/.#9:84628kwvELb	ASCII text	EA9E4DBACB70E9757B99E666507AF0D9	2AE0373C0350E3C07217D36863EDD7849DD4F15A	DB983F14E91323BB7C92F75C070C5EA6E0327BC36F90083E15544D8EC98C4368
/run/systemd/journal/streams/.#9:85832M3e2XO	ASCII text	E8E8F929D30DB52E24E8AAD8AA6A2216	6C732F96AF87E0AB92D3CBD6DAC0BB1EF4D1A605	D4D3B325910E730815AD5CB515CE22424192BDE2DDF8B0F61C485EB03AF82906
/run/systemd/journal/streams/.#9:85833kkrZsP	ASCII text	3506314EF30169BBF9C7F6C8603D2792	4E7BDBFF7597F3447FA2EC4BDE247672F2AC70FB	39AE77CA696F99BC10BB555030681167D3229534D0C02F235FC3A83C0AAF773A
/run/systemd/journal/streams/.#9:85834c8Ma5N	ASCII text	8D00C256BA74095367CCE5D400B19721	E706BEB5CF165D9D5DE3FBD7003C03A437FF3855	CAD332220AE0E5516831F9584421007F1E46BFB36DF2DB8E6532DA28FD551E1D
/run/systemd/journal/streams/.#9:85835X4MNrN	ASCII text	5E497EF501CB414A70A1E3F5A61FA1E0	F010DBDA8C842CDDD014FC597E25913BAB6E78FE	079105AEC54793FECDCA8EC0048BC4CF48EBFC75F1A2472464A8F7C64DD300C6
/run/systemd/journal/streams/.#9:85836sTSJ8M	ASCII text	82371B941BC30004E09A2DD4DF6BEB92	3FF7866E704730DF3B7A9264F75A4952A5DBA17E	45D018710CEE74D311B381B1EC3F801BAC76C325DE252B56042E1B2E681FB25A
/run/systemd/journal/streams/.#9:85837T2qawO	ASCII text	8BB6EB8F233CFFF375784E935A842DE1	997DDEF4BCE59B47B6716DF34EAB403A06F4B18B	951D91DF0EF4EF459646682E819138EF4A5945C982F11F43E7F62ACCBA203EF6
/run/systemd/journal/streams/.#9:858383R1DdN	ASCII text	FB800EE7CBD7AA926DCE21A3E55AAB88	E74FA757EDEE921A757863E929D366547BD9647B	F72B1F50FD7AA4B22522BA426D55789F856454C2C778DFC4E6BAC4CA0DEBFE28
/run/systemd/journal/streams/.#9:85839Rl51EM	ASCII text	4979B8AE4E6865D144BA43D1F7F40EBD	CA05A1E2EBB6D52F871DEEBE846B736493731CED	6B7328F05335F96EC28C6AF6C2031861184018010219E705BDF5E727666A6E33
/run/systemd/journal/streams/.#9:85840XwDedN	ASCII text	32BE98F3F00C82A6935267E12BC6E754	DFA22BFC108C330426327D28FD2AD0687987D88E	A2F33192C0334291D1EF6899264CF90BBB8ABD957046D3E709287D32FB248CB6
/run/systemd/journal/streams/.#9:85855dfO4ZM	ASCII text	7A69BE49D8E08CF62463705BA743E9E2	7D203556F284D44C780ABDAEB8106AC7971FC316	9B308CDBB0568ACFFE68947F84E34F123D8485FD945EE76FC8900CFBBAC73484
/run/systemd/journal/streams/.#9:85942CgTlZP	ASCII text	18835AE40ED914396761176B50B3FF7A	813DBDA62FC6A4B199011A11F9D02FE515AAAE00	15BA996C6E57F54DC879FD9F704250B25BE0F4E23B830728ED21ACA712AD7BB9
/run/systemd/journal/streams/.#9:87922xEjr3M	ASCII text	0009A11D4C3C73C284F4D8A39187BC59	7BA0859BDBC691F263F1EF7EE20D3DCAC0C318AF	CD09A6333BC10479DF47D6DB24DC4656612526C2E8BB641E5FBAD2CFC883DBDF
/run/systemd/journal/streams/.#9:87923Grwg9L	ASCII text	9894F6747CA2BC11CB2EF24A70B12420	C5F0CC3FF50D6467412C9522D3438D70C8BABC01	FBB008DC92AC2D9752280DE75A13E48FC7C724F22DFB15AC2C6BD39F2E19F623
/run/systemd/journal/streams/.#9:879250LjxrN	ASCII text	E1790013A08B1FF827E01EDEC06BBD70	FFD69F4BC4EA296CE3AB1193B6A57A5FE4C0E509	FFD478E1BFEBFE50076FBEBBFA9EE162686B067705C6CD5283B332237998CD8F
/run/systemd/journal/streams/.#9:87926WoPmcN	ASCII text	7EFA6563210A6F0B70586CBD60E1A96F	780889CD42B05AA4E4C6043194895491E8E69B01	34560AA39DA9090C6362BE28BF1975E2992DA3F96FA0F44E5BC3D9CD82881E80
/run/systemd/journal/streams/.#9:87927aAy3yO	ASCII text	817CE9AFACF57F0137D04ACFA6615BB3	39FE558E3A29968BC9AD4D9C1F937DC9C05BD4BD	1C491FC8627974E78B00BBC5748CECD72CDEA17E30BDFBE5B66E27B08C0EED30
/run/systemd/journal/streams/.#9:87928ceckJP	ASCII text	58ADB04DD3EE80D015451C400D3EE3BA	FD640EE3DD7D91E52711D9DBFE32A0D3A0E08956	28D5A94FCBBBB3292E578D0C1FA700731EED34CD281E2326985A464283FBDAEF
