Linux Analysis Report
Aqua.dbg.elf

Overview

General Information

Sample name:	Aqua.dbg.elf
Analysis ID:	1580708
MD5:	78226180f205f37487849c994f9eb35a
SHA1:	3b98db60d97761ca1f0a8df8cbf28aab167d5751
SHA256:	3bcbbc785755e486cf45e2462fecf9c44f3665583ab53374604649ed2341fec5
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.dbg.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.dbg.elf	Virustotal: Detection: 31%			Perma Link
Source: Aqua.dbg.elf	ReversingLabs: Detection: 31%

Machine Learning detection for sample

Source: Aqua.dbg.elf

Joe Sandbox ML: detected

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 6566)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6740)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6964)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 7126)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7292)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7458)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7561)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7566)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7677)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7784)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7954)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7960)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.dbg.elf

String: Could not open raw socket!Failed to create socket!ACK Stomp got SYN+ACK!Could not listen on raw socket!Couldn't connect to host for ACK Stomp in time. RetryingEOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff/fdsocket/proc/%s/stat/proc/proc/%d/exe/proc/%d/stat%d %s %c %d/proc/%d/maps/var/run/mnt/root/var/tmp/boot/bin/sbin/../(deleted)/homedbgmpslmipselmipsarmarm4arm5arm6arm7sh4m68kx86x586x86_64i586i686ppcspc[locker] killed process: %s ;; pid: %d

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:50014 -> 89.190.156.145:7733

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 6453)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6536)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6575)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6649)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6736)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6742)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6816)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6885)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6962)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6978)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 7048)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7121)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7127)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7143)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7213)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7286)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7294)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7311)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7382)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7456)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7474)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7545)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7563)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7658)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7675)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7701)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7776)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7808)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7882)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7953)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7984)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8055)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 6644)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7052)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7153)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7220)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7319)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7383)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7484)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7595)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7707)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7880)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7991)	Socket: unknown address family

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic	DNS traffic detected: DNS query: 45.148.10.84
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.512.dr, syslog.32.dr, syslog.378.dr, syslog.170.dr, syslog.94.dr, syslog.220.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37648
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_449937aa Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6447, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6451, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6452, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6531, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6536, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6555, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6113, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6286, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6569, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6573, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6574, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6575, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6577, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6644, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6646, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6649, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6650, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6712, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6735, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6736, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6645, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6741, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6742, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6747, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6748, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6816, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6817, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6823, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6826, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6885, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6947, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6965, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6966, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6890, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6974, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6978, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6979, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6991, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7050, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7051, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7112, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7123, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7049, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7127, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7130, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7131, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7052, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7138, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7147, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7150, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7153, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7213, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7215, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7216, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7280, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7286, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7290, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7214, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7293, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7294, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7220, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7309, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7310, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7311, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7313, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7319, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7322, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7379, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7382, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7444, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7454, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7380, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7456, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7459, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7383, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7470, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7474, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7475, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7476, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7477, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7482, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7483, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7544, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7545, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7549, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7546, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7561, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7563, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7484, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7487, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7583, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7586, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7589, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7590, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7592, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7593, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7594, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7656, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7657, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7659, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7655, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7668, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7671, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7675, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7598, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7692, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7697, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7698, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7699, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7700, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7701, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7767, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7770, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7771, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7775, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7776, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7783, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7707, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7801, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7806, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7807, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7808, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7809, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7811, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7810, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7882, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7881, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7953, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7954, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7956, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7880, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7984, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7989, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7990, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8054, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8056, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6447, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6451, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6452, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6531, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6536, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6555, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6113, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6286, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6569, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6573, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6574, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6575, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6577, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6644, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6646, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6649, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6650, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6712, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6735, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6736, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6645, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6741, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6742, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6747, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6748, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6816, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6817, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6823, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6826, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6885, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6947, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6965, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6966, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6890, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6974, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6978, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6979, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6991, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7050, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7051, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7112, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7123, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7049, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7127, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7130, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7131, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7052, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7138, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7147, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7150, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7153, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7213, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7215, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7216, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7280, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7286, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7290, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7214, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7293, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7294, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7220, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7309, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7310, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7311, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7313, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7319, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7322, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7379, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7382, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7444, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7454, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7380, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7456, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7459, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7383, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7470, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7474, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7475, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7476, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7477, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7482, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7483, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7544, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7545, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7549, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7546, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7561, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7563, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7484, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7487, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7583, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7586, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7589, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7590, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7592, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7593, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7594, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7656, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7657, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7659, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7655, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7668, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7671, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7675, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7598, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7692, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7697, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7698, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7699, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7700, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7701, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7767, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7770, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7771, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7775, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7776, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7783, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7707, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7801, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7806, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7807, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7808, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7809, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7811, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7810, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7882, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7881, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7953, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7954, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7956, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7880, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7984, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7989, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7990, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8054, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8056, result: successful	Jump to behavior

Yara signature match

Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_449937aa reference_sample = 6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = cf2c6b86830099f039b41aeaafbffedfb8294a1124c499e99a11f48a06cd1dfd, id = 449937aa-682a-4906-89ab-80d7127e461e, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.spre.troj.evad.linELF@0/253@235/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6447)	File: /proc/6447/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6458)	File: /proc/6458/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6531)	File: /proc/6531/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6577)	File: /proc/6577/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6650)	File: /proc/6650/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6747)	File: /proc/6747/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6817)	File: /proc/6817/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6884)	File: /proc/6884/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6959)	File: /proc/6959/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6966)	File: /proc/6966/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6987)	File: /proc/6987/mounts
Source: /usr/bin/dbus-daemon (PID: 7051)	File: /proc/7051/mounts
Source: /usr/bin/dbus-daemon (PID: 7123)	File: /proc/7123/mounts
Source: /usr/bin/dbus-daemon (PID: 7131)	File: /proc/7131/mounts
Source: /usr/bin/dbus-daemon (PID: 7150)	File: /proc/7150/mounts
Source: /usr/bin/dbus-daemon (PID: 7216)	File: /proc/7216/mounts
Source: /usr/bin/dbus-daemon (PID: 7289)	File: /proc/7289/mounts
Source: /usr/bin/dbus-daemon (PID: 7293)	File: /proc/7293/mounts
Source: /usr/bin/dbus-daemon (PID: 7313)	File: /proc/7313/mounts
Source: /usr/bin/dbus-daemon (PID: 7381)	File: /proc/7381/mounts
Source: /usr/bin/dbus-daemon (PID: 7453)	File: /proc/7453/mounts
Source: /usr/bin/dbus-daemon (PID: 7459)	File: /proc/7459/mounts
Source: /usr/bin/dbus-daemon (PID: 7475)	File: /proc/7475/mounts
Source: /usr/bin/dbus-daemon (PID: 7482)	File: /proc/7482/mounts
Source: /usr/bin/dbus-daemon (PID: 7544)	File: /proc/7544/mounts
Source: /usr/bin/dbus-daemon (PID: 7559)	File: /proc/7559/mounts
Source: /usr/bin/dbus-daemon (PID: 7586)	File: /proc/7586/mounts
Source: /usr/bin/dbus-daemon (PID: 7657)	File: /proc/7657/mounts
Source: /usr/bin/dbus-daemon (PID: 7671)	File: /proc/7671/mounts
Source: /usr/bin/dbus-daemon (PID: 7697)	File: /proc/7697/mounts
Source: /usr/bin/dbus-daemon (PID: 7767)	File: /proc/7767/mounts
Source: /usr/bin/dbus-daemon (PID: 7775)	File: /proc/7775/mounts
Source: /usr/bin/dbus-daemon (PID: 7806)	File: /proc/7806/mounts
Source: /usr/bin/dbus-daemon (PID: 7811)	File: /proc/7811/mounts
Source: /usr/bin/dbus-daemon (PID: 7884)	File: /proc/7884/mounts
Source: /usr/bin/dbus-daemon (PID: 7956)	File: /proc/7956/mounts
Source: /usr/bin/dbus-daemon (PID: 7980)	File: /proc/7980/mounts
Source: /usr/bin/dbus-daemon (PID: 7988)	File: /proc/7988/mounts
Source: /usr/bin/dbus-daemon (PID: 8054)	File: /proc/8054/mounts
Source: /usr/bin/dbus-daemon (PID: 8060)	File: /proc/8060/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 6277)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6277)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6284)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	File: /run/systemd/seats/.#seat0DWYJUs	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6530)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	File: /run/systemd/seats/.#seat0nRd3Bh	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78629EtYb6z	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78630x5oJbB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78631tgt9GA	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786329aZDCy	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78633URCUmB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78634UvSG5y	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78643g09UWx	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78644tQdCSB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78645QoaerA	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786538CUWsz	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786602IAdRB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78742Gd2hdy	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78819WWBjNz	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	File: /run/systemd/seats/.#seat0VnYAVM	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81753AWelzY	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81754umducW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81755gGs1NW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81761c0oGVZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81762UWZ8wW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81769lvLZeX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81770DldQwX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81771Rw5D3V	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:817721pXI5X	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81778mFKfrW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:817860tcOuW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81870P46MnX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81888bbMB8V	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	File: /run/systemd/seats/.#seat0ITEYJb	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82557wX14Hr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:825589FZiet
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82564Tl081o
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82566Wzcuqr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82573SH3e8o
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82574r201ap
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82575SDeiUs
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82576nf0awp
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82583Q1PNlr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82584p2nM9s
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82594hKX2Lp
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82725QXyAeq
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82756VsuG9s
Source: /lib/systemd/systemd-logind (PID: 7055)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7055)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7055)	File: /run/systemd/seats/.#seat0EgAPYF
Source: /lib/systemd/systemd-logind (PID: 7156)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7156)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85303iA4MSa
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85307CSnnka
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85308PkQjn9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85309gdWG76
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85310OIqf7a
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:853171ObKj7
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85318GDx087
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:853194Z4aF8
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85321Lw80l9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85327t6jh16
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85328xshWGa
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:86283HxW7K9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:86446ZX6qH6
Source: /lib/systemd/systemd-logind (PID: 7223)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7223)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7223)	File: /run/systemd/seats/.#seat0Hwzucl
Source: /lib/systemd/systemd-logind (PID: 7322)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7322)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:8726978mr5u
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87270CmZqhs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87271PXSymt
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87272NyrYNs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87273LjpXNu
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87274071OWq
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87275M7uPcv
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87276Mwd7Hs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87277Ovu10s
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:8728947W75s
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:872906p5Vyt
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:873789hedgv
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87385MQqS9q
Source: /lib/systemd/systemd-logind (PID: 7387)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7387)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7387)	File: /run/systemd/seats/.#seat0F7Yq8K
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90118TbuPR7
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90119JeML77
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90120IAZrM4
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90121rxiwM8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90123X6MOv8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:901349KDNl5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90142RWOEs5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90143XWZzK6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90144zhuF57
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90152W7A0Q6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90154TB1DH7
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90155hvf6o4
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90156j9KrD8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90187qPHPU5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:89457m9Y0o6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90396tQkmY7
Source: /lib/systemd/systemd-logind (PID: 7487)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7487)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7487)	File: /run/systemd/seats/.#seat0VLY28l
Source: /usr/lib/policykit-1/polkitd (PID: 7576)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92185HgYyLw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92187JD2Fbu
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92188wKRYZv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92189Ub5hlv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:921913q08bw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:9219817AcUt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92199AjaHiu
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92205xWjAIt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92218F0xX1u
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92219JccTyt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92220K2zBgv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:922212VwRNs
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92256GB69av
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:91519K4AxXw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:9152010VOgt
Source: /lib/systemd/systemd-logind (PID: 7598)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7598)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7598)	File: /run/systemd/seats/.#seat0ScHJyJ
Source: /usr/lib/policykit-1/polkitd (PID: 7687)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93108pDcbVZ
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93110tUMBMW
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93112ZNDMJY
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93115LsYy9Y
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93116NKET5X
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93128DuRNjX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93132avIBwX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93140xbbw3X
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93141GVfSMY
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93152RdP1hX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93153k2PmwX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93154TtbYLZ
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:933177CwH9W
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:94332XZNAIX
Source: /lib/systemd/systemd-logind (PID: 7710)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7710)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7710)	File: /run/systemd/seats/.#seat0boCnqc
Source: /usr/lib/policykit-1/polkitd (PID: 7796)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7815)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7815)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7815)	File: /run/systemd/seats/.#seat0TKPyZ9
Source: /usr/lib/policykit-1/polkitd (PID: 7874)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95440ZPcTd1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95442Azbd21
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:9544496xJl4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95445PQ3Wl2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95446FElFh4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95448wJIqx4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95449inpKO2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954506ccx54
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:9545198ou10
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95452SWAep1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954597v1ge4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95460i0kFB2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95468SGO4f2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954697NwcE4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95470GcY0G1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95471iJehg1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95472Ps9MF3
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:96525bOb480
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:96535tIXvG4
Source: /lib/systemd/systemd-logind (PID: 7887)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7887)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7887)	File: /run/systemd/seats/.#seat0SawTUB
Source: /usr/lib/policykit-1/polkitd (PID: 7972)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7994)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7994)	Directory: <invalid fd (17)>/..

