Linux Analysis Report
jfeeps.elf

Overview

General Information

Sample name:	jfeeps.elf
Analysis ID:	1649552
MD5:	88cbe6f27549d7c2e614554e8871c9f2
SHA1:	90485d661ecae0b20f830f01d8f1ea648970405d
SHA256:	34251dd18c7736c125dcadccb793c41fd4df16029ea5846e248ebabd370cfd33
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Deletes system log files

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Deletes log files

Detected TCP or UDP traffic on non-standard ports

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Executes the "rm" command used to delete files or directories

Found strings indicative of a multi-platform dropper

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads system version information

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: jfeeps.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: jfeeps.elf	Virustotal: Detection: 31%			Perma Link
Source: jfeeps.elf	ReversingLabs: Detection: 36%

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5647)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6044)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6351)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6575)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6592)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7079)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7303)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7372)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: jfeeps.elf

String: /lib/systemd//usr/lib/systemd/system/system/bin//gm/bin//home/process//home/helper/home/davinci/z/bin//mnt/mtd//tmp/sqfs//usr/libexec//usr/sbin//z/zbin//usr/bin/bin//tmp/var/mnt/root/boot/home/dev/media/opt/../(deleted)x86armmipsmpslsh4wgetcurllynxftpftpgettftpscpaflaaarsyncpfclamscanreadelfizsnapstracelsofgdbpmapltraceptracewiresharktsharktcpdumpnetstatssnmaphping3tracerouteiptablesnftfirewalldauditctlselinuxapparmoraptdnfyumzypperpacmanemergebrewportnanovimvinvimgeditkateemacspkillkillallkillsystemctlnohuppythonpython3perlrubyluanodebashshkshzshfishvolatilitychkrootkitrkhunterradare2binwalkdockerpodmanlxcqemuvirshvboxmanagemountumountdfdulsblkblkidmkfsfdiskpartedobjdumpstringsxxdhexdumpncnetcatsocatjournalctldmesglogcattaillessgrepawksedtmuxA

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:51626 -> 141.98.10.142:2211

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 5646)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5724)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5823)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 5895)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6042)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6110)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6185)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6260)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6346)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6416)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6491)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6573)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6655)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6736)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6819)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6895)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6981)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7061)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7142)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7219)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7305)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7373)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7450)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 5652)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 5892)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 5980)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6048)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6124)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6197)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6284)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6354)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6430)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6508)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6594)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6675)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6757)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6829)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6920)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6993)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7081)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7155)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7241)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7309)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7388)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7461)	Socket: unknown address family

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic

TCP traffic: 192.168.2.13:50526 -> 34.243.160.129:443

Source: unknown

TCP traffic detected without corresponding DNS query: 34.243.160.129

Source: global traffic

DNS traffic detected: DNS query: raw.awaken-network.net

Source: unknown

Network traffic detected: HTTP traffic on port 50526 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5451, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5455, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5456, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5457, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5459, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5460, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3146, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5497, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5599, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1400, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2926, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5645, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5646, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5652, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5656, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5717, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5820, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5823, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5881, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5885, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6041, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6042, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6125, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6128, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6186, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6430, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6431, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6434, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6491, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6492, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6654, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6655, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6661, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6758, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6761, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6819, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6920, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6921, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7081, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7082, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7241, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7245, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7304, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7388, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7389, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7392, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7450, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7552, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7556, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7613, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7640, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7650, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7670, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7772, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7854, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7942, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7943, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7946, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8026, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8115, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8118, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8175, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8198, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8286, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8287, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8334, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8370, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8461, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8464, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8521, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8544, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8632, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8633, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8636, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8693, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8716, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8804, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8805, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8808, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8865, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8888, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8976, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8977, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9033, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9062, result: successful	Jump to behavior

Document contains embedded VBA macros

Source: xfce4-notifyd.xml.new.38.dr

OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: xfce4-notifyd.xml.new.38.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5451, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5455, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5456, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5457, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5459, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5460, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3146, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5497, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5599, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1400, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2926, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5645, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5646, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5652, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5656, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5717, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5820, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5823, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5881, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5885, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6041, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6042, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6125, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6128, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6186, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6430, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6431, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6434, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6491, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6492, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6654, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6655, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6661, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6758, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6761, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6819, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6920, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6921, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7081, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7082, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7241, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7245, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7304, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7388, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7389, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7392, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7450, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7552, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7556, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7613, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7640, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7650, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7670, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7772, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7854, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7942, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7943, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7946, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8026, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8115, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8118, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8175, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8198, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8286, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8287, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8334, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8370, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8461, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8464, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8521, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8544, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8632, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8633, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8636, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8693, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8716, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8804, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8805, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8808, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8865, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8888, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8976, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8977, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9033, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9062, result: successful	Jump to behavior