/run/systemd/journal/streams/.#9:87934cVCR5P	ASCII text	CABB39EE79244B0ABAEBDAAAB38C2442	1A64DA6224F401E2BDC613DFE8AF2FD3E4C31088	3128CD94C6128D1E9C4E29B7134C3774810030BF7D0A4D0B8CD19268F505B0D8
/run/systemd/journal/streams/.#9:879353HndsQ	ASCII text	E08887C199C101FFA3CC691A4DF02294	FF4144ABE5F229D32A72BCD4FE0FDC9655BC8FB9	2EC596433C358056ED6E41FF6C01C114017394E2E222ED39DCB4C6EC59F33DE8
/run/systemd/journal/streams/.#9:87937J9WPTO	ASCII text	D25F43FF3377DEE5EE32A792FA421548	E1EC022F918236373F6D01CC67B03C794C344654	3FFA63B52971387AE852C76077CA1A2B2984BA2A9BC4AA9F341562C85B22AEB8
/run/systemd/journal/streams/.#9:88053LfuNUM	ASCII text	D5D567219716EF759F0B41A4B3FC9259	4DD51A9781EA33335CCF34FBABA1C3957E9A6018	51C1C1943F5284C181B2B2F218CA6745105E86EB47A785965E0C16B6C55E5284
/run/systemd/journal/streams/.#9:901061qCWp5	ASCII text	34959C4264C6B90810C736AF51B4E66B	C22C1A5E6B1ACDC312B9157D293CB750D34F3ACF	3B374DA29F13E73F921D52BADA0C7F8756BCABE7246E118328A692A734EAB003
/run/systemd/journal/streams/.#9:90107B9QUK1	ASCII text	E4577E2AB8671378B7F6D173FE2F4312	29FB8CF12E21B22300FD7995780D4E54B1824580	BEC43A4D9932B05A5A6540C35C59EF64CAAFB41628F76E529DD1FDD1AAF7E486
/run/systemd/journal/streams/.#9:90108he1KL2	ASCII text	39C7F0BA6BC2F3A4635E5531D6E4E371	C3655979DAEBB772F1378025D9293FABBB944360	98C26FE71FC18D6F1175A663430F08186AB20FA057BD1F579BB69CB3E360DEDD
/run/systemd/journal/streams/.#9:90109X8hPg4	ASCII text	90C92C03F8DFBEBC3213ECB049B13BFF	9C2007C03FE9458086184CEB2FF85144936E2F01	A9283AC9C3015154726917BFBE220E53BEDAC6A2629F7F0AC9CB7117E2E3D5CC
/run/systemd/journal/streams/.#9:90110VnqP52	ASCII text	E7D361FD2F8A172C34EA86ACBCB92D6B	EEC00BDAE759913A78310F8ECF560EDB71BE4A25	8B4B536E95C51C828C45730B28259345F0D41DFEE6EB7E1B1077B961C092DE75
/run/systemd/journal/streams/.#9:90111H9Pp03	ASCII text	A3DABF3A80DA9D762F265B3690AA6111	3A4242A88D909D69F015772CFBD622FA2B58D55E	3D05C991B3A7A250672A846847BEE9BDC995E921C053DDE4E55991D6526FC354
/run/systemd/journal/streams/.#9:90118iD3XC1	ASCII text	612CA9776562357EC7DACE48E2F978EB	ADEBA5ADC8A03918EBC64E2A2FE06FFE8AD2D56A	A101A2A85C66EF37DEFD1A5D688E4167D7BE9486A712DDDE224835E99A4C3949
/run/systemd/journal/streams/.#9:90124Q3swb3	ASCII text	9A5399C98427FA9FAA5763262B4A7E5A	DE1AEB95C33D366A249393B96D58C2B31C2CD7FC	26E5A3887DFB4C484EB590B193D913D97859911F4B56362B9B7ADAD5E049BD41
/run/systemd/journal/streams/.#9:90125LWPas5	ASCII text	283D1A325996FB9B26ED35E467DB74D4	FE46C58A9E1DEFF2380A52030EF05CB2FE515F9C	935E5F2B8DCAB0A158DB306C048D0766E6AECFFBE243100056C7B61A77E7D722
/run/systemd/journal/streams/.#9:90126RJJAg3	ASCII text	CDC186387674ACBC5D7C91302DFA9EE3	D29B5F58AE3D511D9B3346C6AB6D853EDF36E72C	83B8A3B3B150ABF80319264EFB202FF05B052985EEC671633D429D1A64F22AE2
/run/systemd/journal/streams/.#9:90134pTZu71	ASCII text	41D7E6F5C9FC10D39F89FE3120A7C6B2	2E1C4E43EBD0C6EE7EBAE6C07CF621E676CBE689	AC2B7CE5307831B00D802B80D222995D1082633E200FDB533EF2E7248BAEEC00
/run/systemd/journal/streams/.#9:901426FLl32	ASCII text	358CFE2DFF7BF5F1EA270F14B3618CC0	8B0F2C7AFA3F1E6A63B9555CEDCE048E93EF55DD	D4F5C5DB5938A2B389E00DB8808A6368F191DA808487437DE3B3702E29182BA6
/run/systemd/journal/streams/.#9:90143A1TkV2	ASCII text	F6CB296D2848E2D017A4458204244005	042C58D3E8DCBC62D6FDAC2E222906DB1116D8BD	B5C5DDEE46E36FCBE55DEAC3B5487E857003EFAAA8386E2E0624EC14C5FBDB33