Enumerates processes within the "proc" file system

Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/environ
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sched
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 6537)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6539)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6547)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6549)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6551)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6556)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6560)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6563)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6716)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6718)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6720)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6722)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6725)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6728)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6731)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6733)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6951)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6954)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6960)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7116)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7119)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7124)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7281)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7284)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7287)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7448)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7450)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7452)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7554)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7557)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7560)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7660)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7666)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7669)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7772)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7777)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7779)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7945)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7950)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7955)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 6538)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6544)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6548)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6550)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6552)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6557)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6561)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6564)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6717)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6719)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6721)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6723)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6726)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6729)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6732)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6734)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6952)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6957)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6961)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 7117)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7120)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7283)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7285)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7288)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7449)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7451)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7455)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7555)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7558)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7562)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7665)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7667)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7670)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7773)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7778)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7949)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7952)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7958)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 6566)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6740)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6964)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 7126)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7292)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7458)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7566)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7677)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7784)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7960)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 6644)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7052)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7153)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7220)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7319)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7383)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7484)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7595)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7707)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7880)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7991)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 6555)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6645)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6886)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 7049)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7214)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7380)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7546)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7655)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7768)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7881)	Reads version info: /etc/issue

Source: /usr/sbin/rsyslogd (PID: 6453)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6453)	Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6535)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6536)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6536)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6575)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6649)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6742)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6742)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6816)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6885)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6962)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6962)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6978)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7048)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7127)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7127)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7143)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7213)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7294)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7294)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7382)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7474)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7545)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7563)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7563)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7658)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7675)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7675)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7701)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7776)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7776)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7882)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7953)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7953)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 7984)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 8055)	Log file created: /var/log/kern.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.dbg.elf (PID: 6275)

File: /tmp/Aqua.dbg.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 6535)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6712)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6947)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7112)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7280)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7444)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7553)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7659)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7771)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7944)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 6566)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6740)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6964)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 7126)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7292)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7458)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7561)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7566)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7677)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7784)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7954)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7960)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /lib/systemd/systemd-hostnamed (PID: 6284)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6453)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6535)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6536)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6555)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6575)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6644)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6645)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6649)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6712)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6736)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6742)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6816)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6885)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6886)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6962)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6978)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7048)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7049)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7052)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7121)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7127)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7143)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7153)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7213)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7214)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7220)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7286)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7294)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7311)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7319)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7380)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7382)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7383)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7456)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7474)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7484)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7545)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7546)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7561)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7563)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7593)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7595)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7655)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7658)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7668)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7675)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7701)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7707)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7768)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7776)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7783)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7808)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7810)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7880)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7881)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7882)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7953)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7954)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7984)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7991)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8055)	Queries kernel information via 'uname':

Source: syslog.32.dr	Binary or memory string: Dec 25 10:47:12 galassia kernel: [ 427.883152] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: syslog.32.dr	Binary or memory string: Dec 25 10:47:12 galassia kernel: [ 427.883134] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.213.35.24	unknown	United States	41231	CANONICAL-ASGB	false
89.190.156.145	unknown	United Kingdom	7489	HOSTUS-GLOBAL-ASHostUSHK	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true
45.148.10.84	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e	false		high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.dbg.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.dbg.elf	Virustotal: Detection: 31%			Perma Link
Source: Aqua.dbg.elf	ReversingLabs: Detection: 31%

Machine Learning detection for sample

Source: Aqua.dbg.elf

Joe Sandbox ML: detected

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 6566)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6740)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6964)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 7126)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7292)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7458)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7561)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7566)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7677)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7784)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7954)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7960)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: Aqua.dbg.elf

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.23:50014 -> 89.190.156.145:7733

HTTP GET or POST without a user agent

Source: global traffic

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 6453)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6536)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6575)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6649)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6736)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6742)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6816)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6885)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6962)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6978)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 7048)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7121)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7127)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7143)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7213)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7286)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7294)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7311)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7382)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7456)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7474)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7545)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7563)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7658)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7675)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7701)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7776)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7808)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7882)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7953)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7984)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 8055)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 6644)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7052)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7153)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7220)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7319)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7383)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7484)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7595)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7707)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7880)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7991)	Socket: unknown address family

Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown	TCP traffic detected without corresponding DNS query: 89.190.156.145

Source: global traffic	DNS traffic detected: DNS query: 45.148.10.84
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.512.dr, syslog.32.dr, syslog.378.dr, syslog.170.dr, syslog.94.dr, syslog.220.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37648
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_449937aa Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6447, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6451, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6452, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6531, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6536, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6555, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6113, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6286, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6569, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6573, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6574, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6575, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6577, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6644, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6646, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6649, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6650, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6712, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6735, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6736, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6645, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6741, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6742, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6747, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6748, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6816, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6817, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6823, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6826, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6885, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6947, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6965, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6966, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6890, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6974, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6978, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6979, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6991, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7050, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7051, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7112, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7123, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7049, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7127, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7130, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7131, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7052, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7138, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7147, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7150, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7153, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7213, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7215, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7216, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7280, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7286, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7290, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7214, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7293, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7294, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7220, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7309, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7310, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7311, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7313, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7319, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7322, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7379, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7382, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7444, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7454, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7380, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7456, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7459, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7383, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7470, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7474, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7475, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7476, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7477, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7482, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7483, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7544, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7545, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7549, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7546, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7561, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7563, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7484, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7487, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7583, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7586, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7589, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7590, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7592, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7593, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7594, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7656, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7657, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7659, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7655, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7668, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7671, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7675, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7598, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7692, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7697, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7698, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7699, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7700, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7701, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7767, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7770, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7771, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7775, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7776, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7783, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7707, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7801, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7806, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7807, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7808, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7809, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7811, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7810, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7882, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7881, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7953, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7954, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7956, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7880, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7984, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7989, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7990, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8054, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8056, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1638, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6447, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6451, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6452, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6531, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6536, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6555, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6113, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6286, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6569, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6573, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6574, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6575, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6577, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6584, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6644, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6646, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6649, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6650, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6712, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6735, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6736, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6645, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6741, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6742, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6747, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6814, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6710, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6748, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6752, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6816, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6817, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6823, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6826, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6885, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6947, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6958, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6959, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6886, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6962, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6965, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6966, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6977, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6890, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6974, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6978, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6979, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6985, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6987, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 6991, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7048, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7050, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7051, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7112, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7121, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7122, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7123, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7049, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7127, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7130, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7131, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7142, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7052, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7138, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7147, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7148, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7150, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7153, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7156, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7213, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7215, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7216, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7280, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7286, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7289, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7290, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7214, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7293, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7294, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7308, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7220, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7223, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7309, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7310, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7311, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7313, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7319, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7322, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7379, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7381, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7382, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7444, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7453, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7454, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7380, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7456, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7459, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7473, result: no such process	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7383, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7387, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7470, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7474, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7475, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7476, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7477, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7482, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7483, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7544, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7545, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7549, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7546, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7559, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7561, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7563, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7484, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7487, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7583, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7586, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7589, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7590, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7592, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7593, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7594, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7656, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7657, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7658, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7659, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7655, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7668, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7671, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7675, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7595, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7598, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7692, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7697, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7698, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7699, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7700, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7701, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7767, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7770, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7771, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7775, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7776, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7783, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7707, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7801, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7806, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7807, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7808, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7809, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7811, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7815, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7810, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7882, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7883, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7884, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7944, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7881, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7953, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7954, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7956, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7880, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7887, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7977, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7980, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7983, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7984, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7988, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7989, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 7990, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8054, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8055, result: successful	Jump to behavior
Source: /tmp/Aqua.dbg.elf (PID: 6276)	SIGKILL sent: pid: 8056, result: successful	Jump to behavior

