Create Interactive Tour

Linux Analysis Report
sh4.elf

Overview

General Information

Sample name:	sh4.elf
Analysis ID:	1648238
MD5:	19b061c750e329b9a64af04f4f551374
SHA1:	b580e646101b4ecc59d2c32a6abd3fcfdfb55093
SHA256:	ff5e93ab91c246bdb6a6c2a7a38316a94e140212cd1a259ceb116d6d4d944933
Tags:	elfuser-abuse_ch
Infos:

Detection

Gafgyt, Okiru

Score:	92
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample tries to kill a massive number of system processes

Yara detected Gafgyt

Yara detected Okiru

Reads system files that contain records of logged in users

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Found strings indicative of a multi-platform dropper

HTTP GET or POST without a user agent

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648238
Start date and time:	2025-03-25 17:17:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	sh4.elf
Detection:	MAL
Classification:	mal92.spre.troj.linELF@0/44@3/0

Warnings

Connection to analysis system has been lost, crash info: Unknown
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Runtime Messages

Command:	/tmp/sh4.elf
PID:	6222
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Connected To CNC
Standard Error:

Process Tree

system is lnxubuntu20

sh4.elf (PID: 6222, Parent: 6137, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/sh4.elf

sh4.elf New Fork (PID: 6224, Parent: 6222)

sh4.elf New Fork (PID: 6225, Parent: 6222)

sh4.elf New Fork (PID: 6227, Parent: 6222)

sh4.elf New Fork (PID: 6230, Parent: 6227)

sh4.elf New Fork (PID: 6233, Parent: 6227)

sh4.elf New Fork (PID: 6238, Parent: 6227)

sh4.elf New Fork (PID: 6241, Parent: 6227)

sh4.elf New Fork (PID: 6243, Parent: 6227)

systemd New Fork (PID: 6246, Parent: 1)

journalctl (PID: 6246, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6266, Parent: 1)

dbus-daemon (PID: 6266, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6280, Parent: 1860)

pulseaudio (PID: 6280, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6281, Parent: 1)

rsyslogd (PID: 6281, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gvfsd-fuse New Fork (PID: 6282, Parent: 2038)

fusermount (PID: 6282, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 6285, Parent: 1)

systemd-journald (PID: 6285, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6289, Parent: 1)

dbus-daemon (PID: 6289, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6290, Parent: 1)

rsyslogd (PID: 6290, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gdm3 New Fork (PID: 6298, Parent: 1320)

Default (PID: 6298, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6299, Parent: 1320)

Default (PID: 6299, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6300, Parent: 1320)

Default (PID: 6300, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6304, Parent: 1)

systemd-logind (PID: 6304, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind

systemd New Fork (PID: 6362, Parent: 1)

gpu-manager (PID: 6362, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6363, Parent: 6362)

sh (PID: 6363, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6364, Parent: 6363)

grep (PID: 6364, Parent: 6363, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6367, Parent: 6362)

sh (PID: 6367, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6368, Parent: 6367)

grep (PID: 6368, Parent: 6367, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6369, Parent: 6362)

sh (PID: 6369, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6370, Parent: 6369)

grep (PID: 6370, Parent: 6369, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6371, Parent: 6362)

sh (PID: 6371, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6372, Parent: 6371)

grep (PID: 6372, Parent: 6371, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6375, Parent: 6362)

sh (PID: 6375, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6376, Parent: 6375)

grep (PID: 6376, Parent: 6375, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6377, Parent: 6362)

sh (PID: 6377, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6378, Parent: 6377)

grep (PID: 6378, Parent: 6377, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

gpu-manager New Fork (PID: 6379, Parent: 6362)

sh (PID: 6379, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6380, Parent: 6379)

grep (PID: 6380, Parent: 6379, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

gpu-manager New Fork (PID: 6381, Parent: 6362)

sh (PID: 6381, Parent: 6362, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf"

sh New Fork (PID: 6382, Parent: 6381)

grep (PID: 6382, Parent: 6381, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf

systemd New Fork (PID: 6366, Parent: 1)

agetty (PID: 6366, Parent: 1, MD5: 3a374724ba7e863768139bdd60ca36f7) Arguments: /sbin/agetty -o "-p -- \\u" --noclear tty2 linux

systemd New Fork (PID: 6383, Parent: 1)

generate-config (PID: 6383, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6384, Parent: 6383)

pkill (PID: 6384, Parent: 6383, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6385, Parent: 1)

journalctl (PID: 6385, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush

systemd New Fork (PID: 6391, Parent: 1)

gdm-wait-for-drm (PID: 6391, Parent: 1, MD5: 82043ba752c6930b4e6aaea2f7747545) Arguments: /usr/lib/gdm3/gdm-wait-for-drm

systemd New Fork (PID: 6396, Parent: 1)

gdm3 (PID: 6396, Parent: 1, MD5: 2492e2d8d34f9377e3e530a61a15674f) Arguments: /usr/sbin/gdm3

gdm3 New Fork (PID: 6399, Parent: 6396)

plymouth (PID: 6399, Parent: 6396, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: plymouth --ping

gdm3 New Fork (PID: 6413, Parent: 6396)

gdm-session-worker (PID: 6413, Parent: 6396, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"

gdm-session-worker New Fork (PID: 6419, Parent: 6413)

gdm-wayland-session (PID: 6419, Parent: 6413, MD5: d3def63cf1e83f7fb8a0f13b1744ff7c) Arguments: /usr/lib/gdm3/gdm-wayland-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"

gdm-wayland-session New Fork (PID: 6421, Parent: 6419)

dbus-daemon (PID: 6421, Parent: 6419, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 3 --session

dbus-daemon New Fork (PID: 6423, Parent: 6421)

dbus-daemon New Fork (PID: 6424, Parent: 6423)

false (PID: 6424, Parent: 6423, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false

gdm-wayland-session New Fork (PID: 6425, Parent: 6419)

dbus-run-session (PID: 6425, Parent: 6419, MD5: 245f3ef6a268850b33b0225a8753b7f4) Arguments: dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart

dbus-run-session New Fork (PID: 6426, Parent: 6425)

dbus-daemon (PID: 6426, Parent: 6425, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --nofork --print-address 4 --session

gdm3 New Fork (PID: 6427, Parent: 6396)

