Linux Analysis Report
Aqua.mpsl.elf

Overview

General Information

Sample name:	Aqua.mpsl.elf
Analysis ID:	1580707
MD5:	d8dfbfc53a20ad9187c3cf6fe092c0aa
SHA1:	772bad2d9dfe1618595b38bee2a1f194a968527a
SHA256:	d4deb230b0334d1172c8321886a16a78a5eed219c97aa24ba9b1dcbf2ddac8a7
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.mpsl.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.mpsl.elf	ReversingLabs: Detection: 39%
Source: Aqua.mpsl.elf	Virustotal: Detection: 34%			Perma Link

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6043)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6267)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6581)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6737)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6900)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7071)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7226)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7389)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7546)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7689)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.mpsl.elf

String: 'EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.14:57246 -> 89.190.156.145:7733

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 5693)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5773)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5816)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5951)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6029)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6044)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6114)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6181)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6260)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6269)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6277)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6341)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6414)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6425)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6435)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6497)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6572)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6584)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6593)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6733)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6747)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6814)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6892)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6901)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6922)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6986)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7061)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7073)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7084)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7223)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7236)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7303)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7381)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7390)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7462)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7536)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7547)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7558)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7690)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 5956)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6278)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6351)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6436)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6507)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6592)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6664)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6752)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6825)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6924)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6997)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7083)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7154)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7238)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7312)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7401)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7472)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7557)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7626)	Socket: unknown address family

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Source: unknown

DNS traffic detected: query: 45.148.10.84 replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic

DNS traffic detected: DNS query: 45.148.10.84

Source: syslog.356.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 661, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 725, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 791, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1289, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1309, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2991, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5493, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5494, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5693, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5694, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5698, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1300, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5773, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5774, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5789, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 769, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1299, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2955, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5890, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5893, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5950, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5951, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6029, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6032, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6025, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6044, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6045, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6119, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6120, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6121, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6181, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6193, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6414, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6352, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6425, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6436, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6437, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6440, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6501, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6502, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6572, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6508, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6593, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6657, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6658, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6666, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6733, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6734, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6753, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6754, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6892, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6894, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6827, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6901, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6902, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6984, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6986, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7060, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7061, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7058, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7072, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7073, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7083, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7088, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7084, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7149, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7224, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7238, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7243, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7246, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7303, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7307, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7315, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7390, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7401, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7402, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7405, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7462, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7466, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7467, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7536, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7547, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7557, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7562, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7558, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7625, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 661, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 725, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 791, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1289, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1309, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2991, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5493, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5494, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5693, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5694, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5698, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1300, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5773, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5774, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5789, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 769, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1299, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2955, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5890, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5893, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5950, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5951, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6029, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6032, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6025, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6044, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6045, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6119, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6120, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6121, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6181, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6193, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6414, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6352, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6425, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6436, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6437, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6440, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6501, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6502, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6572, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6508, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6593, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6657, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6658, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6666, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6733, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6734, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6753, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6754, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6892, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6894, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6827, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6901, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6902, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6984, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6986, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7060, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7061, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7058, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7072, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7073, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7083, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7088, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7084, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7149, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7224, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7238, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7243, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7246, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7303, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7307, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7315, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7390, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7401, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7402, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7405, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7462, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7466, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7467, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7536, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7547, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7557, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7562, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7558, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7625, result: successful	Jump to behavior

Source: classification engine

Classification label: mal68.spre.troj.evad.linELF@0/239@229/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5698)	File: /proc/5698/mounts	Jump to behavior
Source: /bin/fusermount (PID: 5699)	File: /proc/5699/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5774)	File: /proc/5774/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5817)	File: /proc/5817/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5890)	File: /proc/5890/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6032)	File: /proc/6032/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6045)	File: /proc/6045/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6115)	File: /proc/6115/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6121)	File: /proc/6121/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6262)	File: /proc/6262/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6268)	File: /proc/6268/mounts
Source: /usr/bin/dbus-daemon (PID: 6345)	File: /proc/6345/mounts
Source: /usr/bin/dbus-daemon (PID: 6501)	File: /proc/6501/mounts
Source: /usr/bin/dbus-daemon (PID: 6657)	File: /proc/6657/mounts
Source: /usr/bin/dbus-daemon (PID: 6734)	File: /proc/6734/mounts
Source: /usr/bin/dbus-daemon (PID: 6748)	File: /proc/6748/mounts
Source: /usr/bin/dbus-daemon (PID: 6754)	File: /proc/6754/mounts
Source: /usr/bin/dbus-daemon (PID: 6894)	File: /proc/6894/mounts
Source: /usr/bin/dbus-daemon (PID: 6902)	File: /proc/6902/mounts
Source: /usr/bin/dbus-daemon (PID: 6912)	File: /proc/6912/mounts
Source: /usr/bin/dbus-daemon (PID: 6923)	File: /proc/6923/mounts
Source: /usr/bin/dbus-daemon (PID: 6985)	File: /proc/6985/mounts
Source: /usr/bin/dbus-daemon (PID: 7060)	File: /proc/7060/mounts
Source: /usr/bin/dbus-daemon (PID: 7072)	File: /proc/7072/mounts
Source: /usr/bin/dbus-daemon (PID: 7148)	File: /proc/7148/mounts
Source: /usr/bin/dbus-daemon (PID: 7224)	File: /proc/7224/mounts
Source: /usr/bin/dbus-daemon (PID: 7237)	File: /proc/7237/mounts
Source: /usr/bin/dbus-daemon (PID: 7243)	File: /proc/7243/mounts
Source: /usr/bin/dbus-daemon (PID: 7387)	File: /proc/7387/mounts
Source: /usr/bin/dbus-daemon (PID: 7466)	File: /proc/7466/mounts
Source: /usr/bin/dbus-daemon (PID: 7622)	File: /proc/7622/mounts
Source: /usr/bin/dbus-daemon (PID: 7687)	File: /proc/7687/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 5522)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5522)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5527)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	File: /run/systemd/seats/.#seat00MLQ1W	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5768)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	File: /run/systemd/seats/.#seat02mVaDP	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	File: /run/systemd/seats/.#seat033lfys	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69350m4O1SZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69351GqjoPY	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69352MQxNP2	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69354afirf0	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69355Ixlnj0	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69356j2DMTZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69363nS2B90	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:693641T4fzZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69535IwVmw0	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	File: /run/systemd/seats/.#seat04nZ5KI	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	File: /run/systemd/seats/.#seat00hDuMe	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71370Xm3GRe	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:713721Krzth	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71373GMoGBg	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71374kn3okf	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71375z0ESFf	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71376nCG5qg	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71383dlRY1e	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:713853Snh0h	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	File: /run/systemd/seats/.#seat095i7YS	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6284)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6284)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73344ADFsgp
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73345FrdYwp
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73346yzNraq
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73348PZvOfq
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73350c19g8s
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:7335162Thts
Source: /lib/systemd/systemd-logind (PID: 6356)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6356)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6356)	File: /run/systemd/seats/.#seat0863h3M
Source: /lib/systemd/systemd-logind (PID: 6440)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6440)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6440)	File: /run/systemd/seats/.#seat01Rkxgb
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74239dUNFpg
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74240qMaUvg
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74241R2Ibhf
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74242ictUhd
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74243A5yJ5c
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74245TVMgHe
Source: /lib/systemd/systemd-logind (PID: 6513)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6513)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6513)	File: /run/systemd/seats/.#seat0tJJIKF
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753274lgei8
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75328ksCK17
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75329Rk9Xb4
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75330vwDdK5
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753369QXEB4
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753374EZrP7
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75344PV1z44
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:754233dlg97
Source: /lib/systemd/systemd-logind (PID: 6670)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6670)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6670)	File: /run/systemd/seats/.#seat0xyiQ5z
Source: /lib/systemd/systemd-logind (PID: 6757)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6757)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6757)	File: /run/systemd/seats/.#seat0K117A9
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76668I7H69g
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766690fvwkf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76670KmRUqj
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766711GQaOf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76673FaquWf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766740u7q5i
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766803ASJgh
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76681rD8hVi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76724Yh3xZi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76773NnQoci
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:77905jQjDOf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:78004IOdjDi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:781089weTaf
Source: /lib/systemd/systemd-logind (PID: 6833)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6833)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6833)	File: /run/systemd/seats/.#seat0N5AIFU
Source: /usr/lib/policykit-1/polkitd (PID: 6917)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6927)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6927)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77809h9udzj
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77810XKpuAf
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77812mNzHhg
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77813r97oHg
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77814bsUQFh
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:778159SFe7g
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77822GRsfkj
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77823QkcfRh
Source: /lib/systemd/systemd-logind (PID: 7001)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7001)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7001)	File: /run/systemd/seats/.#seat0cILnCy
Source: /lib/systemd/systemd-logind (PID: 7088)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7088)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7088)	File: /run/systemd/seats/.#seat0t7ewib
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80640XHavpb
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80641FPJrNb
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80642O1tQL9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80643J6T1l9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80650L9Cwr8
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80651D5SIta
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80658mT52B9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:79730M24Qda
Source: /lib/systemd/systemd-logind (PID: 7161)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7161)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7161)	File: /run/systemd/seats/.#seat0Z4Q9cE
Source: /lib/systemd/systemd-logind (PID: 7246)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7246)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7246)	File: /run/systemd/seats/.#seat0gHwBm6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:815094Yl3c8
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81510lSu1f6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81511Ph1XJ4
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81512LKqN24
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81518mfnks5
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81519TA7FW6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81520jjYUZ7
Source: /lib/systemd/systemd-logind (PID: 7323)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7323)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7323)	File: /run/systemd/seats/.#seat0mxq7xU
Source: /lib/systemd/systemd-logind (PID: 7405)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7405)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83384nkpi69
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83385qY1ufb
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83387zkBwVd
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83388p65YQa
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83389TKi6Vb
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83390ACoZYd
Source: /lib/systemd/systemd-logind (PID: 7478)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7478)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7478)	File: /run/systemd/seats/.#seat0M4DRIF
Source: /lib/systemd/systemd-logind (PID: 7562)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7562)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84457B804OP
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:8445843zHGQ
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84459gIHfFO
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84460xI4OgR
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84472IwOgJO
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84473r2bcQP
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84474RpZc9P
Source: /lib/systemd/systemd-logind (PID: 7630)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7630)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7630)	File: /run/systemd/seats/.#seat0uZc7m8