Yara signature match

Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_449937aa reference_sample = 6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = cf2c6b86830099f039b41aeaafbffedfb8294a1124c499e99a11f48a06cd1dfd, id = 449937aa-682a-4906-89ab-80d7127e461e, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: Aqua.dbg.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.spre.troj.evad.linELF@0/253@235/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6447)	File: /proc/6447/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6458)	File: /proc/6458/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6531)	File: /proc/6531/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6577)	File: /proc/6577/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6650)	File: /proc/6650/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6747)	File: /proc/6747/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6817)	File: /proc/6817/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6884)	File: /proc/6884/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6959)	File: /proc/6959/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6966)	File: /proc/6966/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6987)	File: /proc/6987/mounts
Source: /usr/bin/dbus-daemon (PID: 7051)	File: /proc/7051/mounts
Source: /usr/bin/dbus-daemon (PID: 7123)	File: /proc/7123/mounts
Source: /usr/bin/dbus-daemon (PID: 7131)	File: /proc/7131/mounts
Source: /usr/bin/dbus-daemon (PID: 7150)	File: /proc/7150/mounts
Source: /usr/bin/dbus-daemon (PID: 7216)	File: /proc/7216/mounts
Source: /usr/bin/dbus-daemon (PID: 7289)	File: /proc/7289/mounts
Source: /usr/bin/dbus-daemon (PID: 7293)	File: /proc/7293/mounts
Source: /usr/bin/dbus-daemon (PID: 7313)	File: /proc/7313/mounts
Source: /usr/bin/dbus-daemon (PID: 7381)	File: /proc/7381/mounts
Source: /usr/bin/dbus-daemon (PID: 7453)	File: /proc/7453/mounts
Source: /usr/bin/dbus-daemon (PID: 7459)	File: /proc/7459/mounts
Source: /usr/bin/dbus-daemon (PID: 7475)	File: /proc/7475/mounts
Source: /usr/bin/dbus-daemon (PID: 7482)	File: /proc/7482/mounts
Source: /usr/bin/dbus-daemon (PID: 7544)	File: /proc/7544/mounts
Source: /usr/bin/dbus-daemon (PID: 7559)	File: /proc/7559/mounts
Source: /usr/bin/dbus-daemon (PID: 7586)	File: /proc/7586/mounts
Source: /usr/bin/dbus-daemon (PID: 7657)	File: /proc/7657/mounts
Source: /usr/bin/dbus-daemon (PID: 7671)	File: /proc/7671/mounts
Source: /usr/bin/dbus-daemon (PID: 7697)	File: /proc/7697/mounts
Source: /usr/bin/dbus-daemon (PID: 7767)	File: /proc/7767/mounts
Source: /usr/bin/dbus-daemon (PID: 7775)	File: /proc/7775/mounts
Source: /usr/bin/dbus-daemon (PID: 7806)	File: /proc/7806/mounts
Source: /usr/bin/dbus-daemon (PID: 7811)	File: /proc/7811/mounts
Source: /usr/bin/dbus-daemon (PID: 7884)	File: /proc/7884/mounts
Source: /usr/bin/dbus-daemon (PID: 7956)	File: /proc/7956/mounts
Source: /usr/bin/dbus-daemon (PID: 7980)	File: /proc/7980/mounts
Source: /usr/bin/dbus-daemon (PID: 7988)	File: /proc/7988/mounts
Source: /usr/bin/dbus-daemon (PID: 8054)	File: /proc/8054/mounts
Source: /usr/bin/dbus-daemon (PID: 8060)	File: /proc/8060/mounts

Creates hidden files and/or directories

Source: /usr/libexec/gsd-rfkill (PID: 6277)	Directory: <invalid fd (9)>/..	Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 6277)	Directory: <invalid fd (8)>/..	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 6284)	Directory: <invalid fd (10)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6470)	File: /run/systemd/seats/.#seat0DWYJUs	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6530)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6653)	File: /run/systemd/seats/.#seat0nRd3Bh	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78629EtYb6z	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78630x5oJbB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78631tgt9GA	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786329aZDCy	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78633URCUmB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78634UvSG5y	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78643g09UWx	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78644tQdCSB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78645QoaerA	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786538CUWsz	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:786602IAdRB	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78742Gd2hdy	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	File: /run/systemd/journal/streams/.#9:78819WWBjNz	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6752)	File: /run/systemd/seats/.#seat0VnYAVM	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81753AWelzY	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81754umducW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81755gGs1NW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81761c0oGVZ	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81762UWZ8wW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81769lvLZeX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81770DldQwX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81771Rw5D3V	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:817721pXI5X	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81778mFKfrW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:817860tcOuW	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81870P46MnX	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	File: /run/systemd/journal/streams/.#9:81888bbMB8V	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6890)	File: /run/systemd/seats/.#seat0ITEYJb	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82557wX14Hr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:825589FZiet
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82564Tl081o
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82566Wzcuqr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82573SH3e8o
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82574r201ap
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82575SDeiUs
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82576nf0awp
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82583Q1PNlr
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82584p2nM9s
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82594hKX2Lp
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82725QXyAeq
Source: /lib/systemd/systemd-journald (PID: 7052)	File: /run/systemd/journal/streams/.#9:82756VsuG9s
Source: /lib/systemd/systemd-logind (PID: 7055)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7055)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7055)	File: /run/systemd/seats/.#seat0EgAPYF
Source: /lib/systemd/systemd-logind (PID: 7156)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7156)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85303iA4MSa
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85307CSnnka
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85308PkQjn9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85309gdWG76
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85310OIqf7a
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:853171ObKj7
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85318GDx087
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:853194Z4aF8
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85321Lw80l9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85327t6jh16
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:85328xshWGa
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:86283HxW7K9
Source: /lib/systemd/systemd-journald (PID: 7220)	File: /run/systemd/journal/streams/.#9:86446ZX6qH6
Source: /lib/systemd/systemd-logind (PID: 7223)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7223)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7223)	File: /run/systemd/seats/.#seat0Hwzucl
Source: /lib/systemd/systemd-logind (PID: 7322)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7322)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:8726978mr5u
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87270CmZqhs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87271PXSymt
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87272NyrYNs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87273LjpXNu
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87274071OWq
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87275M7uPcv
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87276Mwd7Hs
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87277Ovu10s
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:8728947W75s
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:872906p5Vyt
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:873789hedgv
Source: /lib/systemd/systemd-journald (PID: 7383)	File: /run/systemd/journal/streams/.#9:87385MQqS9q
Source: /lib/systemd/systemd-logind (PID: 7387)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7387)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7387)	File: /run/systemd/seats/.#seat0F7Yq8K
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90118TbuPR7
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90119JeML77
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90120IAZrM4
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90121rxiwM8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90123X6MOv8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:901349KDNl5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90142RWOEs5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90143XWZzK6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90144zhuF57
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90152W7A0Q6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90154TB1DH7
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90155hvf6o4
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90156j9KrD8
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90187qPHPU5
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:89457m9Y0o6
Source: /lib/systemd/systemd-journald (PID: 7484)	File: /run/systemd/journal/streams/.#9:90396tQkmY7
Source: /lib/systemd/systemd-logind (PID: 7487)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7487)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7487)	File: /run/systemd/seats/.#seat0VLY28l
Source: /usr/lib/policykit-1/polkitd (PID: 7576)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92185HgYyLw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92187JD2Fbu
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92188wKRYZv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92189Ub5hlv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:921913q08bw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:9219817AcUt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92199AjaHiu
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92205xWjAIt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92218F0xX1u
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92219JccTyt
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92220K2zBgv
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:922212VwRNs
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:92256GB69av
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:91519K4AxXw
Source: /lib/systemd/systemd-journald (PID: 7595)	File: /run/systemd/journal/streams/.#9:9152010VOgt
Source: /lib/systemd/systemd-logind (PID: 7598)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7598)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7598)	File: /run/systemd/seats/.#seat0ScHJyJ
Source: /usr/lib/policykit-1/polkitd (PID: 7687)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93108pDcbVZ
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93110tUMBMW
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93112ZNDMJY
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93115LsYy9Y
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93116NKET5X
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93128DuRNjX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93132avIBwX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93140xbbw3X
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93141GVfSMY
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93152RdP1hX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93153k2PmwX
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:93154TtbYLZ
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:933177CwH9W
Source: /lib/systemd/systemd-journald (PID: 7707)	File: /run/systemd/journal/streams/.#9:94332XZNAIX
Source: /lib/systemd/systemd-logind (PID: 7710)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7710)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7710)	File: /run/systemd/seats/.#seat0boCnqc
Source: /usr/lib/policykit-1/polkitd (PID: 7796)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7815)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7815)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7815)	File: /run/systemd/seats/.#seat0TKPyZ9
Source: /usr/lib/policykit-1/polkitd (PID: 7874)	Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95440ZPcTd1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95442Azbd21
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:9544496xJl4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95445PQ3Wl2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95446FElFh4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95448wJIqx4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95449inpKO2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954506ccx54
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:9545198ou10
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95452SWAep1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954597v1ge4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95460i0kFB2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95468SGO4f2
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:954697NwcE4
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95470GcY0G1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95471iJehg1
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:95472Ps9MF3
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:96525bOb480
Source: /lib/systemd/systemd-journald (PID: 7880)	File: /run/systemd/journal/streams/.#9:96535tIXvG4
Source: /lib/systemd/systemd-logind (PID: 7887)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7887)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7887)	File: /run/systemd/seats/.#seat0SawTUB
Source: /usr/lib/policykit-1/polkitd (PID: 7972)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7994)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7994)	Directory: <invalid fd (17)>/..