Default (PID: 6427, Parent: 6396, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6428, Parent: 6396)

Default (PID: 6428, Parent: 6396, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6400, Parent: 1)

accounts-daemon (PID: 6400, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon

accounts-daemon New Fork (PID: 6404, Parent: 6400)

language-validate (PID: 6404, Parent: 6400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8

language-validate New Fork (PID: 6405, Parent: 6404)

language-options (PID: 6405, Parent: 6404, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options

language-options New Fork (PID: 6406, Parent: 6405)

sh (PID: 6406, Parent: 6405, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "

sh New Fork (PID: 6407, Parent: 6406)

locale (PID: 6407, Parent: 6406, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a

sh New Fork (PID: 6408, Parent: 6406)

grep (PID: 6408, Parent: 6406, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8

systemd New Fork (PID: 6409, Parent: 1)

polkitd (PID: 6409, Parent: 1, MD5: 8efc9b4b5b524210ad2ea1954a9d0e69) Arguments: /usr/lib/policykit-1/polkitd --no-debug

systemd New Fork (PID: 6454, Parent: 1860)

dbus-daemon (PID: 6454, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6455, Parent: 1860)

pulseaudio (PID: 6455, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 6456, Parent: 1)

rtkit-daemon (PID: 6456, Parent: 1, MD5: df0cacf1db4ec95ac70f5b6e06b8ffd7) Arguments: /usr/libexec/rtkit-daemon

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Bashlite, Gafgyt	Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.	No Attribution	http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ https://blog.cyber5w.com/gafgyt-backdoor-analysis https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/ https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/ https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
sh4.elf	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
sh4.elf	JoeSecurity_Okiru	Yara detected Okiru	Joe Security

Memory Dumps

Source	Rule	Description	Author
6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Gafgyt	Yara detected Gafgyt	Joe Security
6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6222	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6224	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6225	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6227	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6230	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6233	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6238	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6241	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: sh4.elf PID: 6243	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Click to see the 22 entries

String: lbyte/proc/%d/net/tcp %*d: %*x:%x/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpftpcurlbusybox/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0GbA1onry0v03FortniteDownLOLZY0urM0mGaypussyfartlmaojkGrAcEnIgGeRaNnYvdGkqndCOqGeoRBe6BEGuiltyCrownZEuS69s4beBsEQhdHOHO-KSNDOZEuz69sat1234aj93hJ23scanHAalie293z0k2LscanJoshoARMHellInSideayyyGangShitscanJoshoARM5HighFryb1glscanJoshoARM6IWhPyucDbJboatnetzscanJoshoARM7IuYgujeIqnbtbatrtahzexsexscanJoshoM68KJJDUHEWBBBIBscanJoshoMIPSJSDGIEVIVAVIGcKbVkzGOPascanJoshoMPSLccADscanJoshoPPCKAZEN-OIU97chickenxingsscanJoshoSH4yakuskzm8KAZEN-PO78HcleanerscanJoshoSPCKAZEN-U79OLdbeefscanJoshoX86yakuz4c24KETASHI32ddrwelperscanarm5zPnr6HpQj2Kaishi-Iz90Ydeexecscanarm6zdrtfxcgyKatrina32doCP3fVjscanarm7zxcfhuioKsif91je39scanm68kKuasadvrhelperl33t_feetl33tl33tfeetscanmipsKuasaBinsMateeQnOhRk85rscanmpslLOLHHHOHOHBUIeXK20CL12ZnyamezyQBotBladeSPOOKYhikariwasherep4029x91xx32uhj4gbejhwizardzhra.outboatnetdbgcondiheroshimaskid.dbglzrdPownedSecurity69.aresfxlyazsxhyUNSTABLEunstable_is_the_story_of_the_universemoobotjnsd9sdoilayourmomgaeissdfjiougsiojOasisSEGRJIJHFVNHSNHEIHFOSapep999KOWAI-BAdAsVKOWAI-SADjHKipU7Ylairdropmalwareyour_verry_fucking_gayBig-Bro-Brightsefaexecshirololieagle.For-Gai-Mezy0x6axNLcloqkisvspookymythSwergjmioGKILLEJW(IU(JIWERGFJGJWJRGHetrhwewrtheIuFdKssCxzjSDFJIjioOnrYoXd666ewrtkjokethajbdf89wu823AAaasrdgsWsGA4@F6FGhostWuzHere666BOGOMIPSbeastmodedvrHelperbestmodesfc6aJfIuYDemon.xeno-is-godICY-P-0ODIJgSHUIHIfhwrgLhu87VhvQPzlunadakuexecbinTacoBellGodYololigangExecutionorbitclientAmne

Source: global traffic

TCP traffic: 192.168.2.23:40002 -> 196.251.83.185:777

Source: global traffic

HTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue

Source: /usr/sbin/rsyslogd (PID: 6281)	Reads hosts file: /etc/hosts			Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6290)	Reads hosts file: /etc/hosts			Jump to behavior