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/122@4/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5645)	File: /proc/5645/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5723)	File: /proc/5723/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5885)	File: /proc/5885/mounts
Source: /usr/bin/dbus-daemon (PID: 5956)	File: /proc/5956/mounts
Source: /usr/bin/dbus-daemon (PID: 5981)	File: /proc/5981/mounts
Source: /usr/bin/dbus-daemon (PID: 6049)	File: /proc/6049/mounts
Source: /usr/bin/dbus-daemon (PID: 6125)	File: /proc/6125/mounts
Source: /usr/bin/dbus-daemon (PID: 6199)	File: /proc/6199/mounts
Source: /usr/bin/dbus-daemon (PID: 6285)	File: /proc/6285/mounts
Source: /usr/bin/dbus-daemon (PID: 6355)	File: /proc/6355/mounts
Source: /usr/bin/dbus-daemon (PID: 6431)	File: /proc/6431/mounts
Source: /usr/bin/dbus-daemon (PID: 6509)	File: /proc/6509/mounts
Source: /usr/bin/dbus-daemon (PID: 6661)	File: /proc/6661/mounts
Source: /usr/bin/dbus-daemon (PID: 6737)	File: /proc/6737/mounts
Source: /usr/bin/dbus-daemon (PID: 6758)	File: /proc/6758/mounts
Source: /usr/bin/dbus-daemon (PID: 6831)	File: /proc/6831/mounts
Source: /usr/bin/dbus-daemon (PID: 6921)	File: /proc/6921/mounts
Source: /usr/bin/dbus-daemon (PID: 6998)	File: /proc/6998/mounts
Source: /usr/bin/dbus-daemon (PID: 7082)	File: /proc/7082/mounts
Source: /usr/bin/dbus-daemon (PID: 7157)	File: /proc/7157/mounts
Source: /usr/bin/dbus-daemon (PID: 7242)	File: /proc/7242/mounts
Source: /usr/bin/dbus-daemon (PID: 7310)	File: /proc/7310/mounts
Source: /usr/bin/dbus-daemon (PID: 7389)	File: /proc/7389/mounts
Source: /usr/bin/dbus-daemon (PID: 7465)	File: /proc/7465/mounts

Creates hidden files and/or directories

Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5459)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5460)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5559)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5590)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5608)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5609)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	File: /run/systemd/seats/.#seat0FgoiTQ	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5717)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	File: /run/systemd/seats/.#seat01ZIJxm	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5802)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5824)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5824)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5824)	File: /run/systemd/seats/.#seat0o65OEy
Source: /lib/systemd/systemd-logind (PID: 5899)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5899)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5899)	File: /run/systemd/seats/.#seat0VpPRQg
Source: /lib/systemd/systemd-logind (PID: 5984)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5984)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5984)	File: /run/systemd/seats/.#seat0iMM9hH
Source: /lib/systemd/systemd-logind (PID: 6052)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6052)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6052)	File: /run/systemd/seats/.#seat0qeuPWQ
Source: /usr/lib/policykit-1/polkitd (PID: 6120)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6128)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6128)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6128)	File: /run/systemd/seats/.#seat0G2voiy
Source: /lib/systemd/systemd-logind (PID: 6203)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6203)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6203)	File: /run/systemd/seats/.#seat06uMzXf
Source: /usr/lib/policykit-1/polkitd (PID: 6280)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6288)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6288)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6288)	File: /run/systemd/seats/.#seat00b2cTD
Source: /lib/systemd/systemd-logind (PID: 6358)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6358)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6358)	File: /run/systemd/seats/.#seat0wbTQuX
Source: /usr/lib/policykit-1/polkitd (PID: 6423)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6434)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6434)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6434)	File: /run/systemd/seats/.#seat0PnwihG
Source: /lib/systemd/systemd-logind (PID: 6514)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6514)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6514)	File: /run/systemd/seats/.#seat0tPcpeN
Source: /usr/lib/policykit-1/polkitd (PID: 6587)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	File: /run/systemd/seats/.#seat0V9U121
Source: /lib/systemd/systemd-logind (PID: 6678)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6678)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6678)	File: /run/systemd/seats/.#seat0JSZnq9
Source: /usr/lib/policykit-1/polkitd (PID: 6748)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6761)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6761)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6761)	File: /run/systemd/seats/.#seat0xRT9zs
Source: /lib/systemd/systemd-logind (PID: 6834)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6834)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6834)	File: /run/systemd/seats/.#seat0s7qafV
Source: /usr/lib/policykit-1/polkitd (PID: 6911)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6924)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6924)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6924)	File: /run/systemd/seats/.#seat0vPCbNL
Source: /lib/systemd/systemd-logind (PID: 7004)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7004)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7004)	File: /run/systemd/seats/.#seat0aePTsN
Source: /usr/lib/policykit-1/polkitd (PID: 7074)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7085)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7085)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7085)	File: /run/systemd/seats/.#seat05xQC1T
Source: /lib/systemd/systemd-logind (PID: 7162)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7162)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7162)	File: /run/systemd/seats/.#seat0GwylUJ
Source: /usr/lib/policykit-1/polkitd (PID: 7237)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7245)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7245)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7245)	File: /run/systemd/seats/.#seat0QOi8K0
Source: /lib/systemd/systemd-logind (PID: 7313)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7313)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7313)	File: /run/systemd/seats/.#seat0etLB08
Source: /usr/lib/policykit-1/polkitd (PID: 7380)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7392)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7392)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7392)	File: /run/systemd/seats/.#seat0dCOCXa
Source: /lib/systemd/systemd-logind (PID: 7470)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7470)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7470)	File: /run/systemd/seats/.#seat0iAJtt4

Enumerates processes within the "proc" file system

Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6351/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6351/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5386/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5386/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/238/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/238/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/239/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/239/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6347/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6347/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/19/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/19/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/240/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/240/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/241/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/241/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/242/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/242/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/244/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/244/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/245/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/245/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/246/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/246/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/247/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/247/cmdline