Enumerates processes within the "proc" file system

Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7484/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7572/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7561/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7563/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7576/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7564/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7487/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7586/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7545/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7544/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7590/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/7482/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/environ
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sched
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/comm
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cmdline
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/status
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/attr/current
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/sessionid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/loginuid
Source: /lib/systemd/systemd-journald (PID: 7484)	File opened: /proc/1/cgroup

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 6537)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6539)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6547)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6549)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6551)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6556)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6560)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6563)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6716)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6718)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6720)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6722)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6725)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6728)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6731)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6733)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6951)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6954)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6960)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7116)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7119)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7124)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7281)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7284)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7287)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7448)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7450)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7452)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7554)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7557)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7560)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7660)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7666)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7669)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7772)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7777)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7779)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7945)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7950)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7955)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 6538)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6544)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6548)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6550)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6552)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6557)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6561)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6564)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6717)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6719)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6721)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6723)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6726)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6729)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6732)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6734)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6952)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6957)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6961)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 7117)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7120)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7283)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7285)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7288)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7449)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7451)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7455)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7555)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7558)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7562)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7665)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7667)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7670)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7773)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7778)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7949)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7952)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7958)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 6566)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6740)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6964)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 7126)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7292)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7458)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7566)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7677)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7784)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7960)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 6644)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7052)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7153)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7220)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7319)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7383)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7484)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7595)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7707)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7880)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7991)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 6555)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6645)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 6886)	Reads version info: /etc/issue	Jump to behavior
Source: /sbin/agetty (PID: 7049)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7214)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7380)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7546)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7655)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7768)	Reads version info: /etc/issue
Source: /sbin/agetty (PID: 7881)	Reads version info: /etc/issue

Source: /usr/sbin/rsyslogd (PID: 6453)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6453)	Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6535)	Log file created: /var/log/gpu-manager.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6536)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6536)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6575)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6649)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6742)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6742)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6816)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6885)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6962)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6962)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6978)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7048)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7127)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7127)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7143)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7213)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7294)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7294)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7382)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7456)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7474)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7545)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7563)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7563)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7658)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7675)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7675)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7701)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7776)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7776)	Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 7882)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7953)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7953)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 7984)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 8055)	Log file created: /var/log/kern.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.dbg.elf (PID: 6275)

File: /tmp/Aqua.dbg.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 6535)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6712)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6947)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 7112)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7280)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7444)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7553)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7659)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7771)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7944)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pkill (PID: 6566)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6740)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 6964)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 7126)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7292)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7458)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7561)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7566)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7668)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7677)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7784)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7783)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7810)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7954)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7960)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /lib/systemd/systemd-hostnamed (PID: 6284)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6453)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6535)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6536)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6555)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6575)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6644)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6645)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6649)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6710)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6712)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6736)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6742)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6816)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6823)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6885)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6886)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6887)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6962)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6978)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6988)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7048)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7049)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7052)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7121)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7127)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7143)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7153)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7213)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7214)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7220)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7286)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7294)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7311)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7319)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7380)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7382)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7383)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7456)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7474)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7484)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7545)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7546)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7561)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7563)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7593)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7595)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7655)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7658)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7668)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7675)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7701)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7707)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7768)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7776)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7783)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7808)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7810)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7880)	Queries kernel information via 'uname':
Source: /sbin/agetty (PID: 7881)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7882)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7953)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7954)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7984)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7991)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 8055)	Queries kernel information via 'uname':

Source: syslog.32.dr	Binary or memory string: Dec 25 10:47:12 galassia kernel: [ 427.883152] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
Source: syslog.32.dr	Binary or memory string: Dec 25 10:47:12 galassia kernel: [ 427.883134] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel drm parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse ahci mptspi vmxnet3 scsi_transport_spi mptscsih libahci mptbase

