Linux Analysis Report
Aqua.x86_64.elf

Overview

General Information

Sample name: Aqua.x86_64.elf
Analysis ID: 1580693
MD5: a3a91d4d7b1a2a5ae8220ca1b8cc836b
SHA1: 76a2fff69bde33fb736b5c36e6ee5248f434cacb
SHA256: 21130be7fd8faaaeef35b1d0f92cb742b676a4b4764713deb9adb999c59b15bc
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 80
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Found strings indicative of a multi-platform dropper
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads system version information
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: Aqua.x86_64.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: Aqua.x86_64.elf Virustotal: Detection: 52% Perma Link
Source: Aqua.x86_64.elf ReversingLabs: Detection: 50%
Machine Learning detection for sample
Source: Aqua.x86_64.elf Joe Sandbox ML: detected
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5710) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5888) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5989) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6073) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6157) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6257) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6337) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6486) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6574) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6665) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6766) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6864) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6957) Reads CPU info from /sys: /sys/devices/system/cpu/online
Found strings indicative of a multi-platform dropper
Source: Aqua.x86_64.elf String: EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff/fdsocket/proc/%s/stat/proc/proc/%d/exe/proc/%d/stat%d %s %c %d/proc/%d/maps/var/run/mnt/root/var/tmp/boot/bin/sbin/../(deleted)/homedbgmpslmipselmipsarmarm4arm5arm6arm7sh4m68kx86x586x86_64i586i686ppcspc[locker] killed process: %s ;; pid: %d
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:44732 -> 89.190.156.145:7733
Reads the 'hosts' file potentially containing internal network hosts
Source: /usr/sbin/rsyslogd (PID: 5606) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5685) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5734) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5803) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5886) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5898) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5965) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5994) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6063) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6071) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6146) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6155) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6167) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6236) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6327) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6335) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6347) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6485) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6582) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6652) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6663) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6675) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6743) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6771) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6841) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6870) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6934) Reads hosts file: /etc/hosts
Sample listens on a socket
Source: /lib/systemd/systemd-journald (PID: 5739) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6084) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6171) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6265) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6420) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6590) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6679) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6775) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6869) Socket: unknown address family
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 45.148.10.84 replaycode: Name error (3)
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: global traffic DNS traffic detected: DNS query: 45.148.10.84
Source: syslog.463.dr String found in binary or memory: https://www.rsyslog.com

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5433, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1400, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1432, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5414, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5416, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5604, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5605, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5606, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5684, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5685, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5700, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5272, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5621, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5711, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5733, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5734, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5744, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5803, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5804, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5864, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5801, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5886, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5802, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5807, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5892, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5897, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5898, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5963, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5962, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5965, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5966, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5902, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5905, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5990, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5993, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5994, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5995, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6062, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6063, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6067, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6061, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6070, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6071, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5999, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6002, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6077, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6082, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6083, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6145, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6146, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6150, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6144, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6152, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6155, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6084, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6087, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6163, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6166, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6167, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6232, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6231, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6236, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6171, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6174, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6260, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6261, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6262, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6326, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6327, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6331, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6325, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6333, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6335, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6265, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6343, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6346, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6358, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6347, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6352, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6353, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6354, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6422, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6485, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6486, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6496, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6580, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6420, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6510, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6578, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6581, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6582, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6583, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6587, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6651, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6652, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6656, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6650, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6659, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6663, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6590, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6593, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6671, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6674, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6675, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6740, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6739, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6742, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6743, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6679, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6682, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6767, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6770, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6771, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6836, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6835, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6839, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6841, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6775, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6778, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6865, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6866, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6870, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5433, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1400, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1432, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5414, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5416, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5604, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5605, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5606, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5684, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5685, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5700, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5272, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5621, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5711, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5733, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5734, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5744, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5803, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5804, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5864, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5801, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5886, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5802, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5807, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5892, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5897, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5898, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5963, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5962, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5965, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5966, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5902, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5905, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5990, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5993, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5994, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5995, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6062, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6063, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6067, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6061, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6070, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6071, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 