/run/systemd/journal/streams/.#9:90272SPBXn5	ASCII text	B03C4FEC1FA4D68C90AA3C7F6F32D16B	4C2F832120EE214088F3C4A793871EBD65D68B5E	EA58FE79751D275CDCDB0C3C7F396CFC88F088D742A16927BFF361B26C16341D
/run/systemd/journal/streams/.#9:90277CHodV2	ASCII text	89034AC13320658F74FA3030B8BC915E	5FCA77E964F972C6D3C7E9C54C17FBBEBB9BF542	7E5477BAB3896DF2B49F102F2E0AF933A556D326CF2D76D23998F9F3D8A8CC80
/run/systemd/journal/streams/.#9:92288pvWRgh	ASCII text	138DDF69F7FADA1BB194A1313A3FF5AB	443D05FCEBAC791FA30C5DFDE86FE0E45D89F2AC	A7E85966B43A1F6FB0EB1DE26CBB0FB927BDDC816D9313020BE81E43D59DCB0B
/run/systemd/journal/streams/.#9:92289ALLNIi	ASCII text	2D7B8E089CA2A67667EA1DA6D13039A9	0AD65B305876F8F1EC4C33ABCAC843A3BCEEA2DC	0026BA17B06AEBEE924306205BB71F3876DFE06300533D02D75785FE5B4315B7
/run/systemd/journal/streams/.#9:92290lEeLNj	ASCII text	EAD51991327B4857F0259FB6ACBB006A	07FB48025E011284AADC0C76BAC385519CB9CA38	9C70107DFE58B29ABD03071868B95F2A3EF9FCFE425DE8B876289997C413AE9E
/run/systemd/journal/streams/.#9:9229288OPxg	ASCII text	D4B6D8BA4A46998C27278A0FCFF62075	2BD7847D5A195B4B0B36DA621747D02D0AF69493	0EADCB1E3F6CFD12B9930C752681488E8AC93A4CDACE9E86D854EBED18F8F1CD
/run/systemd/journal/streams/.#9:92293StClhi	ASCII text	97C7DCEA75B79DDDA678AF4DE16E0936	9042F0A1A0124E20509CBEBDD8BCAAEF5707C277	E730735A71721AFFB25843B9AF394F082D77EF171F0C80F3E4DB4614CC35AA79
/run/systemd/journal/streams/.#9:92294YLOYmj	ASCII text	3B776A34449536F8CB57F4AEA608AD2F	9C82899327871E0D73FC508514CC4D120A95B5CB	E0CF0D420AED59799145D9C6920EC5A9C60DE2B5F21A0E2420A62DE2F33A4D12
/run/systemd/journal/streams/.#9:92295exTuFi	ASCII text	42A100B74194E9CAF9A3ABA4095BE7C9	A03BFA756FC8103A478BFF28EE8E0B23C07C9583	22930DE62E846741EB7BBABCE97A616D502598CD3BC440530E245B419420D748
/run/systemd/journal/streams/.#9:922963Ji51f	ASCII text	DC4549EE5A96F1D32EDC9CFDDAE4BFF2	5C7B7D4D8309670E9FC502F301A80231E863A1FB	E3823F63CD9F1883F325EE05F68EF5495136225F73F989B609C52984AE479FCD
/run/systemd/journal/streams/.#9:92305r7kxKh	ASCII text	861350808A9E8FA34A992103A0B4A1DA	AA564FB20E0F1575769A2F132BA4E54FB6EB2DDA	1E0452E97BE8B3822AB639B3EFDF235FD080C8AD54014EC0945029BD80A3AC0F
/run/systemd/journal/streams/.#9:92313sSJtmj	ASCII text	0E4FA0726BECD928DFD592D8D9EE6D2B	A7465798EE88F7CB0C9BDFB5C21DEFC72A908A47	3EB9B2EE709E5A2217A338F7D0F9B4CBEE8176F7B979E5805299BF300CC19CFD
/run/systemd/journal/streams/.#9:92320ZCXSXf	ASCII text	F96D46C3103BF48558DA857B87A68F54	BDB040EB4ECBCB672DAB4C358D759558DE09EB51	F16B0D97F4A4C35DEB8486DE326CAE55472680DC13FC222768D6A45ECD6D874F
/run/systemd/journal/streams/.#9:92321sqJqlk	ASCII text	7412062DB16407E318FD1A62EA44747E	B23129366D173AF5275BE4D0667CC026CF84992B	7399D30E8095A2F6518D364343B68901497A37C747FAE5ADB826D4222199F164
/run/systemd/journal/streams/.#9:92322uVGeli	ASCII text	F5DB2574AF8B050DA735B148302F82D8	9309472646FBCDEA4EA09A5C0007A5AC0E0C6754	BFCD499AC16EE6D5C622D66DF516787D9F3DC8CDEAB3E8E14F1393874978AE2F
/run/systemd/journal/streams/.#9:923237k6B3j	ASCII text	389C89057E45E69A94E5365EDEAF9EA6	06315BFF10F398B08F6C84E90415E932DBAC896A	B77E7BF13AD17634B3F2D1BDF42ED06E2BF519346EC5F9EB233493AA9F44BE0D
/run/systemd/journal/streams/.#9:92443CM6Wfh	ASCII text	34167FD52677CBF59F1CCAC2A4AD06B6	CCB30276804E8B1323258EBDC16EB1A4E4E866D6	36922450D86B69C61AEFFBED4550D8EA36CA04AC0E4C87FDED6DB05068FB218F
/run/systemd/journal/streams/.#9:92445iZ3lBj	ASCII text	06558F53F7FB421069DD620A7A00A840	1FE2D4EE8B33D5028745C59A4AEAD79D0B0CFB21	615E36222E5298CBAF043ED3EB0045B68A3712C62BFAC2C350E812B283B93710