Enumerates processes within the "proc" file system

Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/environ
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sched
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/cgroup
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/cgroup	Jump to behavior

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 5779)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5781)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5783)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5785)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5787)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5792)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5794)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5796)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5958)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5960)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5962)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5964)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6026)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6030)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6036)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6038)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6186)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6188)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6191)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6194)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6242)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6259)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6347)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6349)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6353)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6415)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6417)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6422)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6503)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6505)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6509)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6570)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6573)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6575)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6659)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6663)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6667)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6728)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6730)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6732)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6819)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6821)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6823)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6826)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6829)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6890)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6893)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6991)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6995)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6998)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7062)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7064)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7150)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7152)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7155)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7158)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7219)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7221)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7308)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7310)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7313)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7318)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7320)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7382)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7468)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7470)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7474)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7535)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7538)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7543)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7624)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 5780)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5782)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5784)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5786)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5788)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5793)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5795)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5797)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5959)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5961)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5963)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5965)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6027)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6031)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6037)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6039)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6187)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6189)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6192)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6195)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6258)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6261)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6348)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6350)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6413)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6416)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6418)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6506)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6510)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6571)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6574)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6576)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6662)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6665)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6727)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6729)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6731)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6735)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6820)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6822)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6824)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6828)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6830)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6891)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6895)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6992)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6996)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7059)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7063)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7065)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7151)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7153)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7157)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7218)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7220)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7222)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7309)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7311)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7314)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7319)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7380)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7383)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7469)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7471)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7475)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7537)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7539)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7544)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7625)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 5799)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6043)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6267)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6424)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6581)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6737)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6900)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7071)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7226)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7389)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7546)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7689)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5956)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6278)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6351)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6436)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6507)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6592)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6664)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6752)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6825)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6924)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6997)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7083)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7154)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7238)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7312)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7401)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7472)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7557)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7626)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 5789)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6025)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6193)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6352)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6508)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6666)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6827)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7058)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7156)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7315)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7473)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7627)	Reads version info: /etc/issue

Source: /usr/sbin/rsyslogd (PID: 5693)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5773)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5773)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5778)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5816)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5951)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5957)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6029)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6044)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6044)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6181)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6260)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6269)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6269)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6341)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6414)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6425)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6425)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6497)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6572)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6584)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6584)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6593)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6733)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6733)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6747)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6814)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6892)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6901)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6901)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6986)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7061)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7073)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7073)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7084)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7223)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7223)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7303)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7381)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7390)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7390)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7462)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7536)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7547)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7547)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7558)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7690)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 7690)	Log file created: /var/log/auth.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.mpsl.elf (PID: 5518)

File: /tmp/Aqua.mpsl.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 5778)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5957)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6185)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6346)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6502)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6658)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6818)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6987)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7149)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7307)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7467)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7623)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6043)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6267)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6581)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6737)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6900)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7071)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7226)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7389)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7546)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7689)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Aqua.mpsl.elf (PID: 5516)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5527)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5693)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5773)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5778)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5789)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5816)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5951)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5956)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5957)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6025)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6029)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6044)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6114)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6181)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6185)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6193)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6260)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6269)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6277)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6278)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6341)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6351)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6352)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6414)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6425)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6435)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6436)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6497)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6507)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6508)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6572)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6584)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6592)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6593)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6664)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6666)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6733)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6747)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6752)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6814)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6818)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6825)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6827)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6892)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6901)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6922)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6924)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6986)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6997)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7058)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7061)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7073)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7083)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7084)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7149)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7154)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7156)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7223)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7236)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7238)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7303)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7307)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7312)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7315)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7381)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7390)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7401)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7462)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7472)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7473)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7536)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7547)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7557)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7558)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7626)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7627)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7690)	Queries kernel information via 'uname':

Source: kern.log.41.dr	Binary or memory string: Dec 25 10:45:14 galassia kernel: [ 125.067787] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel parport_pc ppdev lp drm parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi scsi_transport_spi mptscsih vmxnet3 libahci mptbase
Source: Aqua.mpsl.elf, 5516.1.000056116f01c000.000056116f0a3000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: Aqua.mpsl.elf, 5516.1.000056116f01c000.000056116f0a3000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mipsel
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/Aqua.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.mpsl.elf
Source: kern.log.41.dr	Binary or memory string: Dec 25 10:45:14 galassia kernel: [ 125.067805] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.AGXyWj
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /qemu-open.XXXXX
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: V/tmp/qemu-open.AGXyWj\t
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false
89.190.156.145	unknown	United Kingdom		7489	HOSTUS-GLOBAL-ASHostUSHK	false