5999, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6002, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6077, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6082, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6083, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6145, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6146, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6150, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6144, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6152, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6155, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6084, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6087, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6163, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6166, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6167, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6232, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6231, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6236, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6171, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6174, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6260, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6261, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6262, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6326, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6327, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6331, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6325, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6333, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6335, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6265, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6343, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6346, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6358, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6347, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6352, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6353, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6354, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6422, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6485, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6486, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6496, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6580, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6420, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6510, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6578, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6581, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6582, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6583, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6587, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6651, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6652, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6656, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6650, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6659, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6663, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6590, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6593, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6671, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6674, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6675, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6740, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6739, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6742, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6743, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6679, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6682, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6767, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6770, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6771, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6836, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6835, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6839, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6841, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6775, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6778, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6865, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6866, result: successful Jump to behavior
Source: /tmp/Aqua.x86_64.elf (PID: 5432) SIGKILL sent: pid: 6870, result: successful Jump to behavior
Yara signature match
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: Aqua.x86_64.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engine Classification label: mal80.spre.troj.evad.linELF@0/209@229/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /usr/bin/dbus-daemon (PID: 5605) File: /proc/5605/mounts Jump to behavior
Source: /bin/fusermount (PID: 5610) File: /proc/5610/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5684) File: /proc/5684/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5804) File: /proc/5804/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5963) File: /proc/5963/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5966) File: /proc/5966/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5995) File: /proc/5995/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6062) File: /proc/6062/mounts
Source: /usr/bin/dbus-daemon (PID: 6070) File: /proc/6070/mounts
Source: /usr/bin/dbus-daemon (PID: 6145) File: /proc/6145/mounts
Source: /usr/bin/dbus-daemon (PID: 6152) File: /proc/6152/mounts
Source: /usr/bin/dbus-daemon (PID: 6232) File: /proc/6232/mounts
Source: /usr/bin/dbus-daemon (PID: 6326) File: /proc/6326/mounts
Source: /usr/bin/dbus-daemon (PID: 6333) File: /proc/6333/mounts
Source: /usr/bin/dbus-daemon (PID: 6352) File: /proc/6352/mounts
Source: /usr/bin/dbus-daemon (PID: 6354) File: /proc/6354/mounts
Source: /usr/bin/dbus-daemon (PID: 6496) File: /proc/6496/mounts
Source: /usr/bin/dbus-daemon (PID: 6580) File: /proc/6580/mounts
Source: /usr/bin/dbus-daemon (PID: 6583) File: /proc/6583/mounts
Source: /usr/bin/dbus-daemon (PID: 6651) File: /proc/6651/mounts
Source: /usr/bin/dbus-daemon (PID: 6659) File: /proc/6659/mounts
Source: /usr/bin/dbus-daemon (PID: 6740) File: /proc/6740/mounts
Source: /usr/bin/dbus-daemon (PID: 6742) File: /proc/6742/mounts
Source: /usr/bin/dbus-daemon (PID: 6836) File: /proc/6836/mounts
Source: /usr/bin/dbus-daemon (PID: 6839) File: /proc/6839/mounts
Source: /usr/bin/dbus-daemon (PID: 6935) File: /proc/6935/mounts
Creates hidden files and/or directories
Source: /usr/libexec/gsd-rfkill (PID: 5433) Directory: <invalid fd (9)>/.. Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5433) Directory: <invalid fd (8)>/.. Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5438) Directory: <invalid fd (10)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5621) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5621) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5621) File: /run/systemd/seats/.#seat0k6nTRg Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5680) Directory: /root/.cache Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65094rZvrDV Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65095yiflcX Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65096DMU6zV Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65097I0E5tV Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65098MCMO7W Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65099v10FxT Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) File: /run/systemd/journal/streams/.#9:65111qcSkxW Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5807) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5807) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5807) File: /run/systemd/seats/.#seat0US3HBg Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:66622LWh70s Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:66624293S4t Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:666251dvkhv Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:6662661tezv Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:66634qTX58t Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:66729zemMWs Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) File: /run/systemd/journal/streams/.#9:67591rSfH5u Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5905) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5905) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5905) File: /run/systemd/seats/.#seat0gPJ8IG Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:68214V3AyoM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:68215pqCQSP Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:68216U0aqnQ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:68222JirjWM Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:68228FQQuLQ Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) File: /run/systemd/journal/streams/.#9:67209S3W50P Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6002) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6002) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6002) File: /run/systemd/seats/.#seat07HrFm1 Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:69762cgK8Ye
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:697634MWdJd
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:697648EXiEe
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:69770uepxEf
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:69782Z4ChEd
Source: /lib/systemd/systemd-journald (PID: 6084) File: /run/systemd/journal/streams/.#9:697832wlT5d
Source: /lib/systemd/systemd-logind (PID: 6087) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6087) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6087) File: /run/systemd/seats/.#seat0bNcjVs
Source: /lib/systemd/systemd-journald (PID: 6171) File: /run/systemd/journal/streams/.#9:695141VHQTO
Source: /lib/systemd/systemd-journald (PID: 6171) File: /run/systemd/journal/streams/.#9:69515AX7pOM
Source: /lib/systemd/systemd-journald (PID: 6171) File: /run/systemd/journal/streams/.#9:69516xP6NgP
Source: /lib/systemd/systemd-journald (PID: 6171) File: /run/systemd/journal/streams/.#9:6959696pJeO
Source: /lib/systemd/systemd-journald (PID: 6171) File: /run/systemd/journal/streams/.#9:70695FQ4rNP
Source: /lib/systemd/systemd-logind (PID: 6174) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6174) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6174) File: /run/systemd/seats/.#seat0EGiCS2
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:70542jeUlNV
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:705431OYezT
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:70550Em7eIW
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:70551UniHkV
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:70563kcnEuT
Source: /lib/systemd/systemd-journald (PID: 6265) File: /run/systemd/journal/streams/.#9:70564giMLEU