/run/systemd/journal/streams/.#9:93901n4l7lK	ASCII text	55450B13E42286DBCFE20E78A642108A	2CCC49CE7084E9E9B73F5C605648E5900B65E24D	72371373B7224D47294211D15E205753174EE47460FC310D6621D4D4C78DECEF
/run/systemd/journal/streams/.#9:93927bG6RkL	ASCII text	6398F82AC8CA05C9175A78617846543C	23B83B9EFF17E5DC0DA91184476A84039179A6E4	D6F32D14BB552FBF784B7A42E36AC56D212EBD5FF50CD7B0BE641052A00BFF50
/run/systemd/journal/streams/.#9:93932s7hh5L	ASCII text	AA9B4401ECADD71FC24B61111A4868E2	44059A4A9AFA6A04C113D05F5563F1C6003ACEFB	2557DE0F60F21804039877C6343188B1F3EAA77CFAB7C7250FCD2C0EC45F1CF8
/run/systemd/journal/streams/.#9:93986XCYIvJ	ASCII text	C4E0E2116653E710A8A4697386A5DD8F	B95223A96DAA97101754FA43CEDE73DAA5BAB11F	DCB13E8B30B949C29C6D85EAEE62C45E8FC6F6E4E6A057631526D9679C93E1EB
/run/systemd/journal/streams/.#9:94004ZO5xFJ	ASCII text	E06EA978E790ED2A0B2A38E0E17EB76B	1BF2419D03553AE53176899C6924F9685A93E163	97721F7846956893358AD2CBF33079C2E060FC6759798A81C56AE1242F8DDD7E
/run/systemd/journal/streams/.#9:94010pqLsxM	ASCII text	11FEBE630A29C24846D0BDE43B488765	9FBDD25842D3E6985D1EA9B2680E1335ECA51C22	82ACEDAC153DCBF10182C1CC549558D652DCC43BC311F98163A757232CEB43BC
/run/systemd/journal/streams/.#9:947701XjggL	ASCII text	70BC21FD7E3E56D35B9877AAD1579F86	984DB6E5D0C1821FC63E540C927FDCC88BAE8013	CF9B8D7FF46CCAA04DC9185156480C4C426B820B197B7D37673CB3BE9FE536B4
/run/systemd/journal/streams/.#9:94771Gl8HMJ	ASCII text	2CCE3839E2B3E630248F5995EF15DBAA	590FD1C4E9D5AB8D8B67880A584024382B5CE744	C1F1D8427795BD671D62A40A032F39751805F363356C0A7B0B9674D3BB37BC4F
/run/systemd/journal/streams/.#9:94772FdZXNL	ASCII text	D3717793F0B4C5303EF8713C9ECE08D9	E6E703D6B4AC35443047AEB76379AC2D66FD3CB3	E951CAEED5864721813754014C0BCCA22626485D5EB2A0D5B8BB259699C665AB
/run/systemd/journal/streams/.#9:94773dcAnDJ	ASCII text	6169F8B24C48D4B481BD7D0960FF1078	814206E0A8F86E18667E763E28AA53777F23E122	54D3D415AC5F3AFBECE037AC5478AD2CD1E0B51CD47BE7B76726890F8D30D658
/run/systemd/journal/streams/.#9:94774csK76L	ASCII text	1FB8E6CE48F93B2AF16903D89734709D	7E0DC35664A287286A1F7885E8272010B32E5145	A69D5284E447D7B3C8648CBE03256406A45B39B7818C10AF6FA0388AF748C7D8
/run/systemd/journal/streams/.#9:947751WK9ZJ	ASCII text	2EB701969CAAAB404AD914B84052EC3A	B73D3C5DB1BAC374D65A2A5909534755D9D65CA3	E81F53E25B8F20C314B9CDF1340E4BD3C087970EAFEB33E0D969FBA6BEE71AE4
/run/systemd/journal/streams/.#9:94776WNaulJ	ASCII text	81010C6227123FAEEFA60CD751757A80	A0824E1949B325BB3B1FBF1B88C459C862A67788	0B5AC10035C535CDFBE3BE9E7B3A8E0CC0B1B10CB2BF2D6300558090E788FBE2
/run/systemd/journal/streams/.#9:94777BSPBkM	ASCII text	E3609D08D42056D73FFA507FB759BAF4	2B9C473C68682A76075AB89B11ADC623CAEF47F6	53595E52BDD4544A346FAB5DF439A916827061EF7DC6C5D3BCFEA1FEEA23150B
/run/systemd/journal/streams/.#9:94778su6BDM	ASCII text	0D2955561FDE3436E34197A378524A05	EADDBD077FC6A01B432F03C86A78553698C51389	8278D89AC5DABB99A537F3B2C9B914A15B6C8475EF3E997A1FC46027E6ED42D6
/run/systemd/journal/streams/.#9:94785k6sONJ	ASCII text	504E8F9830CF7E499EBA5C2771F4D2EA	F5BD98FF4C4B955A31C5A4CE584D82275041E68A	B367919491D749D259A6E80891383D78299C94EB6777147876EB6838B9769167
/run/systemd/journal/streams/.#9:94786DhQi8K	ASCII text	9F8ACC0C73381999A54F617F013D066D	69F4F00A62F7E8B567FFB819384FB6C1782C9EFA	68A4B15E5C2FB69BF43FC7697E3662E4A100DC18A5933AB274348B65A408A7C4
/run/systemd/journal/streams/.#9:94787JCWfxM	ASCII text	4814FC9CDAA9CDFF874AE74C4E96FD9F	15CB3B9868C5F2D609AC9780C33591CB3CB1794A	F31E6625113DF2046A8C45B1BDCB8460A539EE96EEAE5B73BB00063950AF6F89