Contacted Domains

Name	IP	Active
45.148.10.84	unknown	unknown

Name	Type	MD5	SHA1	SHA256
/run/systemd/journal/streams/.#9:69350m4O1SZ	ASCII text	FF0FA547216551B4CD0285687D8EFF24	9B822FDF10AB1A9F1E268522B78828A5F9342B6C	972DB6F42DEC004C6EB691C6D7B8C6A3CCF7711F3C0580CA8529227401569564
/run/systemd/journal/streams/.#9:69351GqjoPY	ASCII text	8EEB3B33D2C3811B8EDC4731E26EA2E4	51BCD978BE92BEEA9D38C557DC0C93FDF2EB60C8	A8842E1BAFA670B730913EE909138AF9A0DF00772413E26895ADD3C4E43E8FAA
/run/systemd/journal/streams/.#9:69352MQxNP2	ASCII text	10C931E1FC7F1EC702106AAD5A11A206	8FA54D2266EF3BB0E4A942DBEDD1D436ED967F4C	6A55E93FBF66DCB23172917469925C5F2A37E5CB682B114C01C16CBD0CA5DD70
/run/systemd/journal/streams/.#9:69354afirf0	ASCII text	9A24E74A6008D172F1FC75B510F0A519	953E132EF41356196397212524B1D621F042F40B	1AC70B9EEE2311E0C69D3612C52E92E8FC1B03C01EF9C6D749F455416BE16441
/run/systemd/journal/streams/.#9:69355Ixlnj0	ASCII text	F674668C80EB481A426B3EEFB4B91449	845BF02CECD8F3DC95CAA2C8D632D4428D2967F9	16E36BDBD6AC075C8D5240FA3BE010AFB258AD9A5520A47E5695523EAE82FE96
/run/systemd/journal/streams/.#9:69356j2DMTZ	ASCII text	897B2C5C7F1FC5392AD43CD3C4239393	F03FD71BA32485A5B6D516C50D61D11061842C6C	1F318B8F35F9B5AF5E41031F024885245B14DA5D3907419090B3B22C5516B458
/run/systemd/journal/streams/.#9:69363nS2B90	ASCII text	C3630BB60224CEBF8E6332C02FEE8C02	03EF566C8978D9DA9020954A6E2BBA24EE01B377	3C0834DE920FF4E3C1A90142FE3DC513641C8EB6DCB6E82D7B61966122AED1A8
/run/systemd/journal/streams/.#9:693641T4fzZ	ASCII text	F836F835FD2807C5DDF6986B5801F46A	BA35CA1DCD240765B26D99950B1207C4AE1A4613	1D1E843B652CCEB5D59AA25F194333716ACCEDC5985625B33F25E777E6B06AAC
/run/systemd/journal/streams/.#9:69535IwVmw0	ASCII text	082F0713BAC24033D62391F4734256E3	0579453E19923368D0CED54CD1DDFC86CA2F4D67	08016A208248E2333445BCBA11CBFA35CA362F1DF93F224F3E5C44522962DCE4
/run/systemd/journal/streams/.#9:71370Xm3GRe	ASCII text	1C7FF7FA1B5A83D5314FBA567E789234	F52C8C6DA77977EB8DE81B481090A178715FA54A	D407852C483F83201B359D6552CE9F8E1FD3EF6815B9919767192A80B6D42E38
/run/systemd/journal/streams/.#9:713721Krzth	ASCII text	91D468134C49E3B05D2560A6821CF130	CD2724AD52D3B879094F11648E7973546C037BA5	9E4F43DA86DBE452BB3F3B7B0ED1881C32836C619935099C4CE54BBF3192DAE3
/run/systemd/journal/streams/.#9:71373GMoGBg	ASCII text	370798D31DFE21265C491F7F533BB858	292D57382128AD1492336EC85ABB415169C75110	1B9EF6855D8E61A84B82649930DC899EEC1F045C1B56F09AD7689D4FE2487271
/run/systemd/journal/streams/.#9:71374kn3okf	ASCII text	4DC9DA1D36C521D59440E97E77ADD459	B4E9B06B7E1792936E7A1B4E3C3111D96778D99C	BB04D117972642FEBA9A952012C9D9E2BBCCD588A0476F490E2D06DAA73275CD
/run/systemd/journal/streams/.#9:71375z0ESFf	ASCII text	8632BF18B3CE8855446A21F8DA393384	0512171CDABF82C0A5A6CB43EBDE361658B4BF77	A8A0DD2D2F9F56D89668CAACCD9495E72C66D649B0E662B22AC82F892C100D07
/run/systemd/journal/streams/.#9:71376nCG5qg	ASCII text	DBA21AE22F090FB9AC5EA79D86061F67	465D2EDD43A482BC1AAF01F2D1E3E6899DC6379D	3A3D3231F856AAFF1570F4402AFC697198692423DA00389286FA68C839496A84
/run/systemd/journal/streams/.#9:71383dlRY1e	ASCII text	9EB69734726C24771D32D978A908949A	48606A0B9307F1328F0B63B5C39146A8931DF041	46015B0C1097FD89E9B9E39A2BB178D26DF14607A1ECF9E5D54C79D232F175AB
/run/systemd/journal/streams/.#9:713853Snh0h	ASCII text	F03DABFAD1D28AB8AB71CEC551B8A8AC	8DDCD0CD0DBF54F01400D5E10B53B730E56141A0	389F819F1CE0ACE377FBF7B18597052D6AECAF9CDEC42E5C9FF0C134E56ACFD9
/run/systemd/journal/streams/.#9:73344ADFsgp	ASCII text	576A20F2C6BFA25C49AB67773A8323D7	84444EAED65644B09006F3497132C55A9C896E10	6917077C47CB8CA85C93FADDB549D03593503BCE4278DA1B01517336F4F0851A
/run/systemd/journal/streams/.#9:73345FrdYwp	ASCII text	6BE604D85CE2632D63850088FAC639FF	64C02390F3E692A86E92F299D6A115093471AFF4	924F51FC9721439B43533E91EA7A4FEF032B505C299EC78E8EDC68576D9410C8
/run/systemd/journal/streams/.#9:73346yzNraq	ASCII text	85EDD578AB7E3B11F72FD2791BA29DE5	FE2DB9AF2E3DA479B59756980813C223246F142A	A8CF89670E6ACD6423A7C8496662374F45940966F1CCE7CE3F98914E0C81ED2B
/run/systemd/journal/streams/.#9:73348PZvOfq	ASCII text	81E6CEF88464101EDCF2EF07F739DBF0	C9A5975DCA0FF52B2C6C42530624FB10D45FC2D3	8877C7D9001FF88F32AE0C6D1D2FC0F29B6CA8A94AC867A3CB1C684378F5EB1A
/run/systemd/journal/streams/.#9:73350c19g8s	ASCII text	38874080626D0F0D2BC996D618C72407	25482142D71437A91DADFBB0272BE58E58EBE6E4	FCACB78243155E58A314EEED1ED20879FDF8D953EE551ED7EE2D0E4D0FD49643
/run/systemd/journal/streams/.#9:7335162Thts	ASCII text	4EC3900DE05DEB5A07C49941F96BA634	D99F846EBA3C1095543502866F87290245C8D0C9	B50BA1AA74E44E3A1D6E3482784297A3839CAE30422EFAAD8C2534DC4B4B80A9
/run/systemd/journal/streams/.#9:74239dUNFpg	ASCII text	019D6FD84C7389B8213B3B4ECFA5FEB3	EC6D6C31B378AA0AD5E20BA343316082F99B66C1	87F1F685C6C0C90773B4B9E43EADEF582EF78AEC734F611291DB6FF5B59340F0
/run/systemd/journal/streams/.#9:74240qMaUvg	ASCII text	5C5A604208F92C6BE82FDFABC6689B7B	8886552DE890520B2E3423971944335D32B1A3B2	8B69681FBD416F7ED53F09E0FBAC385649CAB9CB0A9CB67B96C4E3BC4D89CE4A