Source: /lib/systemd/systemd-journald (PID: 6285)	Socket: unknown address family	Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6396)	Socket: unknown address family	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6421)	Socket: unknown address family	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 223.149.193.76
Source: unknown	TCP traffic detected without corresponding DNS query: 197.145.41.113
Source: unknown	TCP traffic detected without corresponding DNS query: 54.224.187.133
Source: unknown	TCP traffic detected without corresponding DNS query: 126.137.122.45
Source: unknown	TCP traffic detected without corresponding DNS query: 136.176.177.192
Source: unknown	TCP traffic detected without corresponding DNS query: 219.44.40.157
Source: unknown	TCP traffic detected without corresponding DNS query: 165.104.134.34
Source: unknown	TCP traffic detected without corresponding DNS query: 90.20.209.153
Source: unknown	TCP traffic detected without corresponding DNS query: 97.203.102.18
Source: unknown	TCP traffic detected without corresponding DNS query: 105.76.41.91
Source: unknown	TCP traffic detected without corresponding DNS query: 203.141.98.222
Source: unknown	TCP traffic detected without corresponding DNS query: 64.226.39.250
Source: unknown	TCP traffic detected without corresponding DNS query: 163.29.242.218
Source: unknown	TCP traffic detected without corresponding DNS query: 117.84.12.33
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.113.117
Source: unknown	TCP traffic detected without corresponding DNS query: 32.40.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 185.63.171.50
Source: unknown	TCP traffic detected without corresponding DNS query: 117.196.150.45
Source: unknown	TCP traffic detected without corresponding DNS query: 117.250.250.171
Source: unknown	TCP traffic detected without corresponding DNS query: 118.97.91.215
Source: unknown	TCP traffic detected without corresponding DNS query: 109.128.42.81
Source: unknown	TCP traffic detected without corresponding DNS query: 58.88.154.58
Source: unknown	TCP traffic detected without corresponding DNS query: 125.235.112.16
Source: unknown	TCP traffic detected without corresponding DNS query: 87.58.106.237
Source: unknown	TCP traffic detected without corresponding DNS query: 156.69.78.102
Source: unknown	TCP traffic detected without corresponding DNS query: 191.78.72.254
Source: unknown	TCP traffic detected without corresponding DNS query: 126.128.89.111
Source: unknown	TCP traffic detected without corresponding DNS query: 66.135.14.30
Source: unknown	TCP traffic detected without corresponding DNS query: 35.177.1.119
Source: unknown	TCP traffic detected without corresponding DNS query: 43.214.172.174
Source: unknown	TCP traffic detected without corresponding DNS query: 114.98.19.47
Source: unknown	TCP traffic detected without corresponding DNS query: 87.47.29.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.44.120.193
Source: unknown	TCP traffic detected without corresponding DNS query: 176.245.246.114
Source: unknown	TCP traffic detected without corresponding DNS query: 48.24.22.57
Source: unknown	TCP traffic detected without corresponding DNS query: 63.137.82.70
Source: unknown	TCP traffic detected without corresponding DNS query: 150.103.141.132
Source: unknown	TCP traffic detected without corresponding DNS query: 65.217.149.41
Source: unknown	TCP traffic detected without corresponding DNS query: 65.242.28.111
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.21.234
Source: unknown	TCP traffic detected without corresponding DNS query: 35.71.198.80
Source: unknown	TCP traffic detected without corresponding DNS query: 143.133.75.233
Source: unknown	TCP traffic detected without corresponding DNS query: 39.133.124.125
Source: unknown	TCP traffic detected without corresponding DNS query: 131.213.101.86
Source: unknown	TCP traffic detected without corresponding DNS query: 120.245.107.217
Source: unknown	TCP traffic detected without corresponding DNS query: 178.8.216.128
Source: unknown	TCP traffic detected without corresponding DNS query: 113.139.125.246
Source: unknown	TCP traffic detected without corresponding DNS query: 105.186.160.71
Source: unknown	TCP traffic detected without corresponding DNS query: 191.45.15.25
Source: unknown	TCP traffic detected without corresponding DNS query: 105.248.16.226

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: unknown

Source: syslog.40.dr

String found in binary or memory: https://www.rsyslog.com

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37600
Source: unknown	Network traffic detected: HTTP traffic on port 37600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample tries to kill a massive number of system processes

Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 491, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 721, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 774, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 785, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 793, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent to PID below 1000: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 721, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 774, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 785, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 793, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 2, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 3, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 4, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 6, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 9, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 10, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 11, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 12, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 13, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 14, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 15, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 16, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 17, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 18, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 20, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 21, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 22, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 23, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 24, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 25, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 26, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 27, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 28, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 29, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 30, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 35, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 77, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 78, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 79, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 80, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 81, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 82, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 83, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 84, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 85, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 88, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 89, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 91, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 92, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 93, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 94, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 95, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 96, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 97, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 98, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 99, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 100, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 101, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 102, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 103, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 104, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 105, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 106, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 107, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 108, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 109, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 110, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 111, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 112, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 113, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 114, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 115, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 116, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 117, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 118, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 119, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 120, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 121, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 122, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 123, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 124, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 125, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 126, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 127, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 128, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 130, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 132, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 141, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 144, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 157, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 201, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 202, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 203, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 204, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 205, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 206, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 207, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 208, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 209, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 210, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 211, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 212, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 213, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 214, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 215, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 216, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 217, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 218, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 219, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 220, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 221, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 222, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 223, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 224, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 225, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 226, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 228, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 229, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 230, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 231, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 232, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 233, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 234, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 235, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 236, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 237, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 243, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 248, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 249, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 250, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 251, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 252, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 253, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 254, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 255, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 256, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 257, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 258, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 259, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 260, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 261, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 262, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 263, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 264, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 265, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 266, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 267, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 269, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 270, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 272, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 274, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 278, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 281, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 286, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 322, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 324, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 326, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 327, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 328, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 333, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 346, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 379, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 419, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 420, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 517, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 654, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 655, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 656, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 657, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 667, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 670, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 674, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 675, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 676, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent to PID below 1000: pid: 677, result: successful	Jump to behavior

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 774, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6199, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6200, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 721, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 785, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 793, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1344, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1476, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4501, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6199, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6200, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6224, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6238, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6241, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6243, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6246, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 517, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 654, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 655, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 656, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 657, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1601, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2014, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2302, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4448, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4469, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4479, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6159, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6166, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6230, result: unknown	Jump to behavior