/run/systemd/journal/streams/.#9:947965Rev7J	ASCII text	9E47A260CA9DFA96AFAFDE39F692D70D	D0F43257FF30ED11B2A85B5E941FB74789C1CD50	96123CC93344E1BC8C3820642E958A15613A837077025D0258FCD703EE63BE3C
/run/systemd/journal/streams/.#9:94797QhqQGJ	ASCII text	95AE5AF94AF0BA490652404E39AF2380	94052FE0FCBBD23C5086B1915CDC120BC0D52885	0379D0B252C8451DBE23DEE5A8245AEC7B812F9FB631BDE8EEF62550EC294E9C
/run/systemd/journal/streams/.#9:94798EXfqxI	ASCII text	BDC2B3377B5021A0605B7AB0A2AB5D90	1EF7D1E6948576E8737C42F6BE4807813BDD6C4A	71CBC1E15656A1523F83F44E135D3B71BD616025FD300B2CA80F20E4021672BF
/run/systemd/seats/.#seat02t7NYH	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat031c4NI	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat04ERwdu	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat04YDgPd	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat06oaPkE	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat07wgwlz	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0EQMqO6	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0HsNHWo	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0TtH9Zy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0UNgrww	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0YX0YlX	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0bpxhjZ	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0cvyvUB	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0dqQYFh	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0ew20T8	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0fiIwmK	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0jOgHO8	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0nhfJuy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0qP3Ha3	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0sjCvFy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/user/1000/pulse/pid	ASCII text	7C67E3B1D521D678545C2993D4EE80E6	F2337F6B61FE9E446E34ADBB45CF57D14AA8EA37	6C9932A288E665CED3E6312FB4ADCB08A7BCBAACF7E6F2AC364EF7B97EB6047A
/tmp/qemu-open.BVQzMn (deleted)	data	5DE8DFDDC7FAB7288CAFB40F58749EFE	E57A6BA66AE8E362D2683846F616A6693D95A81D	E8AEB1E3E141F734EC9A546B30945CF93CBCB58DBCB931216DCE3C1F467035B2
/var/lib/ubuntu-drivers-common/last_gfx_boot	ASCII text	078760523943E160756979906B85FB5E	0962643266F4C5537F7D125046F28F21D6DD0C89	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
/var/log/auth.log	ASCII text	FEAA838008EDAE11CD2F830819E35EA4	8E680A4237888625A6782E5F99F0AE8E20342258	A8427600EB732FB5AEB5B10107F9DC279CE11B29AB517E422E9DCE68A4553C6F
/var/log/gpu-manager.log	ASCII text	3AF77E630DA00B3BE24F4E8AA5D78B13	BCF2D99E002F6DE2413A183227B011CFBEF5673D	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal	data	B31B2015B1882B6030B669C91144BDAB	A745B4750131D4BC315C37AF05AB3D82B309B9EB	A4F93236263E906988BA559DC575D516FB454BEA58DB81AC1096BD593FBF95B2
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal	data	1E4285CBA65A213D494440F17A873BFE	5F9F8A46A5BC926F22BF3B9127D8442D6D542272	AE0891CA73DD934E735A7FF5190C8865B4F3E85B6D6B442E54E8F0EC18D95947
/var/log/kern.log	ASCII text	090C7CDA8BEF616839082DF87108CD32	43F6A478B69C612CCBD633B20DAAEED83798C542	42BE32D010A85740458C33B7EF5953350EB5A5C2FE69BDAB4BAF9BAEEB850F21
/var/log/syslog	ASCII text	07EA1FEF0F9BAA738B6692D14C1057D6	86FDAACD4C5CD9D5A86CDB80CAB0B69C2B6861A0	6CCDE814CAE6F6E8495D3B750DEFD1CDFFFBC24A3EB01F3429BED089EA5C1E25