/run/systemd/journal/streams/.#9:74241R2Ibhf	ASCII text	BC028DFBEDEBBA5EE6C4D0758BC87504	D9FC47E7C263F7BCE5EBD61D4EFAEA7BA5501DFD	3A748A66F1A9B4F10F0A4460802E279C6862D0241181CA59953A16A1143422E2
/run/systemd/journal/streams/.#9:74242ictUhd	ASCII text	889272C4FCACF348A1D2DC1088EF7E36	2A09482122B5CB47A1D8339B1F39E31782E3E732	825B0D2D20D32BD9233A7E976FE59A2CDD30AD857F4635185D575810EDAEC6C3
/run/systemd/journal/streams/.#9:74243A5yJ5c	ASCII text	B28EC76F9EF14EE72D7FCD9186AC377D	0C36E0ECB1E07F0C34D96D786114438958BD6D68	00408EBC0BC9CEBBD8CA161764C9B92E83F9283A3B4FA52BD832EF58A2819B31
/run/systemd/journal/streams/.#9:74245TVMgHe	ASCII text	6EF72EC2DF8620384C4F65AA8D640FFD	71D30D7685C8C8C856FE5AA7251FF314FEB18C04	2C8A29E378C561B7A8EF96CEDC204F644829A5E0D22393546BF9CFA4480DE644
/run/systemd/journal/streams/.#9:753274lgei8	ASCII text	BD3307BFCE60EABFE575A751B5C707C1	5D42FFB57D80E4A7A5489B1FFECB7C727F831853	82CE4378FF2787B9AA368CC5F49580481BCF4971DE1925E412F6988A9F6109DC
/run/systemd/journal/streams/.#9:75328ksCK17	ASCII text	FA556A853E75F1D679BA681D4ECC36B1	0D33FC84DA3D8536B22F215A95A280E96988F812	B9A68E8CF8B37C72FB451C23AF639646FFE8009B0BDBA87D0083405EBE6D5AF7
/run/systemd/journal/streams/.#9:75329Rk9Xb4	ASCII text	95930CDB6BA1786C085DECF18EE3C86D	8153FFA1E70B36F7728C5A838AADCB3780BB366E	75CB6B5C93B7654C42927948F9346BAF011D9C206C7456B698CB1722496B5169
/run/systemd/journal/streams/.#9:75330vwDdK5	ASCII text	CCB95B5BA423E378DCBB9A871B37C293	155246DC2D147804EA8DF945E5582E4D860DB5C4	80148BB482D6282C323AB9CD071A05F128F18AAEFC21B4283A4A271A33159A33
/run/systemd/journal/streams/.#9:753369QXEB4	ASCII text	D81B631A18C16F6193A6972646680767	3B38AA54CD733EE7C77AE0340BC18267164D05C2	40DBCC27FFB654834996F08B35DF1031529B7282B948B647458693BB861F2901
/run/systemd/journal/streams/.#9:753374EZrP7	ASCII text	733CE415E3CCC0D73163976475A2B0D7	BC5EC799B99CA57DF236840089C59567634C6991	92AE62DBE4E2D303151B6A6D135B0516750327503FF5670285674AA10E66C462
/run/systemd/journal/streams/.#9:75344PV1z44	ASCII text	0A9C1BDCF5C753A7AFECEDC6E4909EC7	549AC44AE735AB1801EB20A45DC2D9B57B6F000A	9D9759E0CFAFF03B4D6A752A8B95774172947EE5A81B18D40DC473EE0BA9B9EF
/run/systemd/journal/streams/.#9:754233dlg97	ASCII text	BB796FFBB2ABAF5D6E8F9972DD163228	7AB68994F30A78D08864E970C23D0FF75412E9AF	FDF12CAB0254A6B02DC954E63CE30505065E0D749B0EE404FF4150B3D52B9E4F
/run/systemd/journal/streams/.#9:76668I7H69g	ASCII text	1404E3D701831F8F606F966BB4A11613	268C1AFEBCEBEEBEA7A5D7F8134E1F2E0359AC3A	679F7473209D0899DD0F2B39EBE0569EFDEEB2A50CCC1380399691A51F9C184E
/run/systemd/journal/streams/.#9:766690fvwkf	ASCII text	BE9253793685033BFC3F4DA556D5F050	74AF22AFF44912A71B809E8CC3C01687B33723C8	7DFBE674DFA67B50E1E5C96AEFCB38C2066F1DAAB1BF7B134A0B9D7531389B3E
/run/systemd/journal/streams/.#9:76670KmRUqj	ASCII text	B6723409CE8DE0EE5DF920608B13819E	33351A3D0E7AB84876C72C949E3DAF11E3A68214	AFC29DEB91F3FFB705CF7782C62412559896AC5D215018B1E6880EF8BF731D84
/run/systemd/journal/streams/.#9:766711GQaOf	ASCII text	17F4649B356575BEA3D4E322AA7CFBAA	1F0797343AB97AB0C38A70FD033BDD3E620C9A87	6D8802802AB1FC381C7BD490EA6EE6759895B566CB3F8ECE0928246BFE057DE1
/run/systemd/journal/streams/.#9:76673FaquWf	ASCII text	2589B61CB0ADA6A6B260A61A28E20C54	251DD127519E3E3229764B8B05116D49582CDA6F	F1F4DAF49A6ED8B4F3E08D4C2D100686E0ED8F56DC944E5FBCED37313B96501D
/run/systemd/journal/streams/.#9:766740u7q5i	ASCII text	8E490F1E084C7C63BCBDE4D07CC6DEC6	9B95D47970779C11A9F2FD850F59084ABCCDD35E	FA05AC977E318E4E88E3BED8DCCA928BE2321B5B7B5136A2932DD271A0206EE9
/run/systemd/journal/streams/.#9:766803ASJgh	ASCII text	82FE0C0EE0B5D8AA7EE47C8019E81E11	49749A7A2763294998F429266DEA6EEAACFF1BB2	6BAD41B4F2F76F917F4EB3F8D7FFFA544984D69A4FB712830F8DB44B75179FE2
/run/systemd/journal/streams/.#9:76681rD8hVi	ASCII text	7E17B80CA142A78E2DDA81731834DD11	D38C6B29FAB1C67EF4D09EF06F1077EC4D366318	0557C442D2E73C9AECA40D1236C1D2CC5D39259AB956517B3FB57436357BF01D
/run/systemd/journal/streams/.#9:76724Yh3xZi	ASCII text	0E3B03E2A26EBE763676512163B91C37	95BB6E3A21222650B2A72A0222219564ABB84EAA	072B089BDB0E88CA5BA57CEA7FED65FDF047B0964C6EAD7844F1FA3E7E48928D
/run/systemd/journal/streams/.#9:76773NnQoci	ASCII text	96FEB93F2ACBBA6C423C1BD1E42B83F7	3E5FCB515EE53030469B255004FD8FD490A44881	AE51E8D1CA589613E39A9155BDAA612D9C0F62AEA2D8A2080A5A81F178F4276B
/run/systemd/journal/streams/.#9:77809h9udzj	ASCII text	1704ED86894C23DD71923FB5DE6E6BD2	31B4E743D38697A7E27354985082F670AD51A544	6E34312772B81A0393AA2239CF076475067663922240D7FCF33304595CE56AA5
/run/systemd/journal/streams/.#9:77810XKpuAf	ASCII text	0ABBEF3CEB2F165734FCE441DF8B660F	B3CD49D04F6245481BBA177D2912B635B5793629	A32BC2F0FC43327482C6FDB311052F26F35510CAB292D2A674A83F00AF031FB4
/run/systemd/journal/streams/.#9:77812mNzHhg	ASCII text	659A483ED801C8FD4C2DCFC76569EE74	6D9B23C1AE56BDAAAB2FF69D3CD1D7A317C243B7	5AB6395AA139F134EAA6E7A311CD8870DAE0E724553F555E6EE0E8F3F76E1A86