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: busyboxxx
Source: Initial sample	String containing 'busybox' found: busyboxx
Source: Initial sample	String containing 'busybox' found: lbyte/proc/%d/net/tcp %d: %x:%x/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpftpcurlbusybox/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 774, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6199, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6200, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6224)	SIGKILL sent: pid: 6227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 721, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 785, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 793, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1344, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1476, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4501, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6048, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6199, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6200, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6224, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6238, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6241, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6243, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6246, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6279, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6280, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 9, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 10, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 11, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 12, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 13, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 14, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 15, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 16, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 17, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 18, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 20, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 21, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 22, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 23, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 24, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 25, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 26, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 27, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 28, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 29, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 30, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 35, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 77, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 78, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 79, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 80, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 81, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 82, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 83, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 84, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 85, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 88, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 89, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 91, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 92, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 93, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 94, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 95, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 96, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 97, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 98, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 99, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 100, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 101, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 102, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 103, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 104, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 105, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 106, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 107, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 108, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 109, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 110, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 111, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 112, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 113, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 114, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 115, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 116, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 117, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 118, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 119, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 120, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 121, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 122, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 123, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 124, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 125, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 126, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 127, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 128, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 130, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 132, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 141, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 144, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 157, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 201, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 202, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 203, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 204, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 205, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 206, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 207, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 208, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 209, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 210, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 211, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 212, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 213, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 214, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 215, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 216, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 217, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 218, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 219, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 220, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 221, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 222, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 223, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 224, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 225, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 226, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 228, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 229, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 230, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 231, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 232, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 233, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 234, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 235, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 236, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 237, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 243, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 248, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 249, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 250, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 251, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 252, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 253, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 254, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 255, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 256, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 257, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 258, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 259, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 260, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 261, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 262, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 263, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 264, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 265, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 266, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 267, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 269, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 270, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 272, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 274, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 278, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 281, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 286, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 322, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 324, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 326, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 327, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 328, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 333, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 346, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 379, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 419, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 420, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 517, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 654, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 655, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 656, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 657, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 667, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 670, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 674, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 675, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 676, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 677, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1207, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 1601, result: no such process	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2014, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2302, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2746, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2749, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2761, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 2882, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3021, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 3088, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4445, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4446, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4447, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4448, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4469, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4479, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 4482, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6159, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6166, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6227, result: successful	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	SIGKILL sent: pid: 6230, result: unknown	Jump to behavior

Source: classification engine

Classification label: mal92.spre.troj.linELF@0/44@3/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 6266)	File: /proc/6266/mounts	Jump to behavior
Source: /bin/fusermount (PID: 6282)	File: /proc/6282/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6289)	File: /proc/6289/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6421)	File: /proc/6421/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6426)	File: /proc/6426/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 6454)	File: /proc/6454/mounts	Jump to behavior

Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76653Agh7Ns	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:767255fITKr	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76729pXYthp	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76730tRa9rt	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76731112nGr	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76738GPQZds	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76739Nl1sRs	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76748Uwfbqs	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76749vyZEXs	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76750hjSAhp	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76751jdcSkp	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:767858KAx7q	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:76793aJwPqr	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77910oFR6ht	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77924hUWoNs	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77944BdsO6r	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77945kXqIvr	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77961fY5Xgq	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77962JRWfos	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77258gagwIq	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77301iKawct	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	File: /run/systemd/journal/streams/.#9:77418pfhNpq	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/seats/.#seat0gYi6SR	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/users/.#127G8yjOU	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/users/.#127Am0QLQ	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/seats/.#seat0hAzI7Q	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/users/.#127wQrYsR	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/users/.#127kZ0o4S	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 6304)	File: /run/systemd/users/.#1270NbT3T	Jump to behavior
Source: /usr/lib/gdm3/gdm-wayland-session (PID: 6419)	Directory: /var/lib/gdm3/.cache	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6400)	Directory: /var/lib/gdm3/.pam_environment	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6400)	Directory: /root/.cache	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 6409)	Directory: /root/.cache	Jump to behavior

Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1335/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1334/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6227/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6241/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6243/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6246/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1344/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6238/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1476/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/379/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/4501/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/936/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/30/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/2208/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/35/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6266/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1809/net/tcp	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/1809/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/260/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/261/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/141/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/262/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/263/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/264/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/144/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/265/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/266/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/267/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/269/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6159/cmdline	Jump to behavior
Source: /tmp/sh4.elf (PID: 6230)	File opened: /proc/6279/net/tcp	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6363)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6367)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6369)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6371)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6375)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6377)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6379)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6381)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 6406)	Shell command executed: sh -c "locale -a \| grep -F .utf8 "	Jump to behavior

Source: /bin/sh (PID: 6364)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6368)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6370)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6372)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6376)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6378)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6380)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 6382)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 6408)	Grep executable: /usr/bin/grep -> grep -F .utf8	Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 6384)

Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Jump to behavior

Source: /lib/systemd/systemd-journald (PID: 6285)

Reads from proc file: /proc/meminfo

Jump to behavior

Source: /sbin/agetty (PID: 6366)

Reads version info: /etc/issue

Jump to behavior

Source: /usr/sbin/gdm3 (PID: 6396)	File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/sbin/gdm3 (PID: 6396)	File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx)	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6400)	File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)	Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 6400)	File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)	Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 6290)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 6290)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 6362)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Source: /usr/bin/gpu-manager (PID: 6362)

Truncated file: /var/log/gpu-manager.log

Jump to behavior

Source: /usr/bin/pkill (PID: 6384)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6455)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: /tmp/sh4.elf (PID: 6222)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6281)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 6285)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 6290)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6362)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 6366)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/gdm3/gdm-session-worker (PID: 6413)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 6455)	Queries kernel information via 'uname':	Jump to behavior

Source: sh4.elf, 6222.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6224.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6225.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6227.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6230.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6233.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6238.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6241.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6243.1.00005625ecdd2000.00005625ece35000.rw-.sdmp	Binary or memory string: %V5!/etc/qemu-binfmt/sh4
Source: sh4.elf, 6230.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.6QYdDh
Source: sh4.elf, 6222.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6224.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6225.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6227.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6230.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6233.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6238.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6241.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6243.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: sh4.elf, 6230.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp	Binary or memory string: %V/tmp/qemu-open.6QYdDh
Source: sh4.elf, 6222.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6224.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6225.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6227.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6230.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6233.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6238.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6241.1.00005625ecdd2000.00005625ece35000.rw-.sdmp, sh4.elf, 6243.1.00005625ecdd2000.00005625ece35000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: sh4.elf, 6222.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6224.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6225.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6227.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6230.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6233.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6238.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6241.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp, sh4.elf, 6243.1.00007ffd45f64000.00007ffd45f85000.rw-.sdmp	Binary or memory string: Fx86_64/usr/bin/qemu-sh4/tmp/sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sh4.elf