ID:	1580708
Product:	CloudBasic
Start time:	17:46:14
Start date:	25.12.2024
Sample:	Aqua.dbg.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	78226180f205f37487849c994f9eb35a
SHA1:	3b98db60d97761ca1f0a8df8cbf28aab167d5751
SHA256:	3bcbbc785755e486cf45e2462fecf9c44f3665583ab53374604649ed2341fec5
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Name	Type	MD5	SHA1	SHA256
/run/systemd/journal/streams/.#9:78629EtYb6z	ASCII text	9E9A61253CD667C6152CA261AC253E0C	452F3ED4B1787C6C332FD716C17AC052FB9942AF	0B62CEFCAAB2BAF5180703B553CC72A0A09ACEB811EBB6C5F69ADD6001DBB559
/run/systemd/journal/streams/.#9:78630x5oJbB	ASCII text	AE47B0DA5A37D2282421BA6BDBCA67B5	C56C05BF37478CAC1615A6B8A4B04A4099C2CD4C	F345D31BEBE870E5AC24B92A99A878A541262AD55C6AF9B133388FE3DA375C02
/run/systemd/journal/streams/.#9:78631tgt9GA	ASCII text	B0B4EF14F35F5183D8F3255B81C18EDE	3ECB585A2ABF316F9492F8F225E79F435E66DA11	BBD2FE8BFAD029E90728148DF724564F822A4BE36AB41447742C03A81B06ACF9
/run/systemd/journal/streams/.#9:786329aZDCy	ASCII text	5697EF5CAAA257C47F440EB7C94D8B68	D12AE4D51746F3754848CE94699A00BECDF6271B	9BC0289C62FB7697671BC864478E58D697C69FAA8CFCB9C57FB5AA05E6846139
/run/systemd/journal/streams/.#9:78633URCUmB	ASCII text	7422D3DF1B5D52681EABA06483D8AE39	8DEAA341616B426C850B5245E42CABC5889134A6	3FBCEA66C8DF4D630407A7EE3977FDE2A66E326F88108AAE59CD5B2E686E489F
/run/systemd/journal/streams/.#9:78634UvSG5y	ASCII text	788B1F4E6C97FF6D8F0F84CB53C21895	F07DE5A9A81649B7D652B408A8705B66378F36C6	05758E48761B6D72C7F5CD7117742FBCF758A53BBAA5FC67C32402A6E1300A39
/run/systemd/journal/streams/.#9:78643g09UWx	ASCII text	AD59AD8421702F3DA5555FFDF9F8F590	E516A0DD030639A798627C619697A88C6D40A9EB	C5F7AA7ADFE44093A936B61CAF94BC55539E32B79402749223E816418FE93969
/run/systemd/journal/streams/.#9:78644tQdCSB	ASCII text	C29A90A2DE252D1259A010F38DEC7829	5E2B95B517FB4C33E1FFDC12B7B532B07D185F1D	94E46EB057357C4CDBEDD00537BE5BC9BFF6E582D5486C949C6B5296A3349F7E
/run/systemd/journal/streams/.#9:78645QoaerA	ASCII text	3AE0F561005B1F2E5B4BC93AA8F36EB2	8A96633F510F08BBCFCAD4A278A42F77A3E59BA7	EE4073DC57D0BD53310CC75A995F841616B5274674224469ED7D92E2387FFD68
/run/systemd/journal/streams/.#9:786538CUWsz	ASCII text	45D3FCD3EDAF2EE236A911E3CCF4A0A1	29D0F7F88EC0B400FE40652CF8F6B6898B6F86F4	858178DED357B8D2AF5CC4BFBA229575FCFCBCA8F2CCB96FACC04FD17132C81B
/run/systemd/journal/streams/.#9:786602IAdRB	ASCII text	D9C077CE1ED100988B260A241AF79B16	2068B9815B466B73BD055A8150A0401580D12944	1D95AB0890373FC4C945EECB1D05BCC6B2CF21239EF7B5CC7A7B30B65802B139
/run/systemd/journal/streams/.#9:78742Gd2hdy	ASCII text	7AC4DB5948F97E36CF75F478D54B33D8	D5C818E909AC40BFDD86575C219845173F064C19	116F896766D082162D51F5D4D0D690A0DE1328FC5AB83CD899BB9B73D5B6C8F5
/run/systemd/journal/streams/.#9:78819WWBjNz	ASCII text	ABE12805AACEF4DEA22FF3B9DBFDD6E8	866E165B2D5772625A68C7AF51B9BC56A599E1EB	9C905518299EE4C46AFF7091479B5CB83C8B1D7BEC88F07C85D3449149EFF863
/run/systemd/journal/streams/.#9:81753AWelzY	ASCII text	E84AFCF689889BC0BFB3BD8B21032632	29BF32D0E672C81481D7D7918895E20E03E392A4	22E3C3D7EA06C76D37B64D43D272BAFD850F3566D33D17F57E67C22141DF9D70
/run/systemd/journal/streams/.#9:81754umducW	ASCII text	F90D679BFC7FF68FE09BE9A7288EADD0	F1F6A2C4F7DD8F8DE24F189EB30CCDB9DE1AC39D	BA20B31E9D6E47F54A7B57173AF040F33AB675029FE801E652C5F803F5CACD3B
/run/systemd/journal/streams/.#9:81755gGs1NW	ASCII text	74E833E4535E5B151034A8FF058F689B	473976C1B6A2EEAD6E2970E6A333BDEA055764C4	9F029B6FAD602B4E0079741E41006A1567F412F3B3AF97BBBEB7C9792977635D
/run/systemd/journal/streams/.#9:81761c0oGVZ	ASCII text	98F6022C9678CD5B8B207566E21FB2A6	78E2DBF918B909AEA6413223FF10C9D612C171B7	E4B5B31441F5F641607E72E18A1612A0D7FFE1B42F398E19510091553D0C1E42
/run/systemd/journal/streams/.#9:81762UWZ8wW	ASCII text	2648E2BAA163899C3C6AFD5C4612FE59	C97E1DF4515AB7F0B0D6A949D06E16D0C2032501	2DE1CE9F03984C435CBC7EBBB7856952E0B6117CFAFC20AD8338A77659F8EBD3
/run/systemd/journal/streams/.#9:81769lvLZeX	ASCII text	5073247CA1853920CA3B9AA7B889BE08	88579C4C00CE8418A4EE760647F69AB9A4A81739	A6966CCB32CFE10598AEBEDA3D2FEAC195B60ECECFCDB2007CF4E8D314AB6C96
/run/systemd/journal/streams/.#9:81770DldQwX	ASCII text	9F3F9A717277D9AAA3F3313C3B432DBA	01446F3D43C5C711A75E52778B5CE648900E2D4B	6C9724E1FC00F9A3B1D743543D4781FFC48F464E1D7BC5C75C77C98FA463D521
/run/systemd/journal/streams/.#9:81771Rw5D3V	ASCII text	F39DC7F85FB596D36FC625B51E8CC2D8	126C7F36B051CDDBF21B5F8C2C56E0E6A78EA259	29EA3407B144C12A09F2D15FB0F71B6402D413168AF0BBE4A6ACBD54D2C88E2E
/run/systemd/journal/streams/.#9:817721pXI5X	ASCII text	A8D4E298BEAE808B974B6A67697AC47C	6197BC93F737DD2312CF186237B6DBA8D01075A9	E1301091BC335947A67B35C748097E878296D7B27038623C14F6392F43E87F6A
/run/systemd/journal/streams/.#9:81778mFKfrW	ASCII text	727CCE2545E81910E8FA80C8AE73B669	53DB9F37CBBFFD06E0A3893475E02F94BF25C763	23C4932887637C54507AD070DA12CEEB71A42360962A76E00C7258BD89E42FF3
/run/systemd/journal/streams/.#9:817860tcOuW	ASCII text	AB958741FF3D8DE406023DBB09708EAF	2FF4E026AC095036DB1A392A95363396F12DDD2D	AC3FCE18E0CB145B3DA3189EC4774F3A56E81B4BB765DC1A20975957CB1E108E
/run/systemd/journal/streams/.#9:81870P46MnX	ASCII text	C1EFC714FEB64E5B2E476F1A90311794	0E3D065DEB23A0D07831FED9B8068987357B5D44	FC6D0641138F1355A3F3172CB1713A34EAEEBD5599CD2A497DC159EA059487BE
/run/systemd/journal/streams/.#9:81888bbMB8V	ASCII text	77644690B1013BF234E9877512255F9A	1428C24A134E307F51CDA5065454120AAE382508	076B4F308FA3E1B8FC98F21610E1ED8AE3CCD6B1D3AD35380496C500F5D5443F
/run/systemd/journal/streams/.#9:82557wX14Hr	ASCII text	B677F6D645EE99DF032A1F9B4C7DBB88	4BC167CF6F5871FDE8C81F4FF5A76FB113519131	FA6E2790D6F62529B314F1D50C8DA0E357562E271CFB65720666463831F443DF
/run/systemd/journal/streams/.#9:825589FZiet	ASCII text	02C1D6D47085ED18F0928CE4D7911B04	2061D7BE2AEC29631D04EA9B6E9E9502E89CF488	5A832526A6609F057D8D0DED034591F716938711D35758A9C056B053130D1CDF
/run/systemd/journal/streams/.#9:82564Tl081o	ASCII text	F7AAD5AEF906DE52AC8F033C0C910AFB	DA2B4645BEBAF43883291CA063D007335B46899A	5AA5890A91D898BFA1E9C4D970350CD61541CC79F7D62FCC4FE155307CD90CC3
/run/systemd/journal/streams/.#9:82566Wzcuqr	ASCII text	FA246C35EAD5A85E1307B66174972749	B637B18A7E10623775C25D7326D63F3B5377611C	60C9C04B7C48165BA74CFAE36DE40602870DB3D8018BDA931FADAFF814CD7418
/run/systemd/journal/streams/.#9:82573SH3e8o	ASCII text	53717E8F7B00A7F60769715AF3C416A3	B4B19499B5EB142AEB56A83F72846B1B855A1FFA	10CB34D5116C807CB3638B29373136D2C30D5345B89AF0833C9CC42B3ABDDBD0
/run/systemd/journal/streams/.#9:82574r201ap	ASCII text	B42C3FDEC8299A33A87A116AAF905FEE	D60113B78540780C7735501DA250B4AF986ACA40	370E03EF7DA855D8BF2979C6F4397F0409525A38EA7E573CF32ED3D7040591EF
/run/systemd/journal/streams/.#9:82575SDeiUs	ASCII text	2FA6A3E5A6DD476B386E4A895C1BA225	A607FEBD426B0EDAF94ACB80DD7F87467428480E	8367BF55CFC4334C421C09179DFCD8C8266603B73F5B1BC815F80E34B608B0D2
/run/systemd/journal/streams/.#9:82576nf0awp	ASCII text	5B39A5C6AC9A61F4B277F127206FAD9E	0DB8C6EA879026EA34A9CE95B89B01320FD3B8BC	2EB3AA70CD7EC0265397066C81A15CB6A9AD5D78A60DABCADBA26476F34C2C1E