/run/systemd/journal/streams/.#9:77813r97oHg	ASCII text	AC8548E66A45F541534BF651955EADAC	DDBACFCCA839D40BE338669C8377E5EC0A8DBB27	BA193F0F49DDE898C60E63F1A4F596CA4241CA0DA5A015EFFD713DB34314A643
/run/systemd/journal/streams/.#9:77814bsUQFh	ASCII text	8726269DF8EA582E588C0D73BBCAE32B	A1FA3701FABA68D2409032025C0A29E2AAD87B41	B5E35EE0759895816748077B76B0FCD28AA9550DCDFFC4FADBFD58E438E4C1DD
/run/systemd/journal/streams/.#9:778159SFe7g	ASCII text	0FB56CE5FD39DB67CBE3D011CC0F4B72	BA8182241D894D69138406202D9134CB44CFC2BE	ABF8145CE10D6F5F82FE4EB03BB4FE532FB42328E0AADF4402CF8408060EDE46
/run/systemd/journal/streams/.#9:77822GRsfkj	ASCII text	0DDE1BE0DBEAA35F698B53046BBF23F2	4324B15A33C3AAD8776A155AFEAC32C4D53B604F	1393FBA4D7B0EE97DBD9EC473710682A2800E30657C5870E0622CC449E9CCBD9
/run/systemd/journal/streams/.#9:77823QkcfRh	ASCII text	FA64A15B4A80C783D5269682DA59D71C	6AF016E7AAAB0B070CE3FC079945910FCDC82D5F	E3B8789A144133144606AD3A9A25CB8950D817AE3B6ACB2DE5EA4FDF024D5A4A
/run/systemd/journal/streams/.#9:77905jQjDOf	ASCII text	6ADF1E1AAA2DFD51734A1FB380991BCE	658027855AA0803EC3BFD9030BAA2E16EBEC3E36	53351A9D7E9E671265A3994550A332B533C7FEC3608618B2B9E263E1858C476F
/run/systemd/journal/streams/.#9:78004IOdjDi	ASCII text	7790F4683D2A3A55641AA77FBEF11687	ED28EE7DB9E9FD0EED866A621DE122613889EAC4	AD14BB6DB3173FFA1D9D6CA0CD167E19559DBFF9C3A79E66AB49B072BF6D14A1
/run/systemd/journal/streams/.#9:781089weTaf	ASCII text	65A367963B36E7B7153BFE06BB834BD0	AAFDF7F61CD5D397ED05E961794F1975DAB0DCBB	93BC2362085AEC9EE346FC49DEFA9F4FEE95E31D252043A32857DA0F3F14A296
/run/systemd/journal/streams/.#9:79730M24Qda	ASCII text	1C34C77479D7B920EE7C07C57DACFE0F	1E8F473737063791C0DF7E80ABDC372A685F8B2F	4444DC06607B5D4B46B76919E97DEBD907B47CF863BF02396C78B258F1620098
/run/systemd/journal/streams/.#9:80640XHavpb	ASCII text	DFCD99CC5339614043B053E38B64D135	78FB75F2AC15B140C384D33258678544E11BD6DA	829472128A88C5894E23719A49FDF8D2FB0D77DAC66EDDDA22DA6985017DAC7F
/run/systemd/journal/streams/.#9:80641FPJrNb	ASCII text	C47749E9E6FAC471EB53F0B4FBB7DDCD	35E89E2A4F6B559329BF7F5C213262C2C419E1D2	D7E814F776744465CA5EBE000246FF52ECC41032106B065156C4FE79A1400141
/run/systemd/journal/streams/.#9:80642O1tQL9	ASCII text	DD80A4C814C82592D353857570577549	69A8CFEC43070EF87B9E40D2D12BF52D5D353B00	0539E0FCF68077DE37D6A093453E17656636155789E014824C88F0849E7F39B9
/run/systemd/journal/streams/.#9:80643J6T1l9	ASCII text	41259A8A4B204F0D29BF28FC72678F77	37AA3B010B23C8B3FA7A97A5597F929859DBFD7D	68732754FCD63B4D59C6822299C593BEC2D0FAFA249672A2DF78CA9A0FBB9B7D
/run/systemd/journal/streams/.#9:80650L9Cwr8	ASCII text	B1326A49D048349783230FA40E73D0FB	2CB774FB989B33365B06908A744813867093F776	1D6174E56843043BD8C043DB08EFE247D7966715477336F5400BA54630CCF248
/run/systemd/journal/streams/.#9:80651D5SIta	ASCII text	72AB324FC219226CB83FC6C6024B9CE1	6AE59956381A6C30C7B0363357A7F91D40F2536A	8F5B8D1BE0BE5A101E980274E90A692E3C596C3FE30D49356EE757CC95621561
/run/systemd/journal/streams/.#9:80658mT52B9	ASCII text	7DF97AA99097ABFE1660BE333C16519A	62417CA6FFFF0A73449E453492745A1EBD5A31E1	20AC3C7B414FB1F1F704E63F87E29836665057E15D217D40C04729F599856CAB
/run/systemd/journal/streams/.#9:815094Yl3c8	ASCII text	BDA2BF9B48F88C00BD1E1BDA102E2331	DF5E20FB4596E340F0546DFF548C2B2EB001CE4D	623FFA8300A05A3A38A0BC6B7A87E9D7126D696F02420353FB306A46D0F6B015
/run/systemd/journal/streams/.#9:81510lSu1f6	ASCII text	AEAC646A0C7F2E3813367ED43AECCA2A	379F42892118922FCBAD83B3C5F63C0B9B8942BD	B6158C354EB1CCA338071C9B067F89A39666FAE2308EB7A3368701263DC9394A
/run/systemd/journal/streams/.#9:81511Ph1XJ4	ASCII text	B197AD3CC0BC84B41885925376B98200	960846248E35860A0BD8BB4E494E77C62EF0FA01	8920264F891451AB587E3CD33D0CD6F8FAC47DF9839087ECDF187C4C37155D9B
/run/systemd/journal/streams/.#9:81512LKqN24	ASCII text	3C34D68F334940FED14B6D422779C145	B750DECE153B24D17C4560B93FED50D3889D60A3	D7856FBE7AA83250E8F36EF7C0141ABBE5F38C096BBDD1E0481071A981EF46DC
/run/systemd/journal/streams/.#9:81518mfnks5	ASCII text	7B18B9FA9FD2F6AD2FEDA045875C98DB	FCC6DCDAEFE54A3E350047B7B4BA550042255979	24FDD3995781B8F707BC71DCD824B56092E114BA4D2DE1A5AEB5092A7246EB66
/run/systemd/journal/streams/.#9:81519TA7FW6	ASCII text	250F8D7B00DF6CF14AD5668930B307A0	E5BE2511501ADF01D6B82BE09CBFFC42ADE9797E	BC2283A5356AEAF69FE273663768F4A1A2D26F69A41DA7AE00C9357E604813A0
/run/systemd/journal/streams/.#9:81520jjYUZ7	ASCII text	F71C87C80B921AA174FA9BD7235640F5	BF3696D6F1A373B6CE56AD134324A8394C031B17	B9BB2194BC07B29357B730B5C6A64266EC03678C90000783AEA8DE0D9EEDD4E8
/run/systemd/journal/streams/.#9:83384nkpi69	ASCII text	AF795622B08EF27CA3432EF53CFA8AEC	4DAFFF5178472DE3E033C0618C4A363689946B1C	DC2C384FC08DAB16C567060384406C24D5278B0BD6778E609A6C70D847A780D0
/run/systemd/journal/streams/.#9:83385qY1ufb	ASCII text	BCDFC371DD9730BC7FA63D7C298FABD0	60CDC48316C79595CA6676EBDF9E36522C9C2DE4	A940B9BF10521A3CD6290F31DD250C35A377F9F7A060FD8FCD15C550568D5C46