Language, Device and Operating System Detection

Reads system files that contain records of logged in users

Source: /usr/lib/accountsservice/accounts-daemon (PID: 6400)

Logged in records file read: /var/log/wtmp

Jump to behavior

Stealing of Sensitive Information

Yara detected Gafgyt

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY

Yara detected Okiru

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6222, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6224, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6225, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6227, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6230, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6243, type: MEMORYSTR

Remote Access Functionality

Yara detected Gafgyt

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY

Yara detected Okiru

Source: Yara match	File source: sh4.elf, type: SAMPLE
Source: Yara match	File source: 6241.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6233.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6227.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6230.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6225.1.00007fed84400000.00007fed8441b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6222, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6224, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6225, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6227, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6230, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sh4.elf PID: 6243, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	2 Scripting	Path Interception	1 File and Directory Permissions Modification	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	2 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 System Owner/User Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	11 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Indicator Removal	NTDS	3 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
sh4.elf	55%	Virustotal		Browse
sh4.elf	50%	ReversingLabs	Linux.Trojan.Mirai
sh4.elf	100%	Avira	EXP/ELF.Mirai.Bootnet.o

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.rsyslog.com	syslog.40.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
129.221.239.208	unknown	United States	24126	UNISYS-AP-UI-AS-APUnisysAsiaPacIntranetAccesstoInterne	false
91.82.11.185	unknown	Hungary	12301	INVITECHHU	false
132.203.17.76	unknown	Canada	36786	UNIVERSITE-LAVALCA	false
106.155.180.92	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
41.126.120.112	unknown	South Africa	16637	MTNNS-ASZA	false
107.115.77.86	unknown	United States	7018	ATT-INTERNET4US	false
153.130.35.9	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
190.195.213.32	unknown	Argentina	10481	TelecomArgentinaSAAR	false
111.144.109.0	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
75.152.62.80	unknown	Canada	852	ASN852CA	false
141.90.244.60	unknown	Germany	29515	HZD-ASMainzerStr29DE	false
160.84.61.205	unknown	United States	137	ASGARRConsortiumGARREU	false
209.128.76.255	unknown	United States	7151	BAYAREA-ASUS	false
95.92.22.130	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
137.107.25.230	unknown	United States	3128	BRUWS-AS3128US	false
208.98.37.73	unknown	United States	46844	ST-BGPUS	false
182.119.138.92	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
1.138.16.34	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
150.89.101.62	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
99.68.230.135	unknown	United States	7018	ATT-INTERNET4US	false
202.73.139.160	unknown	Japan	23828	CHERRY-NETMisakiTownJP	false
196.251.192.24	unknown	South Africa	37403	INFOGROZA	false
89.107.15.207	unknown	unknown	42455	WI-MANX-ASGB	false
108.35.70.26	unknown	United States	701	UUNETUS	false
174.187.96.42	unknown	United States	7922	COMCAST-7922US	false
128.100.86.143	unknown	Canada	239	UTORONTO-ASCA	false
107.246.248.11	unknown	United States	7018	ATT-INTERNET4US	false
88.166.139.16	unknown	France	12322	PROXADFR	false
193.91.231.39	unknown	Norway	2116	ASN-CATCHCOMNO	false
175.81.101.141	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
39.97.187.30	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
17.27.211.117	unknown	United States	714	APPLE-ENGINEERINGUS	false
85.20.64.65	unknown	Italy	8968	BT-ITALIAIT	false
194.120.138.11	unknown	Germany	1136	KPNKPNNationalEU	false
113.250.104.115	unknown	China	134420	CHINATELECOM-CHONGQING-IDCChongqingTelecomCN	false
131.34.151.250	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
116.8.185.245	unknown	China	4809	CHINATELECOM-CORE-WAN-CN2ChinaTelecomNextGenerationCarr	false
78.20.168.21	unknown	Belgium	6848	TELENET-ASBE	false
109.187.228.64	unknown	Russian Federation	28812	JSCBIS-ASRU	false
42.108.5.227	unknown	India	38266	VODAFONE-INVodafoneIndiaLtdIN	false
53.114.204.241	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
42.94.250.55	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
217.146.239.27	unknown	France	16363	AXIALYSFR	false
121.181.53.117	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
164.233.177.207	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
150.245.46.186	unknown	United States	766	REDIRISRedIRISAutonomousSystemES	false
160.204.125.182	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
5.54.88.51	unknown	Greece	3329	HOL-GRAthensGreeceGR	false
141.94.153.78	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
175.58.197.186	unknown	China	134810	CMNET-JILIN-AS-APChinaMobileGroupJiLincommunicationsco	false
77.245.30.132	unknown	Switzerland	31424	NEXELLENT-ASAS31424isoperatedbyCH	false
176.12.87.26	unknown	Spain	197829	GOBIERNO-DE-NAVARRAES	false
25.124.81.179	unknown	United Kingdom	7922	COMCAST-7922US	false
104.245.174.59	unknown	United States	33084	DC-NETUS	false
25.17.252.30	unknown	United Kingdom	7922	COMCAST-7922US	false
211.128.171.254	unknown	Japan	2510	INFOWEBFUJITSULIMITEDJP	false
94.89.152.23	unknown	Italy	3269	ASN-IBSNAZIT	false
46.73.121.135	unknown	Russian Federation	12714	TI-ASMoscowRussiaRU	false
190.105.124.253	unknown	Argentina	27984	VerTvSAAR	false
166.23.173.81	unknown	United States	7834	L3HARRIS-TECHNOLOGIESUS	false
80.141.46.93	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