Source: /lib/systemd/systemd-logind (PID: 6268) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6268) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6268) File: /run/systemd/seats/.#seat0eSJBn8
Source: /usr/lib/policykit-1/polkitd (PID: 6417) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72653Dy4wcE
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72655HkLEuD
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72656Bye0pF
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72658fXMHAC
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72659w0DE2C
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72663sYNwhF
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72665afxofF
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72666ZH2z8F
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72667a58fVE
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72675E5KDtC
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72676PX8Z6D
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72681xf31HC
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72682Jjh1EG
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72684vEsgdE
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:72692zmWIZF
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:73734wIMTgF
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:73850qfap0F
Source: /lib/systemd/systemd-journald (PID: 6420) File: /run/systemd/journal/streams/.#9:73870l4HkFC
Source: /lib/systemd/systemd-logind (PID: 6425) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6425) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6425) File: /run/systemd/seats/.#seat0hFtUy0
Source: /lib/systemd/systemd-logind (PID: 6510) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6510) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6510) File: /run/systemd/seats/.#seat0NkaQKr
Source: /usr/lib/policykit-1/polkitd (PID: 6569) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:745328JGojx
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:74533kb5Imv
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:74534gAkvru
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:74545lGFc4s
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:74552BShl7s
Source: /lib/systemd/systemd-journald (PID: 6590) File: /run/systemd/journal/streams/.#9:74553OKLxlv
Source: /lib/systemd/systemd-logind (PID: 6593) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6593) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6593) File: /run/systemd/seats/.#seat0JgCZiJ
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76043xeCuGe
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76044EJPqPe
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76046joOX7d
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76047X3N7Dg
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76054WHu6We
Source: /lib/systemd/systemd-journald (PID: 6679) File: /run/systemd/journal/streams/.#9:76079BuFj3e
Source: /lib/systemd/systemd-logind (PID: 6682) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6682) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6682) File: /run/systemd/seats/.#seat0mgYsns
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:76539xmt0zw
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:76540W44D6u
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:765414WKdMu
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:76549AfAQOs
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:765507mAYou
Source: /lib/systemd/systemd-journald (PID: 6775) File: /run/systemd/journal/streams/.#9:76568gyJggv
Source: /lib/systemd/systemd-logind (PID: 6778) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6778) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6778) File: /run/systemd/seats/.#seat08oXQWI
Source: /lib/systemd/systemd-journald (PID: 6869) File: /run/systemd/journal/streams/.#9:77619TnxQdC
Source: /lib/systemd/systemd-journald (PID: 6869) File: /run/systemd/journal/streams/.#9:77620wLjoGA
Source: /lib/systemd/systemd-journald (PID: 6869) File: /run/systemd/journal/streams/.#9:77627BnKTgD
Source: /lib/systemd/systemd-journald (PID: 6869) File: /run/systemd/journal/streams/.#9:77633AIFdBA
Source: /lib/systemd/systemd-journald (PID: 6869) File: /run/systemd/journal/streams/.#9:77640nZGcnC
Source: /lib/systemd/systemd-logind (PID: 6874) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6874) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6874) File: /run/systemd/seats/.#seat0hPJzFZ
Enumerates processes within the "proc" file system
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/238/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/238/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/239/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/239/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/19/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/19/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/240/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/240/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/3095/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/3095/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/241/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/241/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/242/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/242/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/244/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/244/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/245/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/245/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/246/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/246/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/5/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/5/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/247/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/247/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/127/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/127/cmdline
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/6/status
Source: /usr/bin/pkill (PID: 6157) File opened: /proc/6/cmdline
Executes commands using a shell command-line interpreter
Source: /usr/bin/gpu-manager (PID: 5687) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5692) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5694) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5696) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5698) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5701) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5705) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5707) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5868) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5870) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5872) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5874) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5876) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5880) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5882) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5884) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5967) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5972) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5974) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5978) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5980) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5982) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5984) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5986) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6068) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6151) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6237) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6239) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6244) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6246) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6248) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6250) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6252) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6254) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6332) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6483) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6487) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6494) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6497) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6499) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6501) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6503) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6505) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6657) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6660) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6662) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6744) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6746) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6751) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6755) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6757) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6759) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6761) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6763) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6842) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6847) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6849) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6851) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6853) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6855) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6857) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6859) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6940) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6942) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6944) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6946) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6948) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6950) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6952) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6954) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/sh (PID: 5688) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5693) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5695) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5697) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5699) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5702) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5706) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5708) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5869) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5871) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5873) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5875) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5877) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5881) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5883) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5885) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5968) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5973) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5975) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5979) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5981) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5983) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5985) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5987) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6069) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6153) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6238) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6240) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6245) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6247) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6249) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6251) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6253) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6255) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6334) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6484) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6488) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6495) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6498) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6500) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6502) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6504) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6506) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6658) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6661) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6745) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6747) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6752) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6756) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6758) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6760) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6762) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6764) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6843) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6848) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6850) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6852) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6854) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6856) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6858) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6860) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6941) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6943) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6945) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6947) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6949) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6951) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6953) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6955) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Executes the "kill" or "pkill" command typically used to terminate processes