/run/systemd/journal/streams/.#9:83387zkBwVd	ASCII text	890DCEDF0A618936E892A35BAD6B49E5	BECE4EB5A6F79B8FB3AFC05C504ED8F982C6966D	7BE7B4CD69856DF14FC5F791C9C50DB2AF60683AA3071C0B3D85ED7A28C5EF89
/run/systemd/journal/streams/.#9:83388p65YQa	ASCII text	42F6D44AAA69482B03A61DAF4EF8E7A4	D8050FFF1CD7E6DE6F776A733ED069CBE396D5B4	A62B100282293089040B325594A6D81D3E6EFF28A6A7986E705493AC32A386B7
/run/systemd/journal/streams/.#9:83389TKi6Vb	ASCII text	CE003F213F5BCA0C95B018A73A89BF06	D185C9B537E3A6733EABBA5C53F4AF07CA904DA5	DD8D2ECB84A1353C5D66BDE8B78B813DEAE5B7860A6E7E8CC4E4D920BA1E8AFA
/run/systemd/journal/streams/.#9:83390ACoZYd	ASCII text	AC137D5611DB8243E08FABED0A5F2FA1	947B7471C65CD77F356A84C8C6DD7137B3094747	5B0C62301EAD26C095C6F507A470B47682E88F30536E02BA9E411ADFCFCBC77E
/run/systemd/journal/streams/.#9:84457B804OP	ASCII text	C97BA240DC033F66DAB9F014303E6516	A84CDB3A2E881445BFA3F712DE84FE1E07F2496B	395E85DE3FD5A4EFB6E031C79123BC826356420B23A2BB6A4FF5C26381D02C7D
/run/systemd/journal/streams/.#9:8445843zHGQ	ASCII text	45730DC7DC21A200CEA6703A0914D6BD	4B76C13EBE9F085A7F63B4A5582E280166C09EFC	1A43A1389362E0EFEA3C1BDD8EAD521D751DD5F778EE730D40134823269D9BEC
/run/systemd/journal/streams/.#9:84459gIHfFO	ASCII text	7934343339F62E8EFFE47DCB87B3AF8E	85A810ECA134F7E87655D409C01C3003987685BE	1DAE0FC444E3D6BE46B2A7B706EB18DEA07A198AF38C359EFB7A4A6AB51C1B4C
/run/systemd/journal/streams/.#9:84460xI4OgR	ASCII text	B1B87E0738A207ED423839523D6CFFA0	4920DBFBF0838F79ADECE35E398F170C62F74E61	711EDC8451DA4C2E8D34DE245F855D799336BBCB4565A6E65AEFBE289E394314
/run/systemd/journal/streams/.#9:84472IwOgJO	ASCII text	D188DE1FA289D4D36830BADA5D9879C2	BB841D090AC1F67E8417B1AE21AC0B65777DEABA	A720A9D335B5524818407E647EED12D729E8D22D62498DF2BEAF2BFE1DC5288E
/run/systemd/journal/streams/.#9:84473r2bcQP	ASCII text	E9D6D48B3AEBDE0D5FE44BBCD8BF61EF	14844F3AF81C7B0503D63C6B0F0CA7EBD13A26CB	728ECAD7C9CC0E0F8A06741F28CF1AB6DDF8690E2549BC1FF760755C970A6D97
/run/systemd/journal/streams/.#9:84474RpZc9P	ASCII text	1F807F825D4E87F77FB429A37158D7F9	7B11DA3DA9A73F23D2C34286E80FBF9DA8276361	4C42B5525B791EBD749280EC4B78A6AC0D772FAB046E5122443145CF0E99D002
/run/systemd/seats/.#seat00MLQ1W	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat00hDuMe	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat01Rkxgb	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat02mVaDP	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat033lfys	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat04nZ5KI	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0863h3M	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat095i7YS	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0K117A9	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0M4DRIF	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0N5AIFU	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0Z4Q9cE	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0cILnCy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0gHwBm6	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0mxq7xU	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0t7ewib	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0tJJIKF	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0uZc7m8	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0xyiQ5z	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/utmp	data	251BC46C3533B66617E75AA8C77C36AB	0011A2DA9BD61C9088773981BC2E6A685854BCFC	46371431A86C1577C5821B89104A35F413E9F8DED9EB61B5425C2657C94AAB62
/tmp/qemu-open.AGXyWj (deleted)	data	E63B632F705A126169F5DBA5C5A6CF09	F551694AE7907886246C162CA15BDEC195D9192B	65D3809A17CBE63881980D945FFB94C085E1F8E2257D15154B88A13C3E13169E
/var/lib/ubuntu-drivers-common/last_gfx_boot	ASCII text	078760523943E160756979906B85FB5E	0962643266F4C5537F7D125046F28F21D6DD0C89	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
/var/log/auth.log	ASCII text	AC33961E806326FE556E389856A56CB1	89DEF28F6B92EA21BF0DC85C5EFBA350603B1AE2	3C620BE4CAE48EB64DD95A4A225D993E1E45411EC2C22B92BE5ED7F4FA388D58
/var/log/gpu-manager.log	ASCII text	3AF77E630DA00B3BE24F4E8AA5D78B13	BCF2D99E002F6DE2413A183227B011CFBEF5673D	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal	data	BA7117314CCAEB9E848406FC042EFC09	8739943CD9A5ABDBA5BECAB67C7AB9D83706E07F	AC80771CD91F0FDF702DE71D9545887F0D672AB13757E0BD69722EC681823907
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal	data	B74D2E275A99521310F9CE2CC209A7D0	6752A47F5DA95F96804E2FB7D142F4F1220DCFCD	7DE48237ABB906F94F2E6F1C522147262FD32F5DD45F6A4C957C56BAC61E5A93
/var/log/kern.log	ASCII text	27F6851830E15428A900B10A237F0E8C	587F0D1F5BB3C0B7D38DB4F776B2719FC5CC9E48	7CA5833F91C34616E3DF21661D5E252BEE8095480338D490340FBBEFC890F9F7
/var/log/syslog	ASCII text	D5AD9612B0F2FF74E1ED9FC4B257C4BB	1BB47304597DC759AF8D5DDB607B9197EAF60771	5A5005EBE0DFF81F95A4D0F5C3DDDFAC81387539236FFAB30F465CDFF0C47AB7
/var/log/wtmp	data	251BC46C3533B66617E75AA8C77C36AB	0011A2DA9BD61C9088773981BC2E6A685854BCFC	46371431A86C1577C5821B89104A35F413E9F8DED9EB61B5425C2657C94AAB62