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 5789)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5791)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5793)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5798)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5803)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5808)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5810)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5812)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5887)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5891)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5894)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5958)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5963)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5965)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5967)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5969)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6193)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6195)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6198)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6262)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6264)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6269)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6273)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6276)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6494)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6499)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6501)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6503)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6506)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6571)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6574)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6582)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6659)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6665)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6667)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6669)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6671)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6673)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6738)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6743)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6821)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6826)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6828)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6894)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6897)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6902)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6904)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6906)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6987)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6989)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6991)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6994)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6997)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7000)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7063)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7068)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7150)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7152)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7154)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7158)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7220)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7226)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7228)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7230)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7452)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7457)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7459)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7462)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7466)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 5790)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5792)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5796)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5799)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5804)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5809)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5811)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5813)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5890)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5893)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5896)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5959)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5964)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5966)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5968)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5970)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6194)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6196)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6200)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6263)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6268)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6270)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6274)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6277)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6495)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6500)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6502)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6507)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6572)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6576)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6583)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6660)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6666)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6668)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6670)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6672)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6674)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6742)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6744)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6825)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6827)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6830)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6896)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6898)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6903)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6905)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6907)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6988)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6990)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6992)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6995)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6999)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7001)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7064)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7071)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7151)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7153)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7156)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7159)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7222)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7227)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7229)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7231)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7456)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7458)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7460)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7463)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7467)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 5817)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6044)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6351)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6592)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6755)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6916)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7079)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7303)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Executes the "rm" command used to delete files or directories

Source: /usr/bin/xfce4-session (PID: 5560)	Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4	Jump to behavior
Source: /usr/bin/dash (PID: 5592)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lZmJG0mnDS /tmp/tmp.otyViNTUvj /tmp/tmp.xKqzJz0iCi	Jump to behavior
Source: /usr/bin/dash (PID: 5593)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lZmJG0mnDS /tmp/tmp.otyViNTUvj /tmp/tmp.xKqzJz0iCi	Jump to behavior

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5652)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 5892)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 5980)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6048)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6124)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6197)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6284)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6354)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6430)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6508)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6594)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6675)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6757)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6829)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6920)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6993)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7081)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7155)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7241)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7309)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7388)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7461)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 5721)

Reads version info: /etc/issue

Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 5646)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5646)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 5724)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5785)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5823)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5886)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5895)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6042)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6110)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6185)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6192)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6260)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6346)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6416)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6491)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6493)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6573)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6655)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6658)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6736)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6819)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6820)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6895)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6981)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6986)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 7061)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7142)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 7147)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 7219)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7305)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7373)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7450)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 7451)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/jfeeps.elf (PID: 5451)

Log files deleted: /var/log/kern.log

Jump to behavior

Sample deletes itself

Source: /tmp/jfeeps.elf (PID: 5445)

File: /tmp/jfeeps.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 5785)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5886)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6192)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6493)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6658)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6820)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6986)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7147)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7451)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5647)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6044)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6351)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6575)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6592)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7079)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7303)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7372)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/jfeeps.elf (PID: 5441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5458)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5459)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5460)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5559)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5590)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5608)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5609)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5610)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5646)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5647)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5652)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5721)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5724)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5785)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 5823)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 5886)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 5892)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 5895)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 5980)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6042)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6048)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6110)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6124)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6185)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6192)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6197)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6260)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6284)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6346)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6354)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6416)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6430)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6491)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6493)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6508)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6573)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6575)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6594)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6655)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6658)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6675)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6736)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6757)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6819)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6820)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6829)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6895)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6920)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6981)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6986)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6993)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7061)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7081)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7142)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7147)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7155)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7219)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7241)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7305)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7309)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7372)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7373)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7388)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7450)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7451)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7461)	Queries kernel information via 'uname':

Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware1a
Source: jfeeps.elf, 5441.1.000055e6697b0000.000055e669837000.rw-.sdmp, jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U1/tmp/vmware-root_727-4290690966!
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: 8/var/lib/vmwareHU H\
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_727-4290690966
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.ZPECcC\
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth/aliasStore
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: 8/var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuthP4/var/lib/NetworkManagerH
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth0
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware/VGAuth`
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/var/lib/vmware
Source: jfeeps.elf, 5441.1.000055e6697b0000.000055e669837000.rw-.sdmp, jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: (/var/lib/vmware/VGAuth/aliasStore
Source: jfeeps.elf, 5451.1.00007ffaa4473000.00007ffaa4481000.rw-.sdmp	Binary or memory string: $/tmp/vmware-root_727-4290690966
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/var/lib/vmware/VGAuth
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.ZPECcC
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: 6x86_64/usr/bin/qemu-mips/tmp/jfeeps.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/jfeeps.elf
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware/VGAuth
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: P/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf$/tmp/vmware-root_727-4290690966X/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi4/tmp/hsperfdata_root
Source: jfeeps.elf	Binary or memory string: /lib/systemd//usr/lib/systemd/system/system/bin//gm/bin//home/process//home/helper/home/davinci/z/bin//mnt/mtd//tmp/sqfs//usr/libexec//usr/sbin//z/zbin//usr/bin/bin//tmp/var/mnt/root/boot/home/dev/media/opt/../(deleted)x86armmipsmpslsh4wgetcurllynxftpftpgettftpscpaflaaarsyncpfclamscanreadelfizsnapstracelsofgdbpmapltraceptracewiresharktsharktcpdumpnetstatssnmaphping3tracerouteiptablesnftfirewalldauditctlselinuxapparmoraptdnfyumzypperpacmanemergebrewportnanovimvinvimgeditkateemacspkillkillallkillsystemctlnohuppythonpython3perlrubyluanodebashshkshzshfishvolatilitychkrootkitrkhunterradare2binwalkdockerpodmanlxcqemuvirshvboxmanagemountumountdfdulsblkblkidmkfsfdiskpartedobjdumpstringsxxdhexdumpncnetcatsocatjournalctldmesglogcattaillessgrepawksedtmuxA
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: 1/var/lib/vmware/VGAuth/aliasStoreQ/var/lib/systemd/deb-systemd-helper-enabled/cloud-init.target.wantsetooQ/var/lib/systemd/deb-systemd-helper-enabled/rescue.target.wants/cloud-iA/var/lib/cloud/instances/iid-datasource-none@