/run/systemd/journal/streams/.#9:82583Q1PNlr	ASCII text	4757E97E38ECD96D29CBCABA4D00051D	72D3EDF7D58C7B81E696721F5ADC66B7CCCB112B	21FD0A6F8998045C7DA29D6C7F1CEB1586D878186B6BA03E59D0D5BA7789A074
/run/systemd/journal/streams/.#9:82584p2nM9s	ASCII text	77B6081CA2EE0E21B3B53BF6169CBD7C	EDFF55AE1B65F73D0540ECAAB170F5E798BA5957	4CAA956F923EE16BDEBD020F750A0EC9F78AAA2E477D6453A6DC5AFD56C47A0F
/run/systemd/journal/streams/.#9:82594hKX2Lp	ASCII text	2E1C7C9181FDEBB0CE4D10A3FB262E30	AA5D2C9E6242F0BF368F92FC76D251842127AA52	5EFAE6E2E66BC8967D008B444B51AE8AEAE7A5B2397DF3B81289244582A250C9
/run/systemd/journal/streams/.#9:82725QXyAeq	ASCII text	E82A61975070B342003489AF414ECD98	13247CEA3B8451199584009BE504BB2FB971AF25	CC3DC8BE5D8D76EF9B5405464C97A5A31804C93B01D0D1463CC4C278BD3FECA4
/run/systemd/journal/streams/.#9:82756VsuG9s	ASCII text	EC82FA4A52AB04F9C4B5549E96F67AA7	9747705FB371BEA9E05D5ADF1FEEC2A5A9C3C2FB	0129E31397E9F5AE965DE0B53F22EC151A4C49D5F6C51AA46CD6C741D5BB5A14
/run/systemd/journal/streams/.#9:85303iA4MSa	ASCII text	CE0AEC2075B6CAEE222653A76B6774AC	48D86E44CA3241206B2D106C9B9C74419F1B09B7	B40E87C864877D15AA4D56A75485BE8E87BF4FDE58C35DF35A2D8FF64744932B
/run/systemd/journal/streams/.#9:85307CSnnka	ASCII text	F832E686D56C5EE8A87F6F2C2F99393E	2AD84AB508CE6AF376AA072739E996DD8EFDC34F	891EBDAA7EAAAA9D3818B0DB77AF1736246F71800C75E2F42A805C569C38DE19
/run/systemd/journal/streams/.#9:85308PkQjn9	ASCII text	20164F48C7805CEDF6C7D9EE96C6D7F4	A3B0CBA848B91B8860ECC873CC3F6944E43DB332	0C9FD02BC056907C14AFAFCFFD2D68725B30F2CDCBC6C5E4812CE69B82781EF9
/run/systemd/journal/streams/.#9:85309gdWG76	ASCII text	53C36B4D2ABF9E36313D647CB3719F99	AFC018DBEC7A482D7C36917D8940264297873EAE	8A167BDDF4BC04E6C5F5C00610B16E4DBA68E78FE3A8206C09DD28D8830DFC84
/run/systemd/journal/streams/.#9:85310OIqf7a	ASCII text	014072BBBBC676199E52FC4234DBC7B4	69484E50FB3E867010D567A7F079BE1131F0D2BA	1BC67F9B2AC22085693AD3DAB67051F0D461BB862A24F3133C979612E8E6927F
/run/systemd/journal/streams/.#9:853171ObKj7	ASCII text	548AAD3037D9F6C5EC37232C341CBF1B	E4F13523ABBE7C85E45C1ACF6ECF901A2FCC63D5	F869C62182E9432B42AF35031F91225B4A1955151B58147EADD3B123946DA64B
/run/systemd/journal/streams/.#9:85318GDx087	ASCII text	64A9E2882BCF24BABA80941D0B179F3C	9DB36C31AC1C4F7822B5666040EF98CB23EE2430	56AA6B503CF9003CEB16371B5C9F778B51DA34921B8FD9AA6339026A62115D8D
/run/systemd/journal/streams/.#9:853194Z4aF8	ASCII text	9EB857A52242CC6830FC6D89C84216EC	93AD3D57A17DB498EE05E0EFDCFE1F40AB0DAB98	957EC54152DB440D8C945B1C513AE7F0CAA4410E3AA980F644A25C1B481B307F
/run/systemd/journal/streams/.#9:85321Lw80l9	ASCII text	DA1ADE262CDDDFF7E801C3B9C2B0CDE4	988BDE8123B51EDB60F58D86C176DC2DC7BAE2E5	845233A7D292AB642B4884B5E6B8FEA6CE5C20BF134A071BC011C32028AA3675
/run/systemd/journal/streams/.#9:85327t6jh16	ASCII text	3B58A3A2CD11519FA903F23E1091A7E6	515330D8E4569FF4A0400ADAEE9C246C1D21ACB1	A72568379209FEB6555CED7953906F34D456A09BF4D349FFAC358F58CEF0B212
/run/systemd/journal/streams/.#9:85328xshWGa	ASCII text	D6FFDA101EC56FDE77D45EE225EA23A1	1901E18C9900C8BE85907F07554C42893ED5407F	4A8B70FEC688857EF1E0B865EC72B5A8D09F4188E7093E3A7FD72E9249EEED73
/run/systemd/journal/streams/.#9:86283HxW7K9	ASCII text	48903FD2D1E919BAF6525E767049A911	0F8C108C906C440A1FECCFE41B7531DDDE365C66	BF5DF7F33F766C1C383FC8510FBFC8B7674CCD91A00639926536CDCA94627B41
/run/systemd/journal/streams/.#9:86446ZX6qH6	ASCII text	256E466B557CEFAE42F3D184027A4053	0A7275C14D5B8D4421B37E104D6F2904C9432A30	C71A6F7DA672EA087FDD9459A644959BB24071B876E5DC16C6167178632A3C1D
/run/systemd/journal/streams/.#9:8726978mr5u	ASCII text	38F26AA033883423673CAF613A99515A	C474CF5EA6D6E574BBB2A627B5B68C666DCD65B2	6792034ADA311CBD79C46A6A3823F6C989C2DCAE2CDC6024AB3A45475F557949
/run/systemd/journal/streams/.#9:87270CmZqhs	ASCII text	250311F25443A19C33E7CC82868B1696	EE2453763ADC5CDD3909F1D0C71C451305A04B60	A710D0364C36A8D7CFFB9062491AB3FDE7E0383DA2621F17069E4814026EF7E1
/run/systemd/journal/streams/.#9:87271PXSymt	ASCII text	814AB33EB05D6833A806F7CC8867B09F	CCBBB7F16245206C2D112121F95753BA83C7E56D	97E85F605BF0D583857DB863C4BB95EB8FE50761106ED4179E15FDA8DA2FA94D
/run/systemd/journal/streams/.#9:87272NyrYNs	ASCII text	9326FD6DA266C7F2133817D2393F2A16	D2FC8EAB351482D9261DB97F39E97E5D73722642	3008D1D9551051948A879AF52D697E54A887E75550369A3BD2AED44B7C5ECF85
/run/systemd/journal/streams/.#9:87273LjpXNu	ASCII text	153C0CC7598ECF493CE0818A7B7E9318	43D7D72F10599EBD703AB12B4AE6AA464612B93F	761DDF74C329B059FFB5D65B6453CF09E77D76786AB1359BB6F50E31E0EA48AD
/run/systemd/journal/streams/.#9:87274071OWq	ASCII text	676B8913FB3994BD09615394A07AC60A	45F6C787E53CE3D89D80BDE03F59A9078CFDBDE9	EF74E787053C4F27C8E7E528B22F1210ECF45667E97A39FFE89090B5C471029E
/run/systemd/journal/streams/.#9:87275M7uPcv	ASCII text	47C71FA508CEF35768A2A93965E49DE8	40EE7667245F3245BBC78966A7D0270B2DE36CBB	FDD41F7DBD098AF58EDDB6F0BEF6DACA4B7136AA4F84D39CF8B3F857BA60505D
/run/systemd/journal/streams/.#9:87276Mwd7Hs	ASCII text	F707A2C94DDBA9756BBA8FAE3DFB25DE	42F9A18F80B65E42AC2DF0BCCA4A39CC9CA09D44	8B9DD26EA10D83D447FAD6D56B0C817F0C05DAEB2D5A2710058DDD31DE019FCF
/run/systemd/journal/streams/.#9:87277Ovu10s	ASCII text	4AE44288024A369AB195F6A86525B9FF	9ED3BB2F0134F82A286360ED41840A61C7744D1B	CC5E0D8D4C08A2981D19B2CB8BA9DAD127EB639300BD1194025AC07E3936D9C3
/run/systemd/journal/streams/.#9:8728947W75s	ASCII text	C4FE8158AAABA35AC9577FC15C426E09	C2442B9DCC5A05A4E968CF5EEEA3947B382873A2	7CD92A243AF33605C7C7B960D6DB0DC4E39CD0868D58649A79B90ACDD30B8042
/run/systemd/journal/streams/.#9:872906p5Vyt	ASCII text	16FF58D463E75EADCD6B07AB8EF0C624	79FD59A2CBCCBCAD6EE6049F1D435D8650FAA6A2	392B743FC80366B99E8D06A7DA8CE63DF5E0C418BEE7775CEA2C27EF5E4A45DF
/run/systemd/journal/streams/.#9:873789hedgv	ASCII text	4FFDB806C99372E73B315ADB6CF443EE	CEA989D5B8772D818619E173D344DFBE8B865C87	93FEF77DA4AB210DA40D439F5BD7C9DD06334E7DBC64C4EFFE60253AD55356D8
/run/systemd/journal/streams/.#9:87385MQqS9q	ASCII text	4CBAF651A40113DB53558AF204CA2C99	3F12F97E4C02DF876733CFFFD90E99825C184107	7909F2B8B6BE334998D3DA35F30A97F5C5ECE6426172D1CD438679D0292A0FC5
/run/systemd/journal/streams/.#9:89457m9Y0o6	ASCII text	FC0FBFF63C78C258480029E4E1CFD8EA	BC010F6BD9D194EEBBA8907D58D74EE43ACB6852	053114668394479CB8CE6C66AC189C0BCA2254ADB0984A4555E0F0901A75C2C5
/run/systemd/journal/streams/.#9:90118TbuPR7	ASCII text	786797B232DA21ED2872A03438387FBF	27D129E993F261A10597736E3FAE7B5627BFA152	5A8CB0B571807922C236F0D09245F7AC277BD3EE4661EE6A32B4BD185E12700B
/run/systemd/journal/streams/.#9:90119JeML77	ASCII text	48F737DB7CCE25E26B1368C2FB8D72D2	3FB0C978AB0A83C48E3896E96CF1F73AC1FC1569	4E5CF6072A546DCF2D3AD73A12AEB5A9FC0A2CF09CF10BCC5598E1DC83C6791F
/run/systemd/journal/streams/.#9:90120IAZrM4	ASCII text	35BDE9EF4905BF36C0D6CEFAE1AFB418	8983C4BD205475A378CA7CB5A89BD7415DEA5B86	4C3AC829E09F3211B6E5B54AEFC80609825033232E8A584790BF572BFF9F69D4
/run/systemd/journal/streams/.#9:90121rxiwM8	ASCII text	DAA00E02083D654BA425D064C06C0EA2	DA654D0491B24865B132FE000B83AFBC36D2390C	2ADDCCE9D7A09E0B992ED67212FA3516CF52B411EC936A06962381D11D42198E