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.mpsl.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.mpsl.elf	ReversingLabs: Detection: 39%
Source: Aqua.mpsl.elf	Virustotal: Detection: 34%			Perma Link

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6043)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6267)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6581)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6737)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6900)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7071)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7226)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7389)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7546)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7689)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.mpsl.elf

String: 'EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff[locker] killed process: %s ;; pid: %d

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.14:57246 -> 89.190.156.145:7733

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 5693)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5773)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5816)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5951)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6029)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6044)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6114)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6181)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6260)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6269)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6277)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6341)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6414)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6425)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6435)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6497)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6572)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6584)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6593)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6733)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6747)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6814)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6892)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6901)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6922)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6986)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7061)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7073)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7084)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7223)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7236)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7303)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7381)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7390)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7462)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7536)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7547)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7558)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7690)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 5956)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6278)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6351)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6436)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6507)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6592)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6664)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6752)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6825)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6924)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6997)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7083)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7154)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7238)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7312)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7401)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7472)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7557)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7626)	Socket: unknown address family

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Source: unknown

DNS traffic detected: query: 45.148.10.84 replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic

DNS traffic detected: DNS query: 45.148.10.84

Source: syslog.356.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 661, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 725, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 791, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1289, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1309, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2991, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5493, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5494, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5693, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5694, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5698, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1300, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5773, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5774, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5789, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 769, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1299, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2955, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5890, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5893, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5950, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5951, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6029, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6032, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6025, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6044, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6045, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6119, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6120, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6121, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6181, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6193, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6414, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6352, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6425, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6436, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6437, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6440, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6501, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6502, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6572, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6508, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6593, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6657, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6658, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6666, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6733, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6734, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6753, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6754, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6892, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6894, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6827, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6901, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6902, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6984, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6986, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7060, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7061, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7058, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7072, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7073, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7083, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7088, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7084, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7149, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7224, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7238, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7243, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7246, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7303, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7307, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7315, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7390, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7401, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7402, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7405, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7462, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7466, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7467, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7536, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7547, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7557, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7562, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7558, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7625, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1639, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5522, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 661, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 725, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 782, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 791, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 940, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1289, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1309, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2991, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3094, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 3157, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5493, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5494, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5693, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5694, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5698, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1300, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5773, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5774, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5789, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 769, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 1299, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 2955, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5890, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5893, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5950, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5951, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 5956, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6029, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6032, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6025, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6044, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6045, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6119, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6120, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6121, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6181, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6193, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6278, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6341, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6414, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6352, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6425, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6436, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6437, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6440, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6497, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6501, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6502, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6572, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6508, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6593, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6657, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6658, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6666, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6733, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6734, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6753, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6754, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6892, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6894, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6827, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6901, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6902, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6927, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6984, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6986, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7060, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7061, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7058, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7072, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7073, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7083, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7088, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7084, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7149, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7224, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7238, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7243, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7246, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7303, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7307, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7315, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7390, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7401, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7402, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7405, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7462, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7466, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7467, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7536, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7547, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7557, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7562, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7558, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7622, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7623, result: successful	Jump to behavior
Source: /tmp/Aqua.mpsl.elf (PID: 5520)	SIGKILL sent: pid: 7625, result: successful	Jump to behavior

Source: classification engine

Classification label: mal68.spre.troj.evad.linELF@0/239@229/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5698)	File: /proc/5698/mounts	Jump to behavior
Source: /bin/fusermount (PID: 5699)	File: /proc/5699/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5774)	File: /proc/5774/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5817)	File: /proc/5817/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5890)	File: /proc/5890/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6032)	File: /proc/6032/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6045)	File: /proc/6045/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6115)	File: /proc/6115/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6121)	File: /proc/6121/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6262)	File: /proc/6262/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6268)	File: /proc/6268/mounts
Source: /usr/bin/dbus-daemon (PID: 6345)	File: /proc/6345/mounts
Source: /usr/bin/dbus-daemon (PID: 6501)	File: /proc/6501/mounts
Source: /usr/bin/dbus-daemon (PID: 6657)	File: /proc/6657/mounts
Source: /usr/bin/dbus-daemon (PID: 6734)	File: /proc/6734/mounts
Source: /usr/bin/dbus-daemon (PID: 6748)	File: /proc/6748/mounts
Source: /usr/bin/dbus-daemon (PID: 6754)	File: /proc/6754/mounts
Source: /usr/bin/dbus-daemon (PID: 6894)	File: /proc/6894/mounts
Source: /usr/bin/dbus-daemon (PID: 6902)	File: /proc/6902/mounts
Source: /usr/bin/dbus-daemon (PID: 6912)	File: /proc/6912/mounts
Source: /usr/bin/dbus-daemon (PID: 6923)	File: /proc/6923/mounts
Source: /usr/bin/dbus-daemon (PID: 6985)	File: /proc/6985/mounts
Source: /usr/bin/dbus-daemon (PID: 7060)	File: /proc/7060/mounts
Source: /usr/bin/dbus-daemon (PID: 7072)	File: /proc/7072/mounts
Source: /usr/bin/dbus-daemon (PID: 7148)	File: /proc/7148/mounts
Source: /usr/bin/dbus-daemon (PID: 7224)	File: /proc/7224/mounts
Source: /usr/bin/dbus-daemon (PID: 7237)	File: /proc/7237/mounts
Source: /usr/bin/dbus-daemon (PID: 7243)	File: /proc/7243/mounts
Source: /usr/bin/dbus-daemon (PID: 7387)	File: /proc/7387/mounts
Source: /usr/bin/dbus-daemon (PID: 7466)	File: /proc/7466/mounts
Source: /usr/bin/dbus-daemon (PID: 7622)	File: /proc/7622/mounts
Source: /usr/bin/dbus-daemon (PID: 7687)	File: /proc/7687/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 5522)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5522)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5527)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5710)	File: /run/systemd/seats/.#seat00MLQ1W	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5768)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5893)	File: /run/systemd/seats/.#seat02mVaDP	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5968)	File: /run/systemd/seats/.#seat033lfys	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69350m4O1SZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69351GqjoPY	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69352MQxNP2	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69354afirf0	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69355Ixlnj0	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69356j2DMTZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69363nS2B90	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:693641T4fzZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	File: /run/systemd/journal/streams/.#9:69535IwVmw0	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6051)	File: /run/systemd/seats/.#seat04nZ5KI	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6124)	File: /run/systemd/seats/.#seat00hDuMe	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71370Xm3GRe	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:713721Krzth	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71373GMoGBg	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71374kn3okf	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71375z0ESFf	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71376nCG5qg	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:71383dlRY1e	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File: /run/systemd/journal/streams/.#9:713853Snh0h	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6198)	File: /run/systemd/seats/.#seat095i7YS	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6284)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6284)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73344ADFsgp
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73345FrdYwp
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73346yzNraq
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73348PZvOfq
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:73350c19g8s
Source: /lib/systemd/systemd-journald (PID: 6351)	File: /run/systemd/journal/streams/.#9:7335162Thts
Source: /lib/systemd/systemd-logind (PID: 6356)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6356)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6356)	File: /run/systemd/seats/.#seat0863h3M
Source: /lib/systemd/systemd-logind (PID: 6440)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6440)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6440)	File: /run/systemd/seats/.#seat01Rkxgb
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74239dUNFpg
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74240qMaUvg
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74241R2Ibhf
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74242ictUhd
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74243A5yJ5c
Source: /lib/systemd/systemd-journald (PID: 6507)	File: /run/systemd/journal/streams/.#9:74245TVMgHe
Source: /lib/systemd/systemd-logind (PID: 6513)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6513)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6513)	File: /run/systemd/seats/.#seat0tJJIKF
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753274lgei8
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75328ksCK17
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75329Rk9Xb4
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75330vwDdK5
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753369QXEB4
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:753374EZrP7
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:75344PV1z44
Source: /lib/systemd/systemd-journald (PID: 6664)	File: /run/systemd/journal/streams/.#9:754233dlg97
Source: /lib/systemd/systemd-logind (PID: 6670)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6670)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6670)	File: /run/systemd/seats/.#seat0xyiQ5z
Source: /lib/systemd/systemd-logind (PID: 6757)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6757)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6757)	File: /run/systemd/seats/.#seat0K117A9
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76668I7H69g
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766690fvwkf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76670KmRUqj
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766711GQaOf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76673FaquWf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766740u7q5i
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:766803ASJgh
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76681rD8hVi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76724Yh3xZi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:76773NnQoci
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:77905jQjDOf
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:78004IOdjDi
Source: /lib/systemd/systemd-journald (PID: 6825)	File: /run/systemd/journal/streams/.#9:781089weTaf
Source: /lib/systemd/systemd-logind (PID: 6833)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6833)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6833)	File: /run/systemd/seats/.#seat0N5AIFU
Source: /usr/lib/policykit-1/polkitd (PID: 6917)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6927)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6927)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77809h9udzj
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77810XKpuAf
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77812mNzHhg
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77813r97oHg
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77814bsUQFh
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:778159SFe7g
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77822GRsfkj
Source: /lib/systemd/systemd-journald (PID: 6997)	File: /run/systemd/journal/streams/.#9:77823QkcfRh
Source: /lib/systemd/systemd-logind (PID: 7001)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7001)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7001)	File: /run/systemd/seats/.#seat0cILnCy
Source: /lib/systemd/systemd-logind (PID: 7088)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7088)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7088)	File: /run/systemd/seats/.#seat0t7ewib
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80640XHavpb
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80641FPJrNb
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80642O1tQL9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80643J6T1l9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80650L9Cwr8
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80651D5SIta
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:80658mT52B9
Source: /lib/systemd/systemd-journald (PID: 7154)	File: /run/systemd/journal/streams/.#9:79730M24Qda
Source: /lib/systemd/systemd-logind (PID: 7161)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7161)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7161)	File: /run/systemd/seats/.#seat0Z4Q9cE
Source: /lib/systemd/systemd-logind (PID: 7246)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7246)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7246)	File: /run/systemd/seats/.#seat0gHwBm6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:815094Yl3c8
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81510lSu1f6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81511Ph1XJ4
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81512LKqN24
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81518mfnks5
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81519TA7FW6
Source: /lib/systemd/systemd-journald (PID: 7312)	File: /run/systemd/journal/streams/.#9:81520jjYUZ7
Source: /lib/systemd/systemd-logind (PID: 7323)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7323)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7323)	File: /run/systemd/seats/.#seat0mxq7xU
Source: /lib/systemd/systemd-logind (PID: 7405)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7405)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83384nkpi69
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83385qY1ufb
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83387zkBwVd
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83388p65YQa
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83389TKi6Vb
Source: /lib/systemd/systemd-journald (PID: 7472)	File: /run/systemd/journal/streams/.#9:83390ACoZYd
Source: /lib/systemd/systemd-logind (PID: 7478)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7478)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7478)	File: /run/systemd/seats/.#seat0M4DRIF
Source: /lib/systemd/systemd-logind (PID: 7562)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7562)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84457B804OP
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:8445843zHGQ
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84459gIHfFO
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84460xI4OgR
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84472IwOgJO
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84473r2bcQP
Source: /lib/systemd/systemd-journald (PID: 7626)	File: /run/systemd/journal/streams/.#9:84474RpZc9P
Source: /lib/systemd/systemd-logind (PID: 7630)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7630)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7630)	File: /run/systemd/seats/.#seat0uZc7m8