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
141.98.10.142	raw.awaken-network.net	Lithuania		209605	HOSTBALTICLT	false
34.243.160.129	unknown	United States		16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
raw.awaken-network.net	141.98.10.142	true

Name	Type	MD5	SHA1	SHA256
/home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml.new	XML 1.0 document, ASCII text	1DAD1E58BD92CEAF845A2FACEE15F276	305131C4C2657898AC4C7AF6A49D5533431DD5E2	58C13023BC6BD7D0E3DCF125B32B18D89818AF7B5BD610B5027BF168CA98E047
/proc/5441/task/5441/comm	very short file (no magic)	336D5EBC5436534E61D16E63DDFCA327	3BC15C8AAE3E4124DD409035F32EA2FD6835EFC9	3973E022E93220F9212C18D0D0C543AE7C309E46640DA93A4A0314DE999F5112
/run/systemd/seats/.#seat00b2cTD	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat01ZIJxm	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat05xQC1T	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat06uMzXf	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0FgoiTQ	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0G2voiy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0GwylUJ	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0JSZnq9	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0PnwihG	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0QOi8K0	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0V9U121	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0VpPRQg	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0aePTsN	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0dCOCXa	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0etLB08	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0iAJtt4	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0iMM9hH	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0o65OEy	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0qeuPWQ	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0s7qafV	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0tPcpeN	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0vPCbNL	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0wbTQuX	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/systemd/seats/.#seat0xRT9zs	ASCII text	BE58CCABC942125F5E27AF6EB1BA2F88	07C20F55E36EE48869B223B8FC4DBC227C7353AC	551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
/run/user/1000/pulse/pid	ASCII text	0067047D360EFC1FC45563DB187BCD31	6E6770B796C6607FB5B7BC3907B72CC8BCFCC5AF	BE3207BF2F3E67035843AC60B6D11B77FA4DCD9C71A071C04EE573A6A245873A
/run/utmp	data	6B87AA936E2164FFC58C5D67F49500AF	A9C58EC2997C0AE76CB3C72F4166334A3580FEC3	67A8DC314DD10C35E74ACA645722CECA224A9537FDD87107339427E269314E7C
/tmp/qemu-open.DQJiFD (deleted)	ASCII text, with no line terminators	B932EF63E21E579E691B5FC5ABA2C6F5	687A952256AE94BE831936C55B9D029A9EE674BE	DB8DA6B712993999DAA04DFA5260AD377A12E03A93C787ED200021E7F3C63446
/tmp/qemu-open.N5mX3E (deleted)	ASCII text	020E0B4A0997F76EE8C995F464363C7E	9074E907CC0F028829CC079B247C8146F7D1E8EA	F737244A6916B9C1A2933E8116878E2F9D68B69DBDCE6E6EFEFA3D8036CA798C
/tmp/qemu-open.ZPECcC (deleted)	data	8DD5407A03038CEEC32A69DA9562141F	B6E8014EBE29556FB0A77266ED987C7BB93CDD35	B31A37151D1C1CC1ADBE04507B25AF79A16621D34F5231051B42401F6CD38A6A
/var/lib/ubuntu-drivers-common/last_gfx_boot	ASCII text	078760523943E160756979906B85FB5E	0962643266F4C5537F7D125046F28F21D6DD0C89	048416AC7A9A99690B8B53718CD39F32F637B55CC8DD8E67E58E5AEF060DD41C
/var/log/auth.log	ASCII text	DC428902EE53A9F79F4926B15F172691	1788C4F5A5764A8006A0D36E80103E1205709FB2	C7F68D71E2B55DC34C3A5E49CA6F73E51442C890AD1122783F7E6D6297D73488
/var/log/gpu-manager.log	ASCII text	3AF77E630DA00B3BE24F4E8AA5D78B13	BCF2D99E002F6DE2413A183227B011CFBEF5673D	EB1CBBA20845237B4409274D693FEAE13F835274DA3337B7A9D14F4D7FDF9DEA
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal	data	33FC920262F749B7FC23D0209BF52CA5	F095485C78B018BBDF748A6BB9976E69F7E131B2	0980E48BAF249F81327A6B58AC4A1AB39B69D701B3DFF92B41BD82F6BFEBE68A
/var/log/kern.log	ASCII text	0D1A57183A465980E2DDAFB898313D10	7769530A8D435A15660AAF9759BB8D7325C936DA	B21197822D2217FD2D6D6683B9413FA4BB9EF53C90F9C0DB969F10DFE8340AE2
/var/log/syslog	ASCII text	FFB17D8B785C588539F5488D65D0D591	9DC611631B4A1F53D8EA8CD47A77EC0CE35028FA	79A9B400BA6DBC42CD5998BC4F85DB81729E64E78F3691533EFF5808041E2F1A
/var/log/wtmp	data	6B87AA936E2164FFC58C5D67F49500AF	A9C58EC2997C0AE76CB3C72F4166334A3580FEC3	67A8DC314DD10C35E74ACA645722CECA224A9537FDD87107339427E269314E7C