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.mips.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.mips.elf	Virustotal: Detection: 33%			Perma Link
Source: Aqua.mips.elf	ReversingLabs: Detection: 39%

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 6497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6533)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6709)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6940)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7105)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7269)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7440)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7771)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7946)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7948)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.mips.elf

String: EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:50016 -> 89.190.156.145:7733

HTTP GET or POST without a user agent

Source: global traffic

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 6410)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6496)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6544)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6611)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6686)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6710)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6784)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6853)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6927)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6942)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6958)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7102)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7118)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7182)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7259)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7271)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7286)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7349)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7428)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7441)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7456)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7521)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7595)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7608)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7622)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7768)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7795)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7860)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7936)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7949)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8037)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8113)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 6618)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6959)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7031)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7121)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7194)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7288)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7361)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7461)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7533)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7623)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7695)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7798)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7870)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7975)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 8048)	Socket: unknown address family

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic	DNS traffic detected: DNS query: 45.148.10.84
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.411.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37652
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37652 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6237, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6215, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6408, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6409, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6410, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6493, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6496, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6535, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6554, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6611, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6613, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6614, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6618, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6619, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6686, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6688, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6711, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6792, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6796, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6853, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6854, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6858, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6930, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6938, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6942, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7019, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6957, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7023, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7096, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7102, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7104, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7125, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7182, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7120, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7187, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7256, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7259, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7267, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7270, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7271, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7288, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7292, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7349, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7350, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7355, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7428, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7429, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7437, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7441, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7442, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7443, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7461, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7464, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7521, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7522, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7526, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7528, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7596, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7604, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7608, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7627, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7684, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7689, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7690, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7760, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7798, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7799, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7802, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7859, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7797, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7865, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7935, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7947, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7948, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7949, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7975, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8037, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8038, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7976, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8044, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8051, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8113, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8126, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8127, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8138, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8139, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8225, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8232, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8226, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8371, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8381, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8385, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8454, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8499, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6237, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6214, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6215, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6407, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6408, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6409, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6410, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6493, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6496, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6535, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6554, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6611, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6613, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6614, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6618, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6619, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6686, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6688, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6711, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6792, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6793, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6796, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6853, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6854, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6858, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6930, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6938, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6942, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7019, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6957, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7023, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7096, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7102, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7104, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7125, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7182, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7120, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7187, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7256, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7259, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7267, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7270, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7271, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7288, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7292, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7349, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7350, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7355, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7428, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7429, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7437, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7441, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7442, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7443, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7461, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7464, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7521, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7522, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7526, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7528, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7596, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7604, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7608, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7627, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7684, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7689, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7690, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7760, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7798, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7799, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7802, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7859, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7860, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7797, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7865, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7872, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7935, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7936, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7947, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7948, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7949, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7975, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8037, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8038, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 7976, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8044, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8051, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8113, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8126, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8127, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8138, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8139, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8225, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8232, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8226, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8371, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8381, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8385, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8454, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/Aqua.mips.elf (PID: 6235)	SIGKILL sent: pid: 8499, result: successful	Jump to behavior