/run/systemd/journal/streams/.#9:90123X6MOv8	ASCII text	5C23E1827527190BC578F270FD997ABB	C635E943E232412C5EF663DF038F2B5365210F1C	FC243AD4651F75F964EB152682408A9A2B74B308FFE406E45D6E5FC3B3E80219
/run/systemd/journal/streams/.#9:901349KDNl5	ASCII text	D0CC3C6387F2C509901484EF09779EBD	D63B6945504C4D4130BFB024ABFB2901E0474BF4	39176329C947C64B9ED6821DFD7212CBEA64ED8FBE692A6D25FCA6F9B4DEED92
/run/systemd/journal/streams/.#9:90142RWOEs5	ASCII text	70A34B4EF57EBD397FDB848BCFB91DD5	B47895B0FCA57B5C3C4CF1EBD452DD9B122C0C9C	260EECE3F777F911644FD0D0EC51A8842E20288DEC748EEA5FE703C6970A224A
/run/systemd/journal/streams/.#9:90143XWZzK6	ASCII text	2A8B6B4EE1B5B11AF196DD724D87A2EA	5F5735323F7143EA2AB5FD682F51FD4FE7BB0586	5823366F108404B63AAE2068C3C57437B4BBC74F8EB8F0D855EB00F96E988D53
/run/systemd/journal/streams/.#9:90144zhuF57	ASCII text	29D1FAD5CFBF35B654508C77E1E4F99E	FA4904A890AF1B7AFB17EF5D68BF933CA60E3D34	A4E3A16DE5BCFA085CF0B5A33403649890DF2922CAC0C6975E95908E1AA865E4
/run/systemd/journal/streams/.#9:90152W7A0Q6	ASCII text	8C1E557A1CB6B90ECF6191F639C6BA43	FD5D5C8484805707BE6F17C60E671319E25D830D	01CA64FD7C9FC30F96B9EB28AEC38013831645F5D7B17BE1DED69B13B5831158
/run/systemd/journal/streams/.#9:90154TB1DH7	ASCII text	3BE11852F6D2EAC2DC85B5EE843C687B	7DE64422ECB11877BAA9402CD9D2FE39260A2455	7CE16C7DC2030BD30CED171987E2770634080FD4D8426477AA9E718310FFFCB0
/run/systemd/journal/streams/.#9:90155hvf6o4	ASCII text	4A3456E39A0B09B941668C1CE4158A3B	453092C12EDFFB1B53B75663980D92ACB2852ED2	B778B8BC151253C35F4D81846CC441EAFCB79BAF80EA2E0FD78C87C18FA7EFA6
/run/systemd/journal/streams/.#9:90156j9KrD8	ASCII text	E843718314F560461082D9E96BDB306F	230187C12C6F83DB89357D5EED9A23AB11FE2E0D	F10CF9726A5F564F4F8D2C2813B7D0FC2DB89C4828A696817ADF482CC514298B
/run/systemd/journal/streams/.#9:90187qPHPU5	ASCII text	26C9750BB64BA23D92350101AB9B2D5A	CE04A85F40437DED7ED8216BE48598121347744F	C0EB1568EF0B320A44B1E7626C3597F71D48A407E85280303A980A83E17975B6
/run/systemd/journal/streams/.#9:90396tQkmY7	ASCII text	5C2731B7535D9F1AEE562C102E8F367B	64180C3A7DF2904DC8815295105D7B08AD39D724	6E760BC95AA414F0B8F602FAA055FD6DE03DFFA6C554D642AA74755F2DAA6060
/run/systemd/journal/streams/.#9:91519K4AxXw	ASCII text	FECD9FB5FA65CAA509AC8BBF7993B13D	F9D92E525DCDCCDBD448F129CF119E5980C331C0	4C98BACE3009E51B3A2D8C82B3D4B37EC4DC41A8D99C6AAC3BAF4F69A468D40E
/run/systemd/journal/streams/.#9:9152010VOgt	ASCII text	6EE682E49EF75077352B56FB7EEA77E0	579F98CA125ACAB6F51135D206367DF09E78CBB9	56B0AC9191813D54F350D3CB329439876C023EDE47EB1302410D3EE7C5C712FA
/run/systemd/journal/streams/.#9:92185HgYyLw	ASCII text	868D722F1DABDE974D424833DA0F9008	560583AFEBE072B1F8F4D083783CEDB4148CCAAF	46951D176D604EB9DA84A9CBBF84FEED3446646D4C4E2CF564A2B3D9F9858B94
/run/systemd/journal/streams/.#9:92187JD2Fbu	ASCII text	123B684B111F9A1BCA0F8698177C6965	A19A66D26DF926E2A54E9982C0055DD51C52F307	FE1D83C79748112954CAB5B868484E252877BB598695F12A4AA242F4126B65AC
/run/systemd/journal/streams/.#9:92188wKRYZv	ASCII text	D20FDCDBE7E60446B8E3C1EACF9C2AB1	638A6668EEE941076E137FD58202B32B54DDB378	8EDEDB75B0122A7F514B89694882F4645B4EE72E184CD068DE5923F68C38D1B5
/run/systemd/journal/streams/.#9:92189Ub5hlv	ASCII text	037E9642DE5857953ADA4D58044F3B6C	59B2AE5C576D668934EFDFD8E96C4D8FC501213D	FB23817B9ED9C06172502AA4F8D4A7A19C9F024069CB3381A32F5E0B025FF9E9
/run/systemd/journal/streams/.#9:921913q08bw	ASCII text	341E24476B86420E3B5578A062BB1A68	0E39FAA0CF1B2CF5C7C12C406CF2188F8C7170E7	413C0963FCBE52965E9380654738F54D4D72606144692DFCFB327AA64EAA9FBB
/run/systemd/journal/streams/.#9:9219817AcUt	ASCII text	ACC75FAC936BB9CD85B49D86A7AD0F53	9E18E20B3E4E1578F5AFB662B7CC9687CC93BC3A	A4549E2037C6EE23141961010F0D56D770B01F7CCB1FF379D7B4B4E7EB0B1504
/run/systemd/journal/streams/.#9:92199AjaHiu	ASCII text	CCF2FC4CDEFA7BA34E5BF148E1DEDCDC	63B319426116BE558CF2B18BFDAD9BD9FE510426	CF7894B521456B069425C8EE697219C44831080C5459CB1F9A49B3C06DD7158E
/run/systemd/journal/streams/.#9:92205xWjAIt	ASCII text	5B20D7B16A1C2B6C9045F4CACE5103FF	5337AA7D6F6892B3E21C0EAEB8D6096CB78F6EA1	28C701F525485B20FFA07A8969DBF3C718FF070447AC6FFEF0FD8FD9B3302086
/run/systemd/journal/streams/.#9:92218F0xX1u	ASCII text	C8C24B1FDC159DEF46BD5F1B068F6AE0	398F0126D06B4B12B0B03A1689A1840778EA68F5	4D852395D9BFBA9F1E055A7A788A6E55798E3113CDC4BCE06BF2A3BFD592E21E
/run/systemd/journal/streams/.#9:92219JccTyt	ASCII text	D5C64530EA013A5120BE99F36FF6BFC4	5C125D5BC8C7E7E933F2D6A27C2791A727E58921	44D1F5E405DE31462B70896CECB63B0F828CDC82BA29BE78F04BB266932D4706
/run/systemd/journal/streams/.#9:92220K2zBgv	ASCII text	016CF9665E4A3AE26EF5524EED5B9E1D	E04EBC05B0C323F6D12F0A894BFF30C533869D2F	A70F5F5EC648B9AE8DB900D4DBE03B9B62D3C269D4D6795F83729CFFB764233A
/run/systemd/journal/streams/.#9:922212VwRNs	ASCII text	C9BC3309531018DDC61F15ADC04ED4ED	A37561F2DA391619EA047DE77EF74CB613E59A22	CAA98B697D0C940FFE7674946188D3CFCCF8F8105399679B4A96E27E5389B453
/run/systemd/journal/streams/.#9:92256GB69av	ASCII text	4F7B4C91CFDB0072BE579243642E8E9A	585C79E3CD83BBD458D336CCC83DED467EC97525	A725EA46A54DC7969679B7023D7126F4DAA993678B28E0A05EE0F99FBDD6CA39
/run/systemd/journal/streams/.#9:93108pDcbVZ	ASCII text	532A07BF3A53177212D81C8907F6E3E1	9B743DE1ED42799EAA94E7F010E310C2E2C472A6	3DCEE8FEDECB5F0662B5845D197FCAFBAFADCE6BB43CEC060B84DB39BEC5EBCC
/run/systemd/journal/streams/.#9:93110tUMBMW	ASCII text	D3BD26F870AD63E53A1A9C3EEFE5EBA6	C26F19AD7750CB81E018AC91A5A3CF16D07818EA	5E185BF3A44D01C93E1CF1141084E667D4CE6D3234B6BA7D701314A8F24E693C
/run/systemd/journal/streams/.#9:93112ZNDMJY	ASCII text	4272BADBA522175C737AC955F1A4BEB9	AA49057942AE8280DF663D7E2435C167A22A1CA6	22E91DDBA8213A74A3F661E8A9A441FE3350776CECD6B20F578D52765971EF53
/run/systemd/journal/streams/.#9:93115LsYy9Y	ASCII text	30646DEFD23EF20CDB5D8F7DD063C896	C77FD251B9FC8C7BDB2F8BA3D2D50AB978A1BD8D	F22A8220826598AB2B8C37E19B95B63428763BBD7995E3356F1B9745A27BB404
/run/systemd/journal/streams/.#9:93116NKET5X	ASCII text	FC180FF9FFCAA0FA750A131EF2FEA7CA	D0ACE8110F0B28DB9BF4E449F814E9B430E8F9DD	44A16AA26119882020DE84C1178F49BD9260FF9E65BB5E65F717AF32D8D8DBB2
/run/systemd/journal/streams/.#9:93128DuRNjX	ASCII text	CBEEFD7881F55D74C9891D4B021EFAED	EEA7168E1A929D03A2BF79BC6BBB7A4A633F40C6	BCBDB64DB7BF6402308B901F1C84F1A62B5E95CF86818E88CF7BDD58CA11AA10
/run/systemd/journal/streams/.#9:93132avIBwX	ASCII text	744ADF55873E611585407ACD77022173	672684330ED09FB0E963D046D800CC076445BDB4	196CB2DBAA992741562FF3182DB8098AC4D217095ECAD0B8ECE61E2250B9A60D
/run/systemd/journal/streams/.#9:93140xbbw3X	ASCII text	7F7DCA892ABB6D256A5431E53FAB7B76	CDC929A956021189AC94C5B619FB3AC78C7FEE75	4223FCC892E0872DD0FC761325BC435147FC5E0DF9BD5674BDC84106C6E31AA6
/run/systemd/journal/streams/.#9:93141GVfSMY	ASCII text	230D04947DAEE5BE680C5D337E93BE12	F1F6663624ACB151B1B5BA302E70C1F74F5C636B	270683CE2AD027AA897E4C61E8F95F330FF084F0CB1F2EEF203533E193B918AD
/run/systemd/journal/streams/.#9:93152RdP1hX	ASCII text	9A274B413363D62D22AE3141D466E40B	188F325F7A4C0391FFB3B72C2FD57AFE75A1FBBA	A4D07AAEBB456DEA425EA59F1B798B482A35578BAB1C4CEC44E5165B20B522FB
