Linux Analysis Report
Aqua.x86.elf

Overview

General Information

Sample name: Aqua.x86.elf
Analysis ID: 1580709
MD5: 6c810013c99f6d43ad7bfe3fccc6a51c
SHA1: 8b88911c526ab2beba9db5a68b31c98c26fd4e2a
SHA256: 71504c9ebaec8c03e24dd0e3c504c9c37c4c4aef70f5ba7f0a66e127e365e7fa
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Deletes log files
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "kill" or "pkill" command typically used to terminate processes
Found strings indicative of a multi-platform dropper
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Aqua.x86.elf Virustotal: Detection: 32% Perma Link
Source: Aqua.x86.elf ReversingLabs: Detection: 39%
Machine Learning detection for sample
Source: Aqua.x86.elf Joe Sandbox ML: detected
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5764) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5940) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6041) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6137) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6231) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6327) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6495) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6530) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6611) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6614) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6725) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6822) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6916) Reads CPU info from /sys: /sys/devices/system/cpu/online
Found strings indicative of a multi-platform dropper
Source: Aqua.x86.elf String: EOF/proc//proc/%s/cmdlinerwgetcurlftpechokillbashrebootshutdownhaltpoweroff/fdsocket/proc/%s/stat/proc/proc/%d/exe/proc/%d/stat%d %s %c %d/proc/%d/maps/var/run/mnt/root/var/tmp/boot/bin/sbin/../(deleted)/homedbgmpslmipselmipsarmarm4arm5arm6arm7sh4m68kx86x586x86_64i586i686ppcspc[locker] killed process: %s ;; pid: %d
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:44734 -> 89.190.156.145:7733
Reads the 'hosts' file potentially containing internal network hosts
Source: /usr/sbin/rsyslogd (PID: 5658) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5742) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5789) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5854) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5939) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5949) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6016) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6045) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6108) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6116) Reads hosts file: /etc/hosts Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6141) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6208) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6235) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6299) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6308) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6394) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6401) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6428) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6499) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6534) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6600) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6612) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6634) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6696) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6704) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6792) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6799) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6826) Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6893) Reads hosts file: /etc/hosts
Sample listens on a socket
Source: /lib/systemd/systemd-journald (PID: 5794) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) Socket: unknown address family Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6145) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6239) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6334) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6432) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6539) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6635) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6730) Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6830) Socket: unknown address family
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 45.148.10.84 replaycode: Name error (3)
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: unknown TCP traffic detected without corresponding DNS query: 89.190.156.145
Source: global traffic DNS traffic detected: DNS query: 45.148.10.84
Source: syslog.427.dr String found in binary or memory: https://www.rsyslog.com

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5488, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1400, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1432, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5464, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5465, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5648, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5658, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5659, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5742, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5322, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5675, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5767, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5789, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5794, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5797, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5854, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5917, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5923, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5939, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5855, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5858, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5946, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5949, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6015, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6016, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6017, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5955, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5958, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6042, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6045, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6046, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6107, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6108, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6113, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6116, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6047, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6050, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6138, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6141, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6205, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6208, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6209, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6145, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6148, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6234, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6235, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6236, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6299, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6300, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6307, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6308, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6239, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6242, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6330, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6333, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6394, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6395, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6400, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6401, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6334, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6337, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6425, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6428, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6492, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6494, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6495, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6499, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6500, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6432, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6435, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6533, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6534, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6535, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6536, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6599, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6600, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6605, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6608, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6611, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6612, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6630, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6539, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6542, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6627, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6633, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6634, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6695, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6696, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6701, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6704, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6635, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6638, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6726, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6729, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6792, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6793, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6798, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6799, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6730, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6735, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6823, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6826, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6890, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1884, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5488, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 727, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 778, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 783, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 790, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 795, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1400, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1432, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2970, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 3069, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 3132, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5464, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5465, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5648, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5658, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5659, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1411, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2936, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5739, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5742, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 765, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 1410, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 2935, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5322, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5675, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5767, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5789, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5794, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5797, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5854, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5917, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5923, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5939, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5855, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5858, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5946, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5949, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6015, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6016, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6017, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5955, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 5958, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6042, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6045, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6046, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6107, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6108, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6113, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6116, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6047, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6050, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6138, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6141, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6205, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6208, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6209, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6145, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6148, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6234, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6235, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6236, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6299, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6300, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6307, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6308, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6239, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6242, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6330, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6333, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6394, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6395, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6400, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6401, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6334, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6337, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6425, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6428, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6492, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6494, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6495, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6499, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6500, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6432, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6435, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6533, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6534, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6535, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6536, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6599, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6600, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6605, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6608, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6611, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6612, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6630, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6539, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6542, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6627, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6633, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6634, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6695, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6696, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6701, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6704, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6635, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6638, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6726, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6729, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6792, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6793, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6798, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6799, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6730, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6735, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6823, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6826, result: successful Jump to behavior
Source: /tmp/Aqua.x86.elf (PID: 5487) SIGKILL sent: pid: 6890, result: successful Jump to behavior
Yara signature match
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: Aqua.x86.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5485.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engine Classification label: mal72.spre.troj.evad.linELF@0/181@120/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /usr/bin/dbus-daemon (PID: 5648) File: /proc/5648/mounts Jump to behavior
Source: /bin/fusermount (PID: 5663) File: /proc/5663/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5739) File: /proc/5739/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5923) File: /proc/5923/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6015) File: /proc/6015/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6017) File: /proc/6017/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6046) File: /proc/6046/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6107) File: /proc/6107/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6113) File: /proc/6113/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6205) File: /proc/6205/mounts
Source: /usr/bin/dbus-daemon (PID: 6209) File: /proc/6209/mounts
Source: /usr/bin/dbus-daemon (PID: 6236) File: /proc/6236/mounts
Source: /usr/bin/dbus-daemon (PID: 6300) File: /proc/6300/mounts
Source: /usr/bin/dbus-daemon (PID: 6307) File: /proc/6307/mounts
Source: /usr/bin/dbus-daemon (PID: 6395) File: /proc/6395/mounts
Source: /usr/bin/dbus-daemon (PID: 6400) File: /proc/6400/mounts
Source: /usr/bin/dbus-daemon (PID: 6492) File: /proc/6492/mounts
Source: /usr/bin/dbus-daemon (PID: 6494) File: /proc/6494/mounts
Source: /usr/bin/dbus-daemon (PID: 6500) File: /proc/6500/mounts
Source: /usr/bin/dbus-daemon (PID: 6535) File: /proc/6535/mounts
Source: /usr/bin/dbus-daemon (PID: 6599) File: /proc/6599/mounts
Source: /usr/bin/dbus-daemon (PID: 6608) File: /proc/6608/mounts
Source: /usr/bin/dbus-daemon (PID: 6630) File: /proc/6630/mounts
Source: /usr/bin/dbus-daemon (PID: 6695) File: /proc/6695/mounts
Source: /usr/bin/dbus-daemon (PID: 6701) File: /proc/6701/mounts
Source: /usr/bin/dbus-daemon (PID: 6793) File: /proc/6793/mounts
Source: /usr/bin/dbus-daemon (PID: 6798) File: /proc/6798/mounts
Source: /usr/bin/dbus-daemon (PID: 6890) File: /proc/6890/mounts
Source: /usr/bin/dbus-daemon (PID: 6891) File: /proc/6891/mounts
Creates hidden files and/or directories