Source: classification engine

Classification label: mal68.spre.troj.evad.linELF@0/232@253/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6407)	File: /proc/6407/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6415)	File: /proc/6415/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6493)	File: /proc/6493/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6535)	File: /proc/6535/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6551)	File: /proc/6551/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6614)	File: /proc/6614/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6688)	File: /proc/6688/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6711)	File: /proc/6711/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6785)	File: /proc/6785/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6793)	File: /proc/6793/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6938)	File: /proc/6938/mounts
Source: /usr/bin/dbus-daemon (PID: 6957)	File: /proc/6957/mounts
Source: /usr/bin/dbus-daemon (PID: 7104)	File: /proc/7104/mounts
Source: /usr/bin/dbus-daemon (PID: 7119)	File: /proc/7119/mounts
Source: /usr/bin/dbus-daemon (PID: 7122)	File: /proc/7122/mounts
Source: /usr/bin/dbus-daemon (PID: 7256)	File: /proc/7256/mounts
Source: /usr/bin/dbus-daemon (PID: 7270)	File: /proc/7270/mounts
Source: /usr/bin/dbus-daemon (PID: 7285)	File: /proc/7285/mounts
Source: /usr/bin/dbus-daemon (PID: 7289)	File: /proc/7289/mounts
Source: /usr/bin/dbus-daemon (PID: 7437)	File: /proc/7437/mounts
Source: /usr/bin/dbus-daemon (PID: 7443)	File: /proc/7443/mounts
Source: /usr/bin/dbus-daemon (PID: 7526)	File: /proc/7526/mounts
Source: /usr/bin/dbus-daemon (PID: 7604)	File: /proc/7604/mounts
Source: /usr/bin/dbus-daemon (PID: 7689)	File: /proc/7689/mounts
Source: /usr/bin/dbus-daemon (PID: 7769)	File: /proc/7769/mounts
Source: /usr/bin/dbus-daemon (PID: 7782)	File: /proc/7782/mounts
Source: /usr/bin/dbus-daemon (PID: 7796)	File: /proc/7796/mounts
Source: /usr/bin/dbus-daemon (PID: 7799)	File: /proc/7799/mounts
Source: /usr/bin/dbus-daemon (PID: 7872)	File: /proc/7872/mounts
Source: /usr/bin/dbus-daemon (PID: 7947)	File: /proc/7947/mounts
Source: /usr/bin/dbus-daemon (PID: 7971)	File: /proc/7971/mounts
Source: /usr/bin/dbus-daemon (PID: 7973)	File: /proc/7973/mounts
Source: /usr/bin/dbus-daemon (PID: 7977)	File: /proc/7977/mounts
Source: /usr/bin/dbus-daemon (PID: 8051)	File: /proc/8051/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 6237)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6237)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6242)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6428)	File: /run/systemd/seats/.#seat04YDgPd	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6488)	Directory: /root/.cache	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6518)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6554)	File: /run/systemd/seats/.#seat0fiIwmK	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6629)	File: /run/systemd/seats/.#seat04ERwdu	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800713MwSE9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80072XfxKh7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80073gnerj7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80074KF6ldb	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800756BhQC7	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80076EabrO9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80077rw0Wca	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:800787NhtX8	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80085fBd8z8	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80086gZqRla	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80087eNmOG9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80196U0G0T9	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	File: /run/systemd/journal/streams/.#9:80275fWh9la	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6722)	File: /run/systemd/seats/.#seat0UNgrww	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6796)	File: /run/systemd/seats/.#seat0qP3Ha3	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81099qiGGne
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81101IcHxwf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81102m4ytYf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81103f977Zf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81104ZnoIgg
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81105QLHIVf
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81111shZH1b
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:811129UhT6b
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:81113nvCOjd
Source: /lib/systemd/systemd-journald (PID: 6864)	File: /run/systemd/journal/streams/.#9:8207963oRQe
Source: /lib/systemd/systemd-logind (PID: 6870)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6870)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6870)	File: /run/systemd/seats/.#seat02t7NYH
Source: /lib/systemd/systemd-logind (PID: 6962)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6962)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6962)	File: /run/systemd/seats/.#seat06oaPkE
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82787tN1K1O
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82789P7NDOP
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82790RsdsCO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82791517LLO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82792uoqjVP
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82793mCuN6O
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82800wb4xVO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82807JLfSsR
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82808sefazO
Source: /lib/systemd/systemd-journald (PID: 7031)	File: /run/systemd/journal/streams/.#9:82984PpucdS
Source: /lib/systemd/systemd-logind (PID: 7035)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7035)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7035)	File: /run/systemd/seats/.#seat0ew20T8
Source: /lib/systemd/systemd-logind (PID: 7125)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7125)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7125)	File: /run/systemd/seats/.#seat0bpxhjZ
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:846124WZkPa
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84613FJ3Ud9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84614KZp3mc
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84615ut0xl9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84616onrSUa
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84618cON579
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84619d9I6Y8
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:846201we3oc
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:84628kwvELb
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:83924LEn3B9
Source: /lib/systemd/systemd-journald (PID: 7194)	File: /run/systemd/journal/streams/.#9:83925yE5KHa
Source: /lib/systemd/systemd-logind (PID: 7199)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7199)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7199)	File: /run/systemd/seats/.#seat0nhfJuy
Source: /lib/systemd/systemd-logind (PID: 7292)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7292)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7292)	File: /run/systemd/seats/.#seat0TtH9Zy
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85832M3e2XO
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85833kkrZsP
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85834c8Ma5N
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85835X4MNrN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85836sTSJ8M
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85837T2qawO
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:858383R1DdN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85839Rl51EM
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85840XwDedN
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85855dfO4ZM
Source: /lib/systemd/systemd-journald (PID: 7361)	File: /run/systemd/journal/streams/.#9:85942CgTlZP
Source: /lib/systemd/systemd-logind (PID: 7369)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7369)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7369)	File: /run/systemd/seats/.#seat0HsNHWo
Source: /lib/systemd/systemd-logind (PID: 7464)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7464)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7464)	File: /run/systemd/seats/.#seat0sjCvFy
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87922xEjr3M
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87923Grwg9L
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:879250LjxrN
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87926WoPmcN
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87927aAy3yO
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87928ceckJP
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87934cVCR5P
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:879353HndsQ
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:87937J9WPTO
Source: /lib/systemd/systemd-journald (PID: 7533)	File: /run/systemd/journal/streams/.#9:88053LfuNUM
Source: /lib/systemd/systemd-logind (PID: 7537)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7537)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7537)	File: /run/systemd/seats/.#seat0EQMqO6
Source: /lib/systemd/systemd-logind (PID: 7627)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7627)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7627)	File: /run/systemd/seats/.#seat0YX0YlX
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:901061qCWp5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90107B9QUK1
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90108he1KL2
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90109X8hPg4
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90110VnqP52
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90111H9Pp03
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90118iD3XC1
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90124Q3swb3
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90125LWPas5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90126RJJAg3
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90134pTZu71
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:901426FLl32
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90143A1TkV2
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90272SPBXn5
Source: /lib/systemd/systemd-journald (PID: 7695)	File: /run/systemd/journal/streams/.#9:90277CHodV2
Source: /lib/systemd/systemd-logind (PID: 7702)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7702)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7702)	File: /run/systemd/seats/.#seat07wgwlz
Source: /usr/lib/policykit-1/polkitd (PID: 7787)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7802)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7802)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7802)	File: /run/systemd/seats/.#seat0jOgHO8
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92288pvWRgh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92289ALLNIi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92290lEeLNj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:9229288OPxg
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92293StClhi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92294YLOYmj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92295exTuFi
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:922963Ji51f
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92305r7kxKh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92313sSJtmj
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92320ZCXSXf
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92321sqJqlk
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92322uVGeli
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:923237k6B3j
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92443CM6Wfh
Source: /lib/systemd/systemd-journald (PID: 7870)	File: /run/systemd/journal/streams/.#9:92445iZ3lBj
Source: /lib/systemd/systemd-logind (PID: 7876)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7876)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7876)	File: /run/systemd/seats/.#seat031c4NI
Source: /usr/lib/policykit-1/polkitd (PID: 7961)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7980)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7980)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7980)	File: /run/systemd/seats/.#seat0cvyvUB
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947701XjggL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94771Gl8HMJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94772FdZXNL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94773dcAnDJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94774csK76L
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947751WK9ZJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94776WNaulJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94777BSPBkM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94778su6BDM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94785k6sONJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94786DhQi8K
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94787JCWfxM
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:947965Rev7J
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94797QhqQGJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94798EXfqxI
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93901n4l7lK
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93927bG6RkL
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93932s7hh5L
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:93986XCYIvJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94004ZO5xFJ
Source: /lib/systemd/systemd-journald (PID: 8048)	File: /run/systemd/journal/streams/.#9:94010pqLsxM
Source: /lib/systemd/systemd-logind (PID: 8055)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 8055)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 8055)	File: /run/systemd/seats/.#seat0dqQYFh