39.191.242.192	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
1.240.70.67	unknown	Korea Republic of	38415	GOEGN-AS-KRGuriNamyangjuOfficeOfEducationKR	false
178.35.100.250	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
74.143.21.129	unknown	United States	10796	TWC-10796-MIDWESTUS	false
208.98.37.68	unknown	United States	46844	ST-BGPUS	false
183.198.94.252	unknown	China	24547	CMNET-V4HEBEI-AS-APHebeiMobileCommunicationCompanyLimit	false
125.177.246.132	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
118.168.63.250	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
151.122.185.167	unknown	United States	394409	POWERENGUS	false
5.244.60.232	unknown	Saudi Arabia	34400	ASN-ETTIHADETISALATSA	false
66.32.169.69	unknown	United States	26914	SYNOPTEKUS	false
196.24.112.161	unknown	South Africa	2018	TENET-1ZA	false
38.64.154.57	unknown	United States	46430	ASN-VICTONCA	false
175.46.18.101	unknown	China	17968	DQTNETDaqingzhongjipetroleumtelecommunicationconstructi	false
186.67.135.190	unknown	Chile	6471	ENTELCHILESACL	false
92.89.195.209	unknown	France	15557	LDCOMNETFR	false
113.205.155.184	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
72.244.237.1	unknown	United States	18566	MEGAPATH5-US	false
54.25.102.86	unknown	United States	14618	AMAZON-AESUS	false
43.205.245.42	unknown	Japan	4249	LILLY-ASUS	false
72.9.150.107	unknown	United States	393398	ASN-DISUS	false
92.128.209.164	unknown	France	3215	FranceTelecom-OrangeFR	false
169.63.254.46	unknown	United States	36351	SOFTLAYERUS	false
165.135.89.17	unknown	United States	25969	SLUUS	false
17.223.238.177	unknown	United States	714	APPLE-ENGINEERINGUS	false
120.235.127.153	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
175.43.123.186	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
220.71.212.94	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
213.210.67.248	unknown	Russian Federation	15759	DIN-ASTomskRussiaRU	false
187.90.229.41	unknown	Brazil	26599	TELEFONICABRASILSABR	false
87.190.98.21	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
165.211.178.244	unknown	Cameroon	15964	CAMNET-ASCM	false
146.124.173.173	unknown	Greece	3260	INTRACOMGR	false
205.209.235.211	unknown	United States	13693	NTS-ONLINEUS	false
105.128.220.132	unknown	Morocco	6713	IAM-ASMA	false
196.94.102.13	unknown	Morocco	6713	IAM-ASMA	false
202.81.120.201	unknown	Australia	58521	GARENA-SGGarenaOnlinePteLtdSG	false
205.192.241.134	unknown	Canada	3356	LEVEL3US	false
177.249.185.19	unknown	Mexico	16960	CablevisionRedSAdeCVMX	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1.138.16.34	x86.elf	Get hash	malicious	Mirai, Moobot	Browse
132.203.17.76	fV7AkeQRo5.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	whisper.powerpc440fp.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	.i.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	garm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	tarm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	i.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	aarch64.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	sh4.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	mips.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNISYS-AP-UI-AS-APUnisysAsiaPacIntranetAccesstoInterne	jklx86.elf	Get hash	malicious	Unknown	Browse	129.223.43.220
	elitebotnet.arm7.elf	Get hash	malicious	Mirai, Okiru	Browse	129.221.49.177
	yakuza.ppc.elf	Get hash	malicious	Mirai	Browse	103.192.51.244
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	129.221.113.240
	Q1xJlSm6Vl.elf	Get hash	malicious	Mirai, Moobot	Browse	103.192.49.73
	cvdLNZXNPZ.elf	Get hash	malicious	Mirai	Browse	129.221.233.97
	CfmKNhPq8T.elf	Get hash	malicious	Unknown	Browse	129.221.245.80
	nullnet_load.x86.elf	Get hash	malicious	Mirai	Browse	103.192.49.74
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	129.223.43.223
	skid.x86_64-20220818-1128	Get hash	malicious	Moobot	Browse	129.221.227.19
INVITECHHU	hoho.i486.elf	Get hash	malicious	Unknown	Browse	81.17.187.135
	jkse.ppc.elf	Get hash	malicious	Unknown	Browse	91.83.149.95
	nklarm7.elf	Get hash	malicious	Unknown	Browse	91.83.239.70
	resgod.arm.elf	Get hash	malicious	Mirai	Browse	81.17.187.135
	cbr.arm5.elf	Get hash	malicious	Mirai	Browse	91.83.125.93
	cbr.mips.elf	Get hash	malicious	Mirai	Browse	91.83.150.64
	cbr.spc.elf	Get hash	malicious	Mirai	Browse	91.83.73.231
	splsh4.elf	Get hash	malicious	Unknown	Browse	91.83.73.234
	jklsh4.elf	Get hash	malicious	Unknown	Browse	213.16.79.70
	mips.elf	Get hash	malicious	Unknown	Browse	81.17.187.163
UNIVERSITE-LAVALCA	nklmpsl.elf	Get hash	malicious	Unknown	Browse	132.203.17.89
	nabarm7.elf	Get hash	malicious	Unknown	Browse	132.203.30.65
	jklarm7.elf	Get hash	malicious	Unknown	Browse	132.203.42.37
	nklmips.elf	Get hash	malicious	Unknown	Browse	132.203.18.125
	Hilix.m68k.elf	Get hash	malicious	Unknown	Browse	132.203.134.217
	kwari.mips.elf	Get hash	malicious	Unknown	Browse	132.203.182.130
	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	132.203.54.41
	arm5.elf	Get hash	malicious	Unknown	Browse	132.203.90.210
	na.elf	Get hash	malicious	Mirai, Moobot	Browse	132.203.17.87
	na.elf	Get hash	malicious	Unknown	Browse	132.203.66.52
KDDIKDDICORPORATIONJP	g4za.mips.elf	Get hash	malicious	Mirai	Browse	210.235.243.174
	g4za.spc.elf	Get hash	malicious	Mirai	Browse	59.135.45.179
	g4za.ppc.elf	Get hash	malicious	Mirai	Browse	59.205.70.238
	arm.fkunigr.elf	Get hash	malicious	Mirai	Browse	106.173.111.212
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	157.119.196.212
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	157.71.220.37
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	157.71.219.58
	m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	119.104.162.47
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	157.108.105.184
	resgod.arm5.elf	Get hash	malicious	Mirai	Browse	133.229.219.202

Process:	/usr/bin/pulseaudio
File Type:	ASCII text
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:	3:5bkPn:pkP
MD5:	FF001A15CE15CF062A3704CEA2991B5F
SHA1:	B06F6855F376C3245B82212AC73ADED55DFE5DEF
SHA-256:	C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
SHA-512:	65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	auto_null.