Source: /usr/share/gdm/generate-config (PID: 5710) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5888) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5989) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6073) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6157) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6257) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6337) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6574) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6665) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6766) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6864) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6957) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Reads system information from the proc file system
Source: /lib/systemd/systemd-journald (PID: 5739) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6084) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6171) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6265) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6420) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6590) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6679) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6775) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6869) Reads from proc file: /proc/meminfo
Reads system version information
Source: /sbin/agetty (PID: 5700) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 5801) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 5962) Reads version info: /etc/issue Jump to behavior
Source: /sbin/agetty (PID: 6061) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6144) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6231) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6325) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6422) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6650) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6739) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6835) Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6871) Reads version info: /etc/issue
Source: /usr/sbin/rsyslogd (PID: 5606) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5685) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5685) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5686) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5734) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5803) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5886) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5886) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5898) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5964) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5965) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5965) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5994) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6063) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6071) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6071) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6146) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6155) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6155) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6167) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6235) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6236) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6236) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6327) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6335) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6335) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6347) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6482) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6485) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6485) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6582) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6652) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6663) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6663) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6675) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6741) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6743) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6743) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6771) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6840) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6841) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6841) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6870) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6934) Log file created: /var/log/kern.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6934) Log file created: /var/log/auth.log Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 6939) Log file created: /var/log/gpu-manager.log Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/Aqua.x86_64.elf (PID: 5431) File: /tmp/Aqua.x86_64.elf Jump to behavior
Deletes log files
Source: /usr/bin/gpu-manager (PID: 5686) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5864) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5964) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6067) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6150) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6235) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6331) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6482) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6656) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6741) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6840) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6939) Truncated file: /var/log/gpu-manager.log
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5710) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5888) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5989) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6073) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6157) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6257) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6337) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6486) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6574) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6665) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6766) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6864) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6957) Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /lib/systemd/systemd-hostnamed (PID: 5438) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5606) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5685) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5686) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5700) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5734) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5739) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5801) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5802) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5803) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5864) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5886) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5898) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5902) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 5962) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5964) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5965) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5994) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5999) Queries kernel information via 'uname': Jump to behavior
Source: /sbin/agetty (PID: 6061) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6063) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6071) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6084) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6144) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6146) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6155) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6167) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6171) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6231) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6235) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6236) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6262) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6265) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6325) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6327) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6335) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6347) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6420) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6422) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6482) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6485) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6486) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6582) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6590) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6650) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6652) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6663) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6675) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6679) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6739) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6741) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6743) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6771) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6775) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6835) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6840) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6841) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6869) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6870) Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6871) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6934) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6939) Queries kernel information via 'uname':
Source: kern.log.43.dr Binary or memory string: Dec 25 10:33:03 galassia kernel: [ 115.834024] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel parport_pc ppdev lp drm parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse mptspi scsi_transport_spi ahci mptscsih libahci mptbase vmxnet3
Source: kern.log.43.dr Binary or memory string: Dec 25 10:33:03 galassia kernel: [ 115.834048] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
89.190.156.145
 unknown United Kingdom
7489 HOSTUS-GLOBAL-ASHostUSHK false

Contacted Domains

Name IP Active
45.148.10.84 unknown unknown