Source: /usr/libexec/gsd-rfkill (PID: 5488) Directory: <invalid fd (9)>/.. Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5488) Directory: <invalid fd (8)>/.. Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5493) Directory: <invalid fd (10)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5675) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5675) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5675) File: /run/systemd/seats/.#seat0yQCJal Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:6517703V9fX Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:65255NrP6YU Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:65256TCNJNW Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:65263zqQdjV Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:65264X14TCT Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) File: /run/systemd/journal/streams/.#9:65265b6txsU Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5858) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5858) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5858) File: /run/systemd/seats/.#seat05yTqAa Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:66497NOPHVv Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:66498DSJ0sv Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:66499NJsWgw Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:665001fErJw Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:676205Itgku Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) File: /run/systemd/journal/streams/.#9:67628vKK5Et Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5958) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5958) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5958) File: /run/systemd/seats/.#seat0k80cvH Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) File: /run/systemd/journal/streams/.#9:67824PnWpzt Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) File: /run/systemd/journal/streams/.#9:67825XqyIYp Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) File: /run/systemd/journal/streams/.#9:67826j9rF0q Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) File: /run/systemd/journal/streams/.#9:67833C25nyp Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) File: /run/systemd/journal/streams/.#9:67854R1iYLt Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6050) Directory: <invalid fd (18)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6050) Directory: <invalid fd (17)>/.. Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6050) File: /run/systemd/seats/.#seat0ClvdYF Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:69127kZZW7O
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:691281hkk6Q
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:69129YHMuNR
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:69130RZanwP
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:69228IMfa4Q
Source: /lib/systemd/systemd-journald (PID: 6145) File: /run/systemd/journal/streams/.#9:69341fgDMJP
Source: /lib/systemd/systemd-logind (PID: 6148) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6148) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6148) File: /run/systemd/seats/.#seat0cIUog7
Source: /lib/systemd/systemd-journald (PID: 6239) File: /run/systemd/journal/streams/.#9:69878z5RbNV
Source: /lib/systemd/systemd-journald (PID: 6239) File: /run/systemd/journal/streams/.#9:69880UPXKsX
Source: /lib/systemd/systemd-journald (PID: 6239) File: /run/systemd/journal/streams/.#9:698872wSbuW
Source: /lib/systemd/systemd-journald (PID: 6239) File: /run/systemd/journal/streams/.#9:69888FaHcqW
Source: /lib/systemd/systemd-journald (PID: 6239) File: /run/systemd/journal/streams/.#9:69982VE4bXX
Source: /lib/systemd/systemd-logind (PID: 6242) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6242) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6242) File: /run/systemd/seats/.#seat0HMIdYc
Source: /lib/systemd/systemd-journald (PID: 6334) File: /run/systemd/journal/streams/.#9:71721KkTvG7
Source: /lib/systemd/systemd-journald (PID: 6334) File: /run/systemd/journal/streams/.#9:71722uANeH9
Source: /lib/systemd/systemd-journald (PID: 6334) File: /run/systemd/journal/streams/.#9:71729LQurGa
Source: /lib/systemd/systemd-journald (PID: 6334) File: /run/systemd/journal/streams/.#9:71730yfXl36
Source: /lib/systemd/systemd-journald (PID: 6334) File: /run/systemd/journal/streams/.#9:71818YgCC4a
Source: /lib/systemd/systemd-logind (PID: 6337) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6337) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6337) File: /run/systemd/seats/.#seat0tdTjjn
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72655xSTRQy
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72663xML6Sy
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72665KUddDz
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72666wRbWqx
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72667A4o7zA
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:726842z3KKA
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72686NxBNzw
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72694dc8foz
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:72830Wdfoxz
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:71160XpOnez
Source: /lib/systemd/systemd-journald (PID: 6432) File: /run/systemd/journal/streams/.#9:71161t1ozoy
Source: /lib/systemd/systemd-logind (PID: 6435) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6435) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6435) File: /run/systemd/seats/.#seat0wwmSrN
Source: /usr/lib/policykit-1/polkitd (PID: 6521) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74758puFohG
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74759ipmP9E
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74760AJirbF
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:747611ira6B
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74771143T1E
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74777Cwn7HD
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74783FAcifC
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74784H1I3NE
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74785T6bm7F
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74786RNrnAD
Source: /lib/systemd/systemd-journald (PID: 6539) File: /run/systemd/journal/streams/.#9:74826nvXmVE
Source: /lib/systemd/systemd-logind (PID: 6542) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6542) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6542) File: /run/systemd/seats/.#seat0PMZZnT
Source: /usr/lib/policykit-1/polkitd (PID: 6623) Directory: /root/.cache
Source: /lib/systemd/systemd-journald (PID: 6635) File: /run/systemd/journal/streams/.#9:74138xx4wAS
Source: /lib/systemd/systemd-journald (PID: 6635) File: /run/systemd/journal/streams/.#9:74139P82htU
Source: /lib/systemd/systemd-journald (PID: 6635) File: /run/systemd/journal/streams/.#9:74140lictLT
Source: /lib/systemd/systemd-journald (PID: 6635) File: /run/systemd/journal/streams/.#9:74147l2ErfW
Source: /lib/systemd/systemd-journald (PID: 6635) File: /run/systemd/journal/streams/.#9:74164IQUeFW
Source: /lib/systemd/systemd-logind (PID: 6638) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6638) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6638) File: /run/systemd/seats/.#seat00kEfT7
Source: /lib/systemd/systemd-journald (PID: 6730) File: /run/systemd/journal/streams/.#9:76220dHteX7
Source: /lib/systemd/systemd-journald (PID: 6730) File: /run/systemd/journal/streams/.#9:762211yuJs3
Source: /lib/systemd/systemd-journald (PID: 6730) File: /run/systemd/journal/streams/.#9:76228C8aob4
Source: /lib/systemd/systemd-journald (PID: 6730) File: /run/systemd/journal/streams/.#9:76229uqMMM5
Source: /lib/systemd/systemd-journald (PID: 6730) File: /run/systemd/journal/streams/.#9:76322ptQNQ3
Source: /lib/systemd/systemd-logind (PID: 6735) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6735) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6735) File: /run/systemd/seats/.#seat0lnToar
Source: /lib/systemd/systemd-journald (PID: 6830) File: /run/systemd/journal/streams/.#9:76969jlTtkD
Source: /lib/systemd/systemd-journald (PID: 6830) File: /run/systemd/journal/streams/.#9:769703YCsDF
Source: /lib/systemd/systemd-journald (PID: 6830) File: /run/systemd/journal/streams/.#9:76971xhQKTG
Source: /lib/systemd/systemd-journald (PID: 6830) File: /run/systemd/journal/streams/.#9:76972oeJ34D
Source: /lib/systemd/systemd-journald (PID: 6830) File: /run/systemd/journal/streams/.#9:77066uuGU1D
Source: /lib/systemd/systemd-logind (PID: 6833) Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6833) Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6833) File: /run/systemd/seats/.#seat0JL5JoT
Enumerates processes within the "proc" file system
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/6230/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/6230/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/6231/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/6231/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/238/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/238/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/239/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/239/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/19/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/19/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/240/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/240/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/241/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/241/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/242/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/242/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/244/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/244/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/245/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/245/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/246/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/246/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/5/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/5/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/247/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/247/cmdline
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/127/status
Source: /usr/bin/pkill (PID: 6231) File opened: /proc/127/cmdline
Executes commands using a shell command-line interpreter