Enumerates processes within the "proc" file system

Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7440/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7440/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7441/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7441/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6233/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6233/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6235/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6235/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3088/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3088/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1335/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1335/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1334/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1334/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/910/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/910/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7438/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/7438/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/248/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/248/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/6/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/127/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/127/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/128/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/128/cmdline
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/249/status
Source: /usr/bin/pkill (PID: 7440)	File opened: /proc/249/cmdline

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 6500)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6505)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6509)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6513)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6519)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6524)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6527)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6529)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6620)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6623)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6625)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6687)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6692)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6699)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6702)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6704)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6860)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6862)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6865)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6928)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6931)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6936)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7025)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7027)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7029)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7092)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7097)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7099)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7188)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7191)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7195)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7257)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7260)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7265)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7356)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7358)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7362)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7426)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7430)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7435)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7529)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7531)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7534)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7597)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7602)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7691)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7693)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7698)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7759)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7762)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7764)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7866)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7868)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7871)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7933)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7937)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7942)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8046)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8049)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8052)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8115)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 8120)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6506)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6510)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6515)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6520)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6525)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6528)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6530)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6622)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6624)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6626)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6690)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6694)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6700)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6703)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6705)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6861)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6863)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6866)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6929)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6932)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6937)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7026)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7028)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7030)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7095)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7098)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7100)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7189)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7192)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7196)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7258)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7261)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7266)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7357)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7359)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7363)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7427)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7431)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7436)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7530)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7532)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7594)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7598)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7603)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7692)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7694)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7699)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7761)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7763)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7766)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7867)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7869)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7873)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7934)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7938)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7943)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8047)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 8050)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8112)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 8116)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 8121)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 6533)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6709)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6940)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7105)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7269)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7440)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7607)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7771)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7946)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 6618)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6959)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7031)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7121)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7194)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7288)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7361)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7461)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7533)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7623)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7695)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7798)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7870)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7975)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 8048)	Reads from proc file: /proc/meminfo

Source: /usr/sbin/rsyslogd (PID: 6410)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6410)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6496)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6496)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6499)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6544)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6611)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6686)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6710)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6710)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6784)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6853)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6927)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6942)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6942)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6958)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7102)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7102)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7182)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7259)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7271)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7271)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7349)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7428)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7441)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7441)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7521)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7595)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7608)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7608)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7622)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7768)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7768)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7860)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7936)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7949)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7949)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 8037)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 8113)	Log file created: /var/log/kern.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.mips.elf (PID: 6233)

File: /tmp/Aqua.mips.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 6499)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6619)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6858)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7023)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7187)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7355)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7528)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7690)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7865)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 8044)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 6497)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6533)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6709)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6940)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7105)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7269)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7440)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7607)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7771)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7946)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7948)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Aqua.mips.elf (PID: 6231)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6242)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6410)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6496)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6499)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6544)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6611)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6618)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6686)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6691)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6710)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6784)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6792)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6853)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6864)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6927)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6942)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6958)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6959)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7023)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7031)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7102)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7118)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7121)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7182)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7194)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7259)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7271)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7286)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7288)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7349)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7355)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7361)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7428)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7441)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7456)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7461)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7521)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7533)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7595)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7608)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7622)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7623)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7695)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7768)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7783)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7795)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7798)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7860)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7870)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7936)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7948)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7949)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7974)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7975)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8037)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 8048)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8113)	Queries kernel information via 'uname':

Source: Aqua.mips.elf, 6231.1.0000561c18848000.0000561c188cf000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mips
Source: kern.log.47.dr	Binary or memory string: Dec 25 10:33:00 galassia kernel: [ 421.761549] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase
Source: Aqua.mips.elf, 6231.1.0000561c18848000.0000561c188cf000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: kern.log.47.dr	Binary or memory string: Dec 25 10:33:00 galassia kernel: [ 421.761575] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: V/tmp/qemu-open.BVQzMn\t
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/Aqua.mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.mips.elf
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.BVQzMn
Source: Aqua.mips.elf, 6231.1.00007ffdc820a000.00007ffdc822b000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op

ID:	1580692
Product:	CloudBasic
Start time:	17:32:07
Start date:	25.12.2024
Sample:	Aqua.mips.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	3055f55ee41ac5a4b7ab3e8c2582e662
SHA1:	563acfb57039c4a67cb91d8a3970aa229b7e9655
SHA256:	d107d509a6742af967a664a6c4c8199673819add196915a97481e11cc3b678ac
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
Aqua.mips.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report Aqua.mips.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
Aqua.mips.elf