/run/systemd/journal/streams/.#9:93153k2PmwX	ASCII text	C6B31B588E122FC9106E9C8E2E971ADC	5057B4B87FFA40C55AC2BADDEFA2E6973F74F141	FEA3D7F3D50EA60879CAACE70F62F96A9D25FFEFBCA5B63B5624C6464948342D
/run/systemd/journal/streams/.#9:93154TtbYLZ	ASCII text	5C744F46F6DCA8B828D224B2B866481D	BE63FF6DA79F236924DE4600F0212F2DA975471E	B564F991DE9DDBE95C8DFDD70BAB6C656A00E937CEE5B2E0AFCDDADB668544AC
/run/systemd/journal/streams/.#9:933177CwH9W	ASCII text	7324A4DA20A0205D6EA55D1F55D53D29	2E6FD178BC18622B75734AD6120C27E22F5CD0AE	82A1D9AD09AE44D9CB08192E5EB1BDE3927D2E2DD5AEEF32692B9770DBCC1554
/run/systemd/journal/streams/.#9:94332XZNAIX	ASCII text	B339C7C545F3545C12CE437475F0A59A	ECC07148D68816DE941A51357FDF93DB213FF7F8	90FFA6E32CD6AD074308BB51E71499B64B1735FBACE7D3325FB9E6269417DBF3
/run/systemd/journal/streams/.#9:95440ZPcTd1	ASCII text	07BDF7631331E6D79C59641513CA8D4D	5FDC603DCE8045EEF340A10494BE0F4A87CCA342	DE8FA5044DD751A7D95E617805E73710F2CAA9933D9CEDE2B67C69C48DC7BA5D
/run/systemd/journal/streams/.#9:95442Azbd21	ASCII text	3F9D3673D79A300888DBBC1EABFAA0B3	40435BDF33FC8152AFA630FEBC447D9BA5A4E6C6	D5CF5BAEFB164131300EEA736E564D2FC397E7F2068557DE3CA0AE8159C3E77C
/run/systemd/journal/streams/.#9:9544496xJl4	ASCII text	2A1DCFAE32E229A62CD3C501E0F3BFFB	488476054478254F74B86112937950ECCF68F3C0	1B76C5F050A5DB67CFED013148DD369293B8BCED84F7722564FB53443F0ADA7C
/run/systemd/journal/streams/.#9:95445PQ3Wl2	ASCII text	2887AD3CA252A91A50F837A8ABB8CC7A	2365B2460CF1B77703C5D4951BCA8C4F4787793F	34CC3F9FBC9F9A2B30992404BE8E498EA3B9D66FD2526C40F2E40AE757B6C253
/run/systemd/journal/streams/.#9:95446FElFh4	ASCII text	AC98DA9466C6A1C6AF32D6D344D33546	24D778821B74AF476915217425B9D02B261063D2	B0BD79ABC5D5F3A001E4ECAC70FA30DEA55B2A6FFB40D7D89B02660D09E83E0A
/run/systemd/journal/streams/.#9:95448wJIqx4	ASCII text	F60EB3224D141DE47CF060573D7F749E	DDE6D2982784C84007AD35460C76FFCC838BAB90	5DF3C30F237CD1DA5C4B8870312A77ED7D3D4B47C86B4C106FC672E68B93075B
/run/systemd/journal/streams/.#9:95449inpKO2	ASCII text	3D3D9CD558F99AA23DA6AA2D8BA15725	DEBAD5B4B591CCCA2384AC992B116D3058908700	03F17C95A68CAF17C7930750135D33D777C13284DEA897FEF545DD5A8C5779DE
/run/systemd/journal/streams/.#9:954506ccx54	ASCII text	B6A65943539DBE1814C20C579A1CF07E	733893A1294778E8653C6A4E0B5AEA20AE07AD67	652CF550800627385B4954E198AC2AFC1708C27D4928C871316613C95402A18E
/run/systemd/journal/streams/.#9:9545198ou10	ASCII text	D9AF31A212FA7D5E3B408A1D05D6C4AA	487F10454978DDD591C2444A9993C42E9BBC5658	B868322B8CCDE708F791EAF5A5D63C922216A9D10621B8ED9EDCC35B69A30809
/run/systemd/journal/streams/.#9:95452SWAep1	ASCII text	9FC4918FD5D5E874D100C1FA157537D5	DAB0BED9B625B5FA91424FAF63F41D669C38366E	55943CA6E3EB27114A094E098842C8F4FA4197BAF70D335FC00FB81B3A8DB49D
/run/systemd/journal/streams/.#9:954597v1ge4	ASCII text	8114875494EA1DD8827155F15BFE4D9B	3EEE85942CD2D8E312B16D5F06CE9402D659A4B4	782F54C192FA6CA0849DD7C266914A63261A90DC58B1ADF55833BB45BA6573DB
/run/systemd/journal/streams/.#9:95460i0kFB2	ASCII text	0A709A34F88251BB5A18F31A7B9AA88D	B81DE8F520BAF150550D67FAE768C27F11369C2A	A16417224239A29790ADCA502778E33743E00D1E9F4151B94052EB22A371DA41
/run/systemd/journal/streams/.#9:95468SGO4f2	ASCII text	0F1ADE56DB806CE5D84217D40687FFF8	169736DA2056A50ABE96F19CEC6D5FC738721D99	C8CBC49A4A08DD0734C7CCD8DEBBA0CEE8C17CE92005351F7F52405359A55E51
/run/systemd/journal/streams/.#9:954697NwcE4	ASCII text	E692A6C2C6284A65EEE8115FB856CD02	0BF1CCB735361ABA10EAE106EF45A8563E0AF24A	BF274074A4D224444228FB5D10586699A58847750814A5B28BB24084239BCB2D
/run/systemd/journal/streams/.#9:95470GcY0G1	ASCII text	BC66A34C767F12FCBB8409D84D619D1D	CA6E428079E151C0A737F04DB0D7629D2CD1D649	27F1C426408BEA11C49F275C6AF2FC76BA9A481B3C405E4424339161C8B7D30C
/run/systemd/journal/streams/.#9:95471iJehg1	ASCII text	61853B896552FFD5B1DB1C0D49539075	054A55ACC7267F7C242706F8CCE60654EDFDF4D8	0CBDEA2EB44A34DDBB40ABBEF976FACF87043C905ECCEA686452BF9D9B671072
/run/systemd/journal/streams/.#9:95472Ps9MF3	ASCII text	20F5B6B21A57CA6F3A784EDDB8A5E28D	FEA33349265646D1074543B6CABFB4321F8CBA2D	0FEC3EBD52FF2823D4B4A4FACD566B87D5C1387DF3DAAE18CC6A6B358DD78FDB
/run/systemd/journal/streams/.#9:96525bOb480	ASCII text	E5A948BB07FF2FC05EBAF4B16D814FF7	950C3DF1BE5793B61F92D1ECCF73CE546907AE73	FA58DB0B46D50C13976E96EF3251D6E92E5F12618642FDBCF0E61222400FC348
/run/systemd/journal/streams/.#9:96535tIXvG4	ASCII text	1218F29E5ACD2B13D08DEBFA0BB528DB	0B78ECAF5AB7AEB3EB3FF84402EE59A10F598860	D69B5EE701446BF0A25316275023950D7F07CACC79D25D53D08B15452C01FA4E
/run/systemd/seats/.#seat0DWYJUs	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0EgAPYF	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0F7Yq8K	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0Hwzucl	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0ITEYJb	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0SawTUB	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0ScHJyJ	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0TKPyZ9	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0VLY28l	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0VnYAVM	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0boCnqc	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0nRd3Bh	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/user/1000/pulse/pid	ASCII text	00F159F51052AF74C48F1B1D2C8D17B4	A132EE4B4BFEDA438518E86453A58E5FD507145C	9D09EDE90C6CA5631652DA52288D95EC8DCA12571340D6C10562A133297787A3
/run/utmp	data	F8045B41B0F02CA4024EC4C1F9DB9892	90200CFDAEEEB06ED3781AEED024303B3D1857DE	09193776EA442E66B884EF289DDB0E1174E22028BFC4F31974DE44AF72C92E3B
/var/lib/ubuntu-drivers-common/last_gfx_boot	ASCII text	078760523943E160756979906B85FB5E	0962643266F4C5537F7D125046F28F21D6DD0C89	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
/var/log/auth.log	ASCII text	A5A6FAE7EB997CE0358EDBDD712A2F35	684EB3AB6AAFB0906D9D6F1D0426017C6291A011	92871A6DC0B020575E4B8B405941596D4EDE688168B5D8E4CEE2FC47D0D2B96C
/var/log/gpu-manager.log	ASCII text	3AF77E630DA00B3BE24F4E8AA5D78B13	BCF2D99E002F6DE2413A183227B011CFBEF5673D	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal	data	CA5E0DFC209CD3EFAE05B857C50D8DF1	787A9F8BFB4868F3B98C74FE2F5C7275AF6F4CD8	8C05B5CC88A050F8F338ECC4EDC17E722656CA1585B446A1C2E6654557B1F678
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal	data	8B4C7B8B0E6491B75AA33AA014000E43	861EDD37B6A5D9EF404491616438DA07F33093CF	6D57E27C174F5CA0E8692426DF4FDAA64FBD054006170B483CCB282D50165DB1
/var/log/kern.log	ASCII text	4E5CB6598D4086DA98B0E1B3776EF3AC	856E36C1043B60229F004FC37B99A6DF4DD84151	5D16AAD9D0A4E5D3F477883117B1E8704200EF0DB7750F739C57E18B77FF6863
/var/log/syslog	ASCII text	24D5B739E7A31F1735C359D07829F193	52858122981C338D614544893DA33143125EF0A2	EF3EF8ADA468BA940038736D033A2AAF95CB018A0169BFC416C9D5BE49F2B84B
/var/log/wtmp	data	F8045B41B0F02CA4024EC4C1F9DB9892	90200CFDAEEEB06ED3781AEED024303B3D1857DE	09193776EA442E66B884EF289DDB0E1174E22028BFC4F31974DE44AF72C92E3B

Linux Analysis Report
Aqua.dbg.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report Aqua.dbg.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
Aqua.dbg.elf