Source: /usr/bin/gpu-manager (PID: 5747) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5749) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5751) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5753) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5755) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5757) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5759) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5761) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5920) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5924) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5926) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5928) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5930) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5932) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5934) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5936) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6019) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6024) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6026) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6028) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6030) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6032) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6034) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6036) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6114) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6117) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6119) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6126) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6128) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6130) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6132) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6134) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6211) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6216) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6218) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6220) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6222) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6224) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6226) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6228) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6305) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6309) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6314) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6316) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6318) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6320) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6322) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6324) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6402) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6406) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6409) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6411) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6413) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6417) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6419) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6421) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6501) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6506) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6508) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6510) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6512) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6514) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6517) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6522) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6606) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6609) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6702) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6707) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6709) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6714) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6716) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6718) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6720) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6722) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6800) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6805) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6807) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6809) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6811) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6813) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6815) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6817) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6894) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6899) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6901) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6903) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6905) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6909) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6911) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6913) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/sh (PID: 5748) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5750) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5752) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5754) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5756) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5758) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5760) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5762) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5922) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5925) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5927) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5929) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5931) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5933) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5935) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5937) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6020) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6025) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6027) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6029) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6031) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6033) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6035) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6039) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6115) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6118) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6123) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6127) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6129) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6131) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6133) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 6135) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 6212) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6217) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6219) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6221) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6223) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6225) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6227) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6229) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6306) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6310) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6315) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6317) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6319) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6321) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6323) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6325) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6403) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6408) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6410) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6412) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6414) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6418) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6420) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6422) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6502) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6507) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6509) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6511) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6513) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6515) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6518) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6523) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6607) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6610) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6703) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6708) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6713) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6715) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6717) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6719) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6721) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6723) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6801) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6806) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6808) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6810) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6812) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6814) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6816) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6818) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6895) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6900) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6902) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6904) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6906) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6910) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6912) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6914) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Executes the "kill" or "pkill" command typically used to terminate processes