AV Detection

Antivirus / Scanner detection for submitted sample

Source: jfeeps.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: jfeeps.elf	Virustotal: Detection: 31%			Perma Link
Source: jfeeps.elf	ReversingLabs: Detection: 36%

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5647)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6044)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6351)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6575)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6592)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7079)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7303)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7372)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Found strings indicative of a multi-platform dropper

Source: jfeeps.elf

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.13:51626 -> 141.98.10.142:2211

Reads the 'hosts' file potentially containing internal network hosts

Source: /usr/sbin/rsyslogd (PID: 5646)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5724)	Reads hosts file: /etc/hosts	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5823)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 5895)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6042)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6110)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6185)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6260)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6346)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6416)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6491)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6573)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6655)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6736)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6819)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6895)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 6981)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7061)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7142)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7219)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7305)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7373)	Reads hosts file: /etc/hosts
Source: /usr/sbin/rsyslogd (PID: 7450)	Reads hosts file: /etc/hosts

Sample listens on a socket

Source: /lib/systemd/systemd-journald (PID: 5652)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Socket: unknown address family	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 5892)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 5980)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6048)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6124)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6197)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6284)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6354)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6430)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6508)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6594)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6675)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6757)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6829)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6920)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 6993)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7081)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7155)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7241)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7309)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7388)	Socket: unknown address family
Source: /lib/systemd/systemd-journald (PID: 7461)	Socket: unknown address family

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic

TCP traffic: 192.168.2.13:50526 -> 34.243.160.129:443

Source: unknown

TCP traffic detected without corresponding DNS query: 34.243.160.129

Source: global traffic

DNS traffic detected: DNS query: raw.awaken-network.net

Source: unknown

Network traffic detected: HTTP traffic on port 50526 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5451, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5455, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5456, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5457, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5459, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5460, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3146, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5497, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5599, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1400, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2926, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5645, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5646, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5652, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5656, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5717, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5820, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5823, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5881, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5885, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6041, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6042, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6125, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6128, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6186, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6430, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6431, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6434, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6491, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6492, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6654, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6655, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6661, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6758, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6761, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6819, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6920, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6921, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7081, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7082, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7241, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7245, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7304, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7388, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7389, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7392, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7450, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7552, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7556, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7613, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7640, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7650, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7670, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7772, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7854, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7942, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7943, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7946, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8026, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8115, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8118, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8175, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8198, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8286, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8287, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8334, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8370, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8461, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8464, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8521, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8544, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8632, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8633, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8636, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8693, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8716, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8804, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8805, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8808, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8865, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8888, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8976, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8977, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9033, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9062, result: successful	Jump to behavior

Document contains embedded VBA macros

Source: xfce4-notifyd.xml.new.38.dr

OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: xfce4-notifyd.xml.new.38.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5451, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5455, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5456, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5457, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5459, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5460, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 780, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1563, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3134, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3146, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3147, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3153, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3158, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3183, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3203, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3220, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3677, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5427, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5497, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5523, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5547, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5559, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5590, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5597, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5599, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5600, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 1400, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2926, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5645, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5646, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5652, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5656, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5717, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5817, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5820, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5823, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5881, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5885, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 5984, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6041, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6042, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6124, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6125, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6128, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6185, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6186, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6288, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6345, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6346, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6430, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6431, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6434, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6491, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6492, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6592, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6594, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6597, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6654, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6655, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6661, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6755, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6757, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6758, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6761, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6818, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6819, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6916, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6920, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6921, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6924, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6981, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 6982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7079, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7081, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7082, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7085, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7142, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7143, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7241, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7242, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7245, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7304, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7305, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7388, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7389, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7392, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7449, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7450, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7552, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7553, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7556, result: no such process	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7613, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7640, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7650, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7670, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7768, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7769, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7772, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7824, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7854, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7942, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7943, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7946, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 7982, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8026, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8114, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8115, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8118, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8175, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8198, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8286, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8287, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8290, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8334, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8370, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8458, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8461, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8464, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8521, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8544, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8632, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8633, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8636, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8693, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8716, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8804, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8805, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8808, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8865, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8888, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8976, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8977, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 8980, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9033, result: successful	Jump to behavior
Source: /tmp/jfeeps.elf (PID: 5447)	SIGKILL sent: pid: 9062, result: successful	Jump to behavior

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/122@4/0

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /usr/bin/dbus-daemon (PID: 5645)	File: /proc/5645/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5723)	File: /proc/5723/mounts	Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5885)	File: /proc/5885/mounts
Source: /usr/bin/dbus-daemon (PID: 5956)	File: /proc/5956/mounts
Source: /usr/bin/dbus-daemon (PID: 5981)	File: /proc/5981/mounts
Source: /usr/bin/dbus-daemon (PID: 6049)	File: /proc/6049/mounts
Source: /usr/bin/dbus-daemon (PID: 6125)	File: /proc/6125/mounts
Source: /usr/bin/dbus-daemon (PID: 6199)	File: /proc/6199/mounts
Source: /usr/bin/dbus-daemon (PID: 6285)	File: /proc/6285/mounts
Source: /usr/bin/dbus-daemon (PID: 6355)	File: /proc/6355/mounts
Source: /usr/bin/dbus-daemon (PID: 6431)	File: /proc/6431/mounts
Source: /usr/bin/dbus-daemon (PID: 6509)	File: /proc/6509/mounts
Source: /usr/bin/dbus-daemon (PID: 6661)	File: /proc/6661/mounts
Source: /usr/bin/dbus-daemon (PID: 6737)	File: /proc/6737/mounts
Source: /usr/bin/dbus-daemon (PID: 6758)	File: /proc/6758/mounts
Source: /usr/bin/dbus-daemon (PID: 6831)	File: /proc/6831/mounts
Source: /usr/bin/dbus-daemon (PID: 6921)	File: /proc/6921/mounts
Source: /usr/bin/dbus-daemon (PID: 6998)	File: /proc/6998/mounts
Source: /usr/bin/dbus-daemon (PID: 7082)	File: /proc/7082/mounts
Source: /usr/bin/dbus-daemon (PID: 7157)	File: /proc/7157/mounts
Source: /usr/bin/dbus-daemon (PID: 7242)	File: /proc/7242/mounts
Source: /usr/bin/dbus-daemon (PID: 7310)	File: /proc/7310/mounts
Source: /usr/bin/dbus-daemon (PID: 7389)	File: /proc/7389/mounts
Source: /usr/bin/dbus-daemon (PID: 7465)	File: /proc/7465/mounts