Source: sh4.elf	Virustotal: Detection: 54%			Perma Link
Source: sh4.elf	ReversingLabs: Detection: 50%

Process:	/usr/bin/dbus-daemon
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

Process:	/usr/sbin/gdm3
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.9219280948873623
Encrypted:	false
SSDEEP:	3:Xj:z
MD5:	33527F59735A918ED7B0F100007A2043
SHA1:	C0D55F1DD6FB879ED50EDD68AD8FF1A5179287CC
SHA-256:	650FA2286D50A071D6EC309786D3B2AB22397BDC77B7B94FF4BBC0946E72EE88
SHA-512:	2B200E5DA8EB0309FE3DCFE2973774CB28DBFF18D0685CB2E1282E6D0CCE3135ED92E07C8B7C056E63DDBE37D8A047A35C4570211D8DE07C97D0A27006AC2F42
Malicious:	false
Reputation:	low
Preview:	6396.

Process:	/lib/systemd/systemd-journald
File Type:	ASCII text
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.559358825802725
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5++H8DiS8J3tHNls+:SbFuFyLVIg1BG+f+Mc+ceN5tH0ji4s
MD5:	E58EB9DD8835D5390C9DDB37D685E11F
SHA1:	0E0F5A6ADC1748A8B8F6AAD6D06DFA2DD40E8DAC
SHA-256:	08F0F291F22052F39E1A49B5A4280EEAD161D021457FEC5DFA2AA7215A2AAEA1
SHA-512:	4944514A728116132D8FBBB0F5BA4CA3365275C2C2C25EAEABF774B24785754933EEDABAEBC36C1531F92E9B483D135DEDCAEDBEB1C7175E86D46E1D71EB10F0
Malicious:	false
Reputation:	low
Preview:	# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=31a836db12214fff86a75ec81586499b.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

Process:	/lib/systemd/systemd-logind
File Type:	ASCII text
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.921230646592726
Encrypted:	false
SSDEEP:	3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
MD5:	BE58CCABC942125F5E27AF6EB1BA2F88
SHA1:	07C20F55E36EE48869B223B8FC4DBC227C7353AC
SHA-256:	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
SHA-512:	E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
Malicious:	false
Preview:	# This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.

Process:	/sbin/agetty
File Type:	data
Category:	dropped
Size (bytes):	384
Entropy (8bit):	0.6722951801018082
Encrypted:	false
SSDEEP:	3:9lSsXlXEWtl/VHCrt:/+yl18
MD5:	0B441A36CD61B5F0CC5BE15BC35774F3
SHA1:	4F3ED0953C26E3195D47BB04B12E8062E8D55A1D
SHA-256:	0888C1B30B6EBD81B80A4E8021EA05834C935A0D37D882033FFDAE332D0673EA
SHA-512:	E1B241928824BDD09A08633343B663A9F6D0FD59ACB2BA854C68462B22A563BC8E02CB2EB38E027F14C778FCF8A8AF7C8B32A9BF08A49A79B7DD2C97454B255C
Malicious:	false
Preview:	........tty2.tty2.......................tty2LOGIN...................................................................................................................................................................................................................................................................................................O..gD?......................................

Process:	/usr/lib/accountsservice/accounts-daemon
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.66214589518167
Encrypted:	false
SSDEEP:	3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
MD5:	542BA3FB41206AE43928AF1C5E61FEBC
SHA1:	F56F574DAF50D609526B36B5B54FDD59EA4D6A26
SHA-256:	730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
SHA-512:	D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
Malicious:	false
Preview:	[User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.

Process:	/usr/bin/gpu-manager
File Type:	ASCII text
Category:	dropped
Size (bytes):	25
Entropy (8bit):	2.7550849518197795
Encrypted:	false
SSDEEP:	3:JoT/V9fDVbn:M/V3n
MD5:	078760523943E160756979906B85FB5E
SHA1:	0962643266F4C5537F7D125046F28F21D6DD0C89
SHA-256:	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
SHA-512:	DEFAAE8F8B54C61A716A0B0B4884358FEB8EB44DFEA01AAA5A687FDA7182792B7DEBB34AA840672EB3B40EB59FD0186749E08E47D181786C7FAA8C8F73F0104D
Malicious:	false
Preview:	15ad:0405;0000:00:0f:0;1.

Process:	/usr/sbin/rsyslogd
File Type:	ASCII text
Category:	dropped
Size (bytes):	2188
Entropy (8bit):	4.891984160784477
Encrypted:	false
SSDEEP:	24:ptxRmqj/xatFdvZ4DZeosOzckUAvsA2+VW0pYrvJr6cqrCQU:VRTLx+svhfVZYrRr6cqrCn
MD5:	D0FFCFA1FC1D4021FBC097A3EBAF6093
SHA1:	B0D8F67B5F4FA9A3A12F79A16F4CF596F2A0C410
SHA-256:	FF99BAD7678AD1134D772C7CD5C412BAA5B60C7EB798B09D83D081EACD5F117D
SHA-512:	3639AABB924E4A6667325E6648333A9F66A42B70E29198A1AB0390CB1933F29719D400861C37CDF23A11F1BE01B714229D8A2DF9F9DDAAF028D0187D638354FC
Malicious:	false
Preview:	Mar 25 11:18:24 galassia gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm.Mar 25 11:18:24 galassia gdm-password]: pam_unix(gdm-password:session): session closed for user saturnino.Mar 25 11:18:25 galassia gdm-password]: pam_systemd(gdm-password:session): Failed to release session: No session '2' known.Mar 25 11:18:25 galassia systemd-logind[797]: Failed to abandon session scope, ignoring: Transport endpoint is not connected.Mar 25 11:18:25 galassia systemd-logind[797]: Session c2 logged out. Waiting for processes to exit..Mar 25 11:18:25 galassia systemd-logind[6304]: Failed to add user by file name 127, ignoring: Invalid argument.Mar 25 11:18:25 galassia systemd-logind[6304]: Failed to add user by file name 1000, ignoring: Invalid argument.Mar 25 11:18:25 galassia systemd-logind[6304]: User enumeration failed: Invalid argument.Mar 25 11:18:25 galassia systemd-logind[6304]: User of session c2 not known..Mar 25 11:18:25 galassia systemd-logi