Source: /usr/share/gdm/generate-config (PID: 5764) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5940) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6041) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6137) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6231) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6327) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6424) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6530) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6614) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6725) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6822) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6916) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Reads system information from the proc file system
Source: /lib/systemd/systemd-journald (PID: 5794) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) Reads from proc file: /proc/meminfo Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6145) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6239) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6334) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6432) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6539) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6635) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6730) Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6830) Reads from proc file: /proc/meminfo
Source: /usr/sbin/rsyslogd (PID: 5658) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5658) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5742) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5742) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5746) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5789) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5854) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5939) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5939) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 5949) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6016) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6016) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6018) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6108) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6112) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6116) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6116) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6141) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6208) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6208) Log file created: /var/log/auth.log
Source: /usr/bin/gpu-manager (PID: 6210) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6299) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6304) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6308) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6308) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6394) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6399) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6401) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6401) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6428) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6498) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6499) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6499) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6600) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6612) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6612) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6696) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6700) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6704) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6704) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6792) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6797) Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6799) Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6799) Log file created: /var/log/auth.log
Source: /usr/sbin/rsyslogd (PID: 6826) Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6892) Log file created: /var/log/gpu-manager.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6893) Log file created: /var/log/kern.log Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6893) Log file created: /var/log/auth.log Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/Aqua.x86.elf (PID: 5486) File: /tmp/Aqua.x86.elf Jump to behavior
Deletes log files
Source: /usr/bin/gpu-manager (PID: 5746) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5917) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6018) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6112) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6210) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6304) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6399) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6498) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6605) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6700) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6797) Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6892) Truncated file: /var/log/gpu-manager.log
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5764) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5940) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6041) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 6137) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6231) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6327) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6424) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6495) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6530) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6611) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6614) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6725) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6822) Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6916) Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /lib/systemd/systemd-hostnamed (PID: 5493) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5658) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5742) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5746) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5789) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5794) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5854) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5855) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5917) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5939) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5949) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5955) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6016) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6018) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6045) Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6047) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6108) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6112) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6116) Queries kernel information via 'uname': Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6141) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6145) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6208) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6210) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6235) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6239) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6299) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6304) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6308) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6334) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6394) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6399) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6401) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6428) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6432) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6495) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6498) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6499) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6534) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6539) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6600) Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6611) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6612) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6634) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6635) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6696) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6700) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6704) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6730) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6792) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6797) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6799) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6826) Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6830) Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6892) Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6893) Queries kernel information via 'uname':
Source: kern.log.43.dr Binary or memory string: Dec 25 10:47:43 galassia kernel: [ 128.498376] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Source: kern.log.43.dr Binary or memory string: Dec 25 10:47:43 galassia kernel: [ 128.498351] Modules linked in: monitor(OE) md4 cmac cifs libarc4 fscache libdes vmw_vsock_vmci_transport vsock binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua vmw_balloon joydev input_leds serio_raw vmw_vmci sch_fq_codel parport_pc ppdev lp drm parport ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper psmouse mptspi scsi_transport_spi ahci mptscsih libahci mptbase vmxnet3

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
89.190.156.145
 unknown United Kingdom
7489 HOSTUS-GLOBAL-ASHostUSHK false

Contacted Domains

Name IP Active
45.148.10.84 unknown unknown