Enumerates processes within the "proc" file system

Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6351/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6284/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6341/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6345/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6356/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/environ
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sched
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/661/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6414/cgroup
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/comm
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/cmdline
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/status
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/attr/current
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/sessionid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/loginuid
Source: /lib/systemd/systemd-journald (PID: 6351)	File opened: /proc/6425/cgroup
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6121/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6198/cgroup	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/comm	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/cmdline	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/status	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/attr/current	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/sessionid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/loginuid	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	File opened: /proc/6124/cgroup	Jump to behavior

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 5779)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5781)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5783)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5785)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5787)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5792)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5794)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5796)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5958)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5960)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5962)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5964)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6026)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6030)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6036)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6038)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6186)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6188)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6191)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6194)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6242)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6259)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6347)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6349)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6353)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6415)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6417)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6422)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6503)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6505)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6509)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6570)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6573)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6575)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6659)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6663)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6667)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6728)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6730)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6732)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6819)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6821)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6823)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6826)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6829)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6890)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6893)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6991)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6995)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6998)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7062)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7064)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7150)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7152)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7155)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7158)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7219)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7221)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7308)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7310)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7313)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7318)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7320)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7382)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7468)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7470)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7474)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7535)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7538)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7543)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7624)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 5780)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5782)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5784)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5786)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5788)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5793)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5795)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5797)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5959)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5961)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5963)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5965)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6027)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6031)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6037)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6039)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6187)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6189)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6192)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6195)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6258)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6261)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6348)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6350)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6413)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6416)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6418)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6506)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6510)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6571)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6574)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6576)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6662)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6665)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6727)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6729)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6731)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6735)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6820)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6822)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6824)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6828)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6830)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6891)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6895)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6992)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6996)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7059)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7063)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7065)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7151)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7153)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7157)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7218)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7220)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7222)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7309)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7311)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7314)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7319)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7380)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7383)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7469)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7471)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7475)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7537)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7539)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7544)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7625)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 5799)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6043)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6267)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6424)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6581)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6737)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6900)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7071)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7226)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7389)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7546)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7689)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5956)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6278)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6351)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6436)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6507)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6592)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6664)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6752)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6825)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6924)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6997)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7083)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7154)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7238)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7312)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7401)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7472)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7557)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7626)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 5789)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6025)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6193)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6352)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6508)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6666)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 6827)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7058)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7156)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7315)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7473)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7627)	Reads version info: /etc/issue

Source: /usr/sbin/rsyslogd (PID: 5693)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5773)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5773)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5778)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5816)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5951)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5957)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6029)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6044)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6044)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6181)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6260)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6269)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6269)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6341)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6414)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6425)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6425)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6497)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6572)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6584)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6584)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6593)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6733)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6733)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6747)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6814)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6892)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6901)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6901)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6986)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7061)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7073)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7073)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7084)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7223)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7223)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7303)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7381)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7390)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7390)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7462)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7536)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7547)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7547)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7558)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7690)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 7690)	Log file created: /var/log/auth.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.mpsl.elf (PID: 5518)

File: /tmp/Aqua.mpsl.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 5778)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5957)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6185)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6346)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6502)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6658)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6818)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6987)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7149)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7307)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7467)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7623)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 5799)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6043)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6267)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6581)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6737)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6900)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7071)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7226)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7389)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7546)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7689)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Aqua.mpsl.elf (PID: 5516)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5527)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5693)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5773)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5778)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5789)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5816)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5951)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5956)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5957)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6025)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6028)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6029)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6044)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6114)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6119)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6181)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6185)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6190)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6193)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6260)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6269)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6277)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6278)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6341)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6351)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6352)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6414)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6425)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6435)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6436)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6497)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6507)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6508)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6572)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6584)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6592)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6593)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6664)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6666)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6733)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6747)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6752)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6814)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6818)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6825)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 6827)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6892)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6901)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6922)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6924)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6986)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6997)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7058)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7061)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7073)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7083)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7084)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7149)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7154)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7156)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7223)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7236)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7238)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7303)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7307)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7312)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7315)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7381)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7390)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7401)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7462)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7472)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7473)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7536)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7547)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7557)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7558)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7626)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7627)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7690)	Queries kernel information via 'uname':

Source: kern.log.41.dr	Binary or memory string: Dec 25 10:45:14 galassia kernel: [ 125.067787] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel parport_pc ppdev lp drm parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi scsi_transport_spi mptscsih vmxnet3 libahci mptbase
Source: Aqua.mpsl.elf, 5516.1.000056116f01c000.000056116f0a3000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: Aqua.mpsl.elf, 5516.1.000056116f01c000.000056116f0a3000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mipsel
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/Aqua.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.mpsl.elf
Source: kern.log.41.dr	Binary or memory string: Dec 25 10:45:14 galassia kernel: [ 125.067805] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.AGXyWj
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /qemu-open.XXXXX
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: V/tmp/qemu-open.AGXyWj\t
Source: Aqua.mpsl.elf, 5516.1.00007fffbdef4000.00007fffbdf15000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

ID:	1580707
Product:	CloudBasic
Start time:	17:44:20
Start date:	25.12.2024
Sample:	Aqua.mpsl.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	d8dfbfc53a20ad9187c3cf6fe092c0aa
SHA1:	772bad2d9dfe1618595b38bee2a1f194a968527a
SHA256:	d4deb230b0334d1172c8321886a16a78a5eed219c97aa24ba9b1dcbf2ddac8a7
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
Aqua.mpsl.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report Aqua.mpsl.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
Aqua.mpsl.elf