Creates hidden files and/or directories

Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5459)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5460)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5497)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5559)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5590)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5599)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5608)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5609)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5656)	File: /run/systemd/seats/.#seat0FgoiTQ	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5717)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	Directory: <invalid fd (18)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	Directory: <invalid fd (17)>/..	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5728)	File: /run/systemd/seats/.#seat01ZIJxm	Jump to behavior
Source: /usr/lib/policykit-1/polkitd (PID: 5802)	Directory: /root/.cache	Jump to behavior
Source: /lib/systemd/systemd-logind (PID: 5824)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5824)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5824)	File: /run/systemd/seats/.#seat0o65OEy
Source: /lib/systemd/systemd-logind (PID: 5899)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5899)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5899)	File: /run/systemd/seats/.#seat0VpPRQg
Source: /lib/systemd/systemd-logind (PID: 5984)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 5984)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 5984)	File: /run/systemd/seats/.#seat0iMM9hH
Source: /lib/systemd/systemd-logind (PID: 6052)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6052)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6052)	File: /run/systemd/seats/.#seat0qeuPWQ
Source: /usr/lib/policykit-1/polkitd (PID: 6120)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6128)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6128)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6128)	File: /run/systemd/seats/.#seat0G2voiy
Source: /lib/systemd/systemd-logind (PID: 6203)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6203)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6203)	File: /run/systemd/seats/.#seat06uMzXf
Source: /usr/lib/policykit-1/polkitd (PID: 6280)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6288)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6288)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6288)	File: /run/systemd/seats/.#seat00b2cTD
Source: /lib/systemd/systemd-logind (PID: 6358)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6358)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6358)	File: /run/systemd/seats/.#seat0wbTQuX
Source: /usr/lib/policykit-1/polkitd (PID: 6423)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6434)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6434)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6434)	File: /run/systemd/seats/.#seat0PnwihG
Source: /lib/systemd/systemd-logind (PID: 6514)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6514)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6514)	File: /run/systemd/seats/.#seat0tPcpeN
Source: /usr/lib/policykit-1/polkitd (PID: 6587)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6597)	File: /run/systemd/seats/.#seat0V9U121
Source: /lib/systemd/systemd-logind (PID: 6678)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6678)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6678)	File: /run/systemd/seats/.#seat0JSZnq9
Source: /usr/lib/policykit-1/polkitd (PID: 6748)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6761)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6761)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6761)	File: /run/systemd/seats/.#seat0xRT9zs
Source: /lib/systemd/systemd-logind (PID: 6834)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6834)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6834)	File: /run/systemd/seats/.#seat0s7qafV
Source: /usr/lib/policykit-1/polkitd (PID: 6911)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 6924)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 6924)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 6924)	File: /run/systemd/seats/.#seat0vPCbNL
Source: /lib/systemd/systemd-logind (PID: 7004)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7004)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7004)	File: /run/systemd/seats/.#seat0aePTsN
Source: /usr/lib/policykit-1/polkitd (PID: 7074)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7085)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7085)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7085)	File: /run/systemd/seats/.#seat05xQC1T
Source: /lib/systemd/systemd-logind (PID: 7162)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7162)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7162)	File: /run/systemd/seats/.#seat0GwylUJ
Source: /usr/lib/policykit-1/polkitd (PID: 7237)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7245)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7245)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7245)	File: /run/systemd/seats/.#seat0QOi8K0
Source: /lib/systemd/systemd-logind (PID: 7313)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7313)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7313)	File: /run/systemd/seats/.#seat0etLB08
Source: /usr/lib/policykit-1/polkitd (PID: 7380)	Directory: /root/.cache
Source: /lib/systemd/systemd-logind (PID: 7392)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7392)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7392)	File: /run/systemd/seats/.#seat0dCOCXa
Source: /lib/systemd/systemd-logind (PID: 7470)	Directory: <invalid fd (18)>/..
Source: /lib/systemd/systemd-logind (PID: 7470)	Directory: <invalid fd (17)>/..
Source: /lib/systemd/systemd-logind (PID: 7470)	File: /run/systemd/seats/.#seat0iAJtt4

Enumerates processes within the "proc" file system

Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6351/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6351/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5386/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5386/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/230/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/230/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/110/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/110/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/231/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/231/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/111/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/111/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/232/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/232/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/112/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/112/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/233/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/233/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/113/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/113/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/234/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/234/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/114/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/114/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/235/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/235/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/115/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/115/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/236/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/236/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/116/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/116/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/237/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/237/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/117/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/117/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/238/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/238/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/118/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/118/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/239/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/239/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/119/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/119/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6347/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/6347/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/10/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/10/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/11/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/11/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/12/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/12/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/13/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/13/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/14/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/14/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/15/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/15/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/16/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/16/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/17/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/17/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/18/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/18/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/19/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/19/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/240/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/240/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/120/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/120/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/241/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/241/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/121/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/121/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/242/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/242/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/1/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/1/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/122/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/122/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/243/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/243/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/2/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/2/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/123/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/123/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/244/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/244/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/3/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/3/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/124/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/124/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/245/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/245/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/125/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/125/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/4/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/4/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/246/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/246/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/126/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/126/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/5/cmdline
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/247/status
Source: /usr/bin/pkill (PID: 6351)	File opened: /proc/247/cmdline

Executes commands using a shell command-line interpreter

Source: /usr/bin/gpu-manager (PID: 5789)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5791)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5793)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5798)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5803)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5808)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5810)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5812)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5887)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5891)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5894)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5958)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5963)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5965)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5967)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 5969)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6193)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6195)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6198)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6262)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6264)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6269)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6273)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6276)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6494)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6499)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6501)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6503)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6506)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6571)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6574)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6582)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6659)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6665)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6667)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6669)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6671)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6673)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6738)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6743)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6821)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6826)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6828)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6894)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6897)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6902)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6904)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6906)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6987)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6989)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6991)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6994)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 6997)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7000)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7063)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7068)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7150)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7152)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7154)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7158)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7220)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7226)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7228)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7230)	Shell command executed: sh -c "grep -G \"^blacklist.nouveau[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7452)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7457)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7459)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /etc/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7462)	Shell command executed: sh -c "grep -G \"^blacklist.radeon[[:space:]]$\" /lib/modprobe.d/*.conf"
Source: /usr/bin/gpu-manager (PID: 7466)	Shell command executed: sh -c "grep -G \"^blacklist.amdgpu[[:space:]]$\" /etc/modprobe.d/*.conf"

Executes the "grep" command used to find patterns in files or piped streams

Source: /bin/sh (PID: 5790)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5792)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5796)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5799)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5804)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5809)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5811)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf	Jump to behavior
Source: /bin/sh (PID: 5813)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf	Jump to behavior
Source: /bin/sh (PID: 5890)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5893)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5896)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5959)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5964)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5966)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 5968)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 5970)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6194)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6196)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6200)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6263)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6268)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6270)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6274)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6277)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6495)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6500)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6502)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6504)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6507)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6572)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6576)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6583)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6660)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6666)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6668)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6670)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6672)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6674)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6742)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6744)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6825)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6827)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6830)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6896)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6898)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6903)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6905)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6907)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6988)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6990)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6992)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 6995)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 6999)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7001)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7064)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7071)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7151)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7153)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7156)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7159)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7222)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7227)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7229)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7231)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nouveau[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7456)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7458)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.nvidia[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7460)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
Source: /bin/sh (PID: 7463)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.radeon[[:space:]]$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf
Source: /bin/sh (PID: 7467)	Grep executable: /usr/bin/grep -> grep -G ^blacklist.amdgpu[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Executes the "kill" or "pkill" command typically used to terminate processes

Source: /usr/share/gdm/generate-config (PID: 5817)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6044)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6351)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6592)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6755)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 6916)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7079)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service
Source: /usr/share/gdm/generate-config (PID: 7303)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service

Executes the "rm" command used to delete files or directories

Source: /usr/bin/xfce4-session (PID: 5560)	Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4	Jump to behavior
Source: /usr/bin/dash (PID: 5592)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lZmJG0mnDS /tmp/tmp.otyViNTUvj /tmp/tmp.xKqzJz0iCi	Jump to behavior
Source: /usr/bin/dash (PID: 5593)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.lZmJG0mnDS /tmp/tmp.otyViNTUvj /tmp/tmp.xKqzJz0iCi	Jump to behavior

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5652)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 5892)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 5980)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6048)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6124)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6197)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6284)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6354)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6430)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6508)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6594)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6675)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6757)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6829)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6920)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 6993)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7081)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7155)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7241)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7309)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7388)	Reads from proc file: /proc/meminfo
Source: /lib/systemd/systemd-journald (PID: 7461)	Reads from proc file: /proc/meminfo

Reads system version information

Source: /sbin/agetty (PID: 5721)

Reads version info: /etc/issue

Jump to behavior

Source: /usr/sbin/rsyslogd (PID: 5646)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 5646)	Log file created: /var/log/auth.log	Jump to dropped file
Source: /usr/sbin/rsyslogd (PID: 5724)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5785)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5823)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 5886)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 5895)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6042)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6110)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6185)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6192)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6260)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6346)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6416)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6491)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6493)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6573)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6655)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6658)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6736)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6819)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6820)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 6895)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 6981)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 6986)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 7061)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7142)	Log file created: /var/log/kern.log
Source: /usr/bin/gpu-manager (PID: 7147)	Log file created: /var/log/gpu-manager.log
Source: /usr/sbin/rsyslogd (PID: 7219)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7305)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7373)	Log file created: /var/log/kern.log
Source: /usr/sbin/rsyslogd (PID: 7450)	Log file created: /var/log/kern.log	Jump to dropped file
Source: /usr/bin/gpu-manager (PID: 7451)	Log file created: /var/log/gpu-manager.log	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/jfeeps.elf (PID: 5451)

Log files deleted: /var/log/kern.log

Jump to behavior

Sample deletes itself

Source: /tmp/jfeeps.elf (PID: 5445)

File: /tmp/jfeeps.elf

Jump to behavior

Deletes log files

Source: /usr/bin/gpu-manager (PID: 5785)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5886)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6192)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6493)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6658)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6820)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 6986)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7147)	Truncated file: /var/log/gpu-manager.log
Source: /usr/bin/gpu-manager (PID: 7451)	Truncated file: /var/log/gpu-manager.log

Reads CPU information from /sys indicative of miner or evasive malware

Source: /usr/bin/pulseaudio (PID: 5647)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5817)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6044)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6351)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 6575)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6592)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 6755)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7079)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 7303)	Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pulseaudio (PID: 7372)	Reads CPU info from /sys: /sys/devices/system/cpu/online

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/jfeeps.elf (PID: 5441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5458)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5459)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5460)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5523)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5559)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5590)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5608)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5609)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5610)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5646)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5647)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5652)	Queries kernel information via 'uname':	Jump to behavior
Source: /sbin/agetty (PID: 5721)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5724)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5725)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5785)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5820)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 5823)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 5886)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 5892)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 5895)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 5980)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6042)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6048)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6110)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6124)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6185)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6192)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6197)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6260)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6284)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6346)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6354)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6416)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6430)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6491)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6493)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6508)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6573)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 6575)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6594)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6655)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6658)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6675)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6736)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6757)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6819)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6820)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6829)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6895)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6920)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 6981)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 6986)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 6993)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7061)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7081)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7142)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7147)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7155)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7219)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7241)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7305)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7309)	Queries kernel information via 'uname':
Source: /usr/bin/pulseaudio (PID: 7372)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7373)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7388)	Queries kernel information via 'uname':
Source: /usr/sbin/rsyslogd (PID: 7450)	Queries kernel information via 'uname':
Source: /usr/bin/gpu-manager (PID: 7451)	Queries kernel information via 'uname':
Source: /lib/systemd/systemd-journald (PID: 7461)	Queries kernel information via 'uname':

Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware1a
Source: jfeeps.elf, 5441.1.000055e6697b0000.000055e669837000.rw-.sdmp, jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U1/tmp/vmware-root_727-4290690966!
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: 8/var/lib/vmwareHU H\
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_727-4290690966
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.ZPECcC\
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth/aliasStore
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: 8/var/lib/vmware
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuthP4/var/lib/NetworkManagerH
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth0
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware/VGAuth`
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/var/lib/vmware
Source: jfeeps.elf, 5441.1.000055e6697b0000.000055e669837000.rw-.sdmp, jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: (/var/lib/vmware/VGAuth/aliasStore
Source: jfeeps.elf, 5451.1.00007ffaa4473000.00007ffaa4481000.rw-.sdmp	Binary or memory string: $/tmp/vmware-root_727-4290690966
Source: jfeeps.elf, 5451.1.000055e6697b0000.000055e669837000.rw-.sdmp	Binary or memory string: U!/var/lib/vmware/VGAuth
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.ZPECcC
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: 6x86_64/usr/bin/qemu-mips/tmp/jfeeps.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/jfeeps.elf
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: /var/lib/vmware/VGAuth
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: /mips/var/lib/vmware/VGAuth
Source: jfeeps.elf, 5451.1.00007ffaa4481000.00007ffaa468f000.rw-.sdmp	Binary or memory string: P/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovf$/tmp/vmware-root_727-4290690966X/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-systemd-logind.service-WfFmsi4/tmp/hsperfdata_root
Source: jfeeps.elf	Binary or memory string: /lib/systemd//usr/lib/systemd/system/system/bin//gm/bin//home/process//home/helper/home/davinci/z/bin//mnt/mtd//tmp/sqfs//usr/libexec//usr/sbin//z/zbin//usr/bin/bin//tmp/var/mnt/root/boot/home/dev/media/opt/../(deleted)x86armmipsmpslsh4wgetcurllynxftpftpgettftpscpaflaaarsyncpfclamscanreadelfizsnapstracelsofgdbpmapltraceptracewiresharktsharktcpdumpnetstatssnmaphping3tracerouteiptablesnftfirewalldauditctlselinuxapparmoraptdnfyumzypperpacmanemergebrewportnanovimvinvimgeditkateemacspkillkillallkillsystemctlnohuppythonpython3perlrubyluanodebashshkshzshfishvolatilitychkrootkitrkhunterradare2binwalkdockerpodmanlxcqemuvirshvboxmanagemountumountdfdulsblkblkidmkfsfdiskpartedobjdumpstringsxxdhexdumpncnetcatsocatjournalctldmesglogcattaillessgrepawksedtmuxA
Source: jfeeps.elf, 5441.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp, jfeeps.elf, 5451.1.00007ffeaad59000.00007ffeaad7a000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op
Source: jfeeps.elf, 5451.1.000055e669837000.000055e66985a000.rw-.sdmp	Binary or memory string: 1/var/lib/vmware/VGAuth/aliasStoreQ/var/lib/systemd/deb-systemd-helper-enabled/cloud-init.target.wantsetooQ/var/lib/systemd/deb-systemd-helper-enabled/rescue.target.wants/cloud-iA/var/lib/cloud/instances/iid-datasource-none@

ID:	1649552
Product:	CloudBasic
Start time:	22:13:20
Start date:	26.03.2025
Sample:	jfeeps.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	88cbe6f27549d7c2e614554e8871c9f2
SHA1:	90485d661ecae0b20f830f01d8f1ea648970405d
SHA256:	34251dd18c7736c125dcadccb793c41fd4df16029ea5846e248ebabd370cfd33
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
jfeeps.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report jfeeps.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Bitcoin Miner

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
jfeeps.elf