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.289596763522301
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	sh4.elf
File size:	131'856 bytes
MD5:	19b061c750e329b9a64af04f4f551374
SHA1:	b580e646101b4ecc59d2c32a6abd3fcfdfb55093
SHA256:	ff5e93ab91c246bdb6a6c2a7a38316a94e140212cd1a259ceb116d6d4d944933
SHA512:	e9bbb9e2551643f2ea6b699ed1e5efed954be876cf656feae279f1f6fd214e97d810506f2fdfe746e3b734049dd49ab734b405e994a4225e0a53e6aae0d2b363
SSDEEP:	3072:TloomweeIWYNFRdr3/WavLNZtWHElU3g4V4:T+omne1YNF7r3/WavTYHx33
TLSH:	F5D37CB3CC386EA8C668E5B4B0318F781B53A51182475FBE59A7C7B18047D8DF60A3B5
File Content Preview:	.ELF.....................@.4...X.......4. ...(...............@...@.\|...\|.....................B...B..Q..X...........Q.td............................././"O.n........#.@........#.*@.}...o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	131416
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x17da0	0x0	0x6	AX	32
.fini	PROGBITS	0x417e80	0x17e80	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x417ea4	0x17ea4	0x2ed8	0x0	0x2	A	4
.ctors	PROGBITS	0x42b000	0x1b000	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x42b00c	0x1b00c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x42b020	0x1b020	0x50e0	0x0	0x3	WA	32
.got	PROGBITS	0x430100	0x20100	0x14	0x4	0x3	WA	4
.bss	NOBITS	0x430114	0x20114	0x4644	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x20114	0x43	0x0	0x0		1

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1ad7c	0x1ad7c	6.9224	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x1b000	0x42b000	0x42b000	0x5114	0x9758	1.0064	0x6	RW	0x10000	.ctors .dtors .data .got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 17:18:18.229533911 CET	42152	53	192.168.2.23	8.8.8.8
Mar 25, 2025 17:18:18.229578972 CET	57282	53	192.168.2.23	8.8.8.8
Mar 25, 2025 17:18:18.327986956 CET	53	57282	8.8.8.8	192.168.2.23
Mar 25, 2025 17:18:18.340318918 CET	53	42152	8.8.8.8	192.168.2.23
Mar 25, 2025 17:18:18.606672049 CET	55460	53	192.168.2.23	8.8.8.8
Mar 25, 2025 17:18:18.705046892 CET	53	55460	8.8.8.8	192.168.2.23

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 25, 2025 17:18:18.887271881 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Mar 25, 2025 17:19:38.900393963 CET	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:18:22 UTC	307	OUT	POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1 Host: daisy.ubuntu.com Accept: / Content-Type: application/octet-stream X-Whoopsie-Version: 0.2.69ubuntu0.3 Content-Length: 164887 Expect: 100-continue
2025-03-25 16:18:22 UTC	25	IN	HTTP/1.1 100 Continue
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61 Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20 Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67 Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37 Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73 Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
2025-03-25 16:18:22 UTC	16384	OUT	Data Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: () Option "_source" "server/udev"Aug 17 20:25
2025-03-25 16:18:23 UTC	279	IN	HTTP/1.1 400 Bad Request Date: Tue, 25 Mar 2025 16:18:23 GMT Server: gunicorn/19.7.1 X-Daisy-Revision-Number: 979 X-Oops-Repository-Version: 0.0.0 Strict-Transport-Security: max-age=2592000 Connection: close Transfer-Encoding: chunked 17 Crash already reported. 0

Start time (UTC):	16:18:10
Start date (UTC):	25/03/2025
Path:	/tmp/sh4.elf
Arguments:	/tmp/sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Start time (UTC):	16:18:11
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:13
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:16
Start date (UTC):	25/03/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink

/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source

/proc/6424/oom_score_adj

/run/gdm3.pid

/run/systemd/journal/streams/.#9:76653Agh7Ns

/run/systemd/journal/streams/.#9:767255fITKr

/run/systemd/journal/streams/.#9:76729pXYthp

/run/systemd/journal/streams/.#9:76730tRa9rt

/run/systemd/journal/streams/.#9:76731112nGr

/run/systemd/journal/streams/.#9:76738GPQZds

/run/systemd/journal/streams/.#9:76739Nl1sRs

/run/systemd/journal/streams/.#9:76748Uwfbqs

/run/systemd/journal/streams/.#9:76749vyZEXs

/run/systemd/journal/streams/.#9:76750hjSAhp

/run/systemd/journal/streams/.#9:76751jdcSkp

/run/systemd/journal/streams/.#9:767858KAx7q

/run/systemd/journal/streams/.#9:76793aJwPqr

/run/systemd/journal/streams/.#9:77258gagwIq

/run/systemd/journal/streams/.#9:77301iKawct

/run/systemd/journal/streams/.#9:77418pfhNpq

/run/systemd/journal/streams/.#9:77910oFR6ht

/run/systemd/journal/streams/.#9:77924hUWoNs

/run/systemd/journal/streams/.#9:77944BdsO6r

/run/systemd/journal/streams/.#9:77945kXqIvr

/run/systemd/journal/streams/.#9:77961fY5Xgq

/run/systemd/journal/streams/.#9:77962JRWfos

Linux Analysis Report
sh4.elf

Start time (UTC):	16:18:17
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:18
Start date (UTC):	25/03/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	16:18:19
Start date (UTC):	25/03/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	16:18:20
Start date (UTC):	25/03/2025
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	16:18:23
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:21
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:22
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:25
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:36
Start date (UTC):	25/03/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	16:18:38
Start date (UTC):